Getting started with the Trust Center¶
This topic describes how you can use the Trust Center to check for common security risks in your Snowflake account, and get recommendations on how to remediate those risks.
Enable the CIS Benchmarks scanner package¶
Sign in to Snowsight.
Switch to a role with the requirements to access the Trust Center
In the navigation menu, select Monitoring » Trust Center.
Select a warehouse.
Select Scanner Packages.
Select CIS Benchmarks.
Select Enable and then Continue.
Enable the Threat Intelligence scanner package¶
Sign in to Snowsight.
Switch to a role with the requirements to access the Trust Center.
In the navigation menu, select Monitoring » Trust Center.
Select a warehouse.
Select Scanner Packages.
Select Threat Intelligence.
Select Enable and then Continue.
Ensure multi-factor authentication (MFA) is enforced for all human users using password-based authentication¶
Sign in to Snowsight.
Switch to a role with the requirements to access the Trust Center
In the navigation menu, select Monitoring » Trust Center.
Ensure you have enabled the CIS Benchmarks scanner package.
Select Findings.
Select Search.
Search for
multi-factor authentication
.Under the Violation column, select
Ensure multi-factor authentication (MFA) is turned on for all human users with password-based authentication
.A side panel opens.
In the side panel, under Remediation, follow the guide.
Find over-privileged roles¶
Sign in to Snowsight.
Switch to a role with the requirements to access the Trust Center
In the navigation menu, select Monitoring » Trust Center.
Ensure you have enabled the CIS Benchmarks scanner package.
Select Findings.
Select Search.
Search for
snowflake tasks
.Under the Violation column, select
Ensure that Snowflake tasks do not run with the ACCOUNTADMIN or SECURITYADMIN role privileges
.A side panel opens.
In the side panel, under Remediation, follow the guide.
Ensure the amount of users with the ACCOUNTADMIN and SECURITYADMIN system roles is limited¶
Sign in to Snowsight.
Switch to a role with the requirements to access the Trust Center
In the navigation menu, select Monitoring » Trust Center.
Ensure you have enabled the CIS Benchmarks scanner package.
Select Findings.
Select Search.
Search for
limit the number of users
.Under the Violation column, select
Limit the number of users with ACCOUNTADMIN and SECURITYADMIN
.A side panel opens.
In the side panel, under Remediation, follow the guide.
Find users who have not logged in for 90 days¶
Sign in to Snowsight.
Switch to a role with the requirements to access the Trust Center
In the navigation menu, select Monitoring » Trust Center.
Ensure you have enabled the CIS Benchmarks scanner package.
Select Findings.
Select Search.
Search for
did not log in
.Under the Violation column, select
Ensure that users who did not log in for 90 days are disabled
.A side panel opens.
In the side panel, under Remediation, follow the guide.
Find risky users and mitigate authentication risks¶
Sign in to Snowsight.
Switch to a role with the requirements to access the Trust Center.
In the navigation menu, select Monitoring » Trust Center.
Ensure you have enabled the Threat Intelligence scanner package.
Search for
enforced for all human users
.Under the Violation column, select
Ensure MFA is enforced for all human users, and network policies are set on all users
.A side panel opens.
In the side panel, under Remediation, follow the guide.
For more information, see the following resources:
How Organizations Can Use Snowflake To Move Beyond A Password-Only Sign-in Process (Whitepaper)
Best Practices to Mitigate the Risk of Credential Compromise (Video) (https://youtu.be/XT16HYfaRzg?si=lojzoYbxpioxJcCF)