From 410fc39373b62b41d4a8ea6c566dbcc30b6812e5 Mon Sep 17 00:00:00 2001 From: Amee Lepcha Date: Fri, 20 Jun 2025 14:04:10 +0530 Subject: [PATCH 1/4] Update cid-redirects.json --- cid-redirects.json | 1 + 1 file changed, 1 insertion(+) diff --git a/cid-redirects.json b/cid-redirects.json index fbbb0da4db..5a6719bb75 100644 --- a/cid-redirects.json +++ b/cid-redirects.json @@ -1649,6 +1649,7 @@ "/cid/6028": "/docs/integrations/saas-cloud/bitwarden", "/cid/6029": "/docs/integrations/saas-cloud/kaltura", "/cid/6030": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/snowflake-logs-source", + "/cid/6031": "/docs/integrations/saas-cloud/snowflake-logs", "/cid/10112": "/docs/integrations/app-development/jfrog-xray", "/cid/10113": "/docs/observability/root-cause-explorer-deprecation", "/cid/10116": "/docs/manage/fields", From 8636ca6a280eaac4e47844f29a00110d0d72202f Mon Sep 17 00:00:00 2001 From: Amee Lepcha Date: Fri, 20 Jun 2025 15:46:40 +0530 Subject: [PATCH 2/4] Snowflake Logs (apps) --- blog-service/2025-06-20-apps.md | 10 + .../product-list/product-list-m-z.md | 2 +- docs/integrations/saas-cloud/index.md | 6 + .../integrations/saas-cloud/snowflake-logs.md | 240 ++++++++++++++++++ sidebars.ts | 1 + 5 files changed, 258 insertions(+), 1 deletion(-) create mode 100644 blog-service/2025-06-20-apps.md create mode 100644 docs/integrations/saas-cloud/snowflake-logs.md diff --git a/blog-service/2025-06-20-apps.md b/blog-service/2025-06-20-apps.md new file mode 100644 index 0000000000..9561e01fc0 --- /dev/null +++ b/blog-service/2025-06-20-apps.md @@ -0,0 +1,10 @@ +--- +title: Snowflake Logs (Apps) +image: https://help.sumologic.com/img/sumo-square.png +keywords: + - apps + - snowflake-logs +hide_table_of_contents: true +--- + +We're excited to introduce the new Snowflake Logs app for Sumo Logic. This app enables you to gain real-time insights into key metrics, query performance, and overall health of the Snowflake environments to optimize operations, support informed decisions, and maximize Snowflake's potential. [Learn more](/docs/integrations/saas-cloud/snowflake-logs). diff --git a/docs/integrations/product-list/product-list-m-z.md b/docs/integrations/product-list/product-list-m-z.md index d20c1f51e3..5fc1403999 100644 --- a/docs/integrations/product-list/product-list-m-z.md +++ b/docs/integrations/product-list/product-list-m-z.md @@ -145,7 +145,7 @@ For descriptions of the different types of integrations Sumo Logic offers, see [ | Thumbnail icon | [Slack](https://slack.com/) | App: [Slack](/docs/integrations/saas-cloud/slack/)
Automation integration: [Slack](/docs/platform-services/automation-service/app-central/integrations/slack/)
Cloud SIEM integration: [Slack](https://github.com/SumoLogic/cloud-siem-content-catalog/blob/master/vendors/c93d9bf6-0a88-49fc-aebb-ac7b2ea6792c.md)
Collector: [Slack Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/slack-source/)
Webhook: [Webhook Connection for Slack](/docs/alerts/webhook-connections/slack/) | | Thumbnail icon | [Smartsheet](https://www.smartsheet.com/) | Collector: [Smartsheet Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/smartsheet-source) | | Thumbnail icon | [Snare](https://www.snaresolutions.com/) | Cloud SIEM integration: [Intersect Alliance](https://github.com/SumoLogic/cloud-siem-content-catalog/blob/master/vendors/005c835d-f067-4147-9da9-fe4d2691247e.md) | -| Thumbnail icon | [Snowflake](https://www.snowflake.com/en/) | Cloud SIEM integration: [Snowflake](https://github.com/SumoLogic/cloud-siem-content-catalog/blob/master/vendors/5541f59d-e27d-48e6-a35c-34fb75e9cf13.md)
Collector:
- [Snowflake Logs](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/snowflake-logs-source)
- [Snowflake SQL API Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/snowflake-sql-api-source) | +| Thumbnail icon | [Snowflake](https://www.snowflake.com/en/) | App: [Snowflake Logs](/docs/integrations/saas-cloud/snowflake-logs/)
Cloud SIEM integration: [Snowflake](https://github.com/SumoLogic/cloud-siem-content-catalog/blob/master/vendors/5541f59d-e27d-48e6-a35c-34fb75e9cf13.md)
Collector:
- [Snowflake Logs](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/snowflake-logs-source)
- [Snowflake SQL API Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/snowflake-sql-api-source) | | Thumbnail icon | [Snyk](https://snyk.io/) | App: [Snyk](/docs/integrations/webhooks/snyk)
Automation integration: [Snyk](/docs/platform-services/automation-service/app-central/integrations/snyk/) | | Thumbnail icon | [SOCRadar](https://socradar.io/) | Automation integration: [SOCRadar](/docs/platform-services/automation-service/app-central/integrations/socradar/) | | Thumbnail icon | [SonicWall](https://www.sonicwall.com/) | Automation integration: [SonicWall](/docs/platform-services/automation-service/app-central/integrations/sonicwall/) | diff --git a/docs/integrations/saas-cloud/index.md b/docs/integrations/saas-cloud/index.md index ca98b2a7f0..a160f92fa9 100644 --- a/docs/integrations/saas-cloud/index.md +++ b/docs/integrations/saas-cloud/index.md @@ -348,6 +348,12 @@ Learn about the Sumo Logic apps for SaaS and Cloud applications.
icon

Slack

 +

Monitor the key metrics, query performance, and overall health of Snowflake environments to optimize Snowflake's potential.

+
+
+
+
+ icon

Snowflake Logs

Monitor analytics for your Slack users, channels, and access logs for workspaces.

diff --git a/docs/integrations/saas-cloud/snowflake-logs.md b/docs/integrations/saas-cloud/snowflake-logs.md new file mode 100644 index 0000000000..6c61ccfca4 --- /dev/null +++ b/docs/integrations/saas-cloud/snowflake-logs.md @@ -0,0 +1,240 @@ +--- +id: snowflake-logs +title: Snowflake Logs +sidebar_label: Snowflake Logs +description: The Sumo Logic app for Snowflake Logs allows you to gain real-time insights into key metrics, query performance, and overall health of Snowflake environments to optimize operations, support informed decisions, and maximize Snowflake's potential. +--- + +import useBaseUrl from '@docusaurus/useBaseUrl'; + +Thumbnail icon + +The Sumo Logic app for Snowflake Logs offers a powerful analytics solution designed to help you fully leverage the Snowflake cloud data platform. Known for its scalability and advanced data warehousing capabilities and analytics, Snowflake supports data-driven decision-making at scale. + +The app provides real-time visibility into key metrics, query performance, and the overall health of Snowflake environments. By analyzing Snowflake logs, you can monitor system performance, track login activity, optimize data management, and maintain better control over your data warehouse. + +With centralized monitoring and actionable insights, the app enables you to streamline operations, make informed decisions, and maximize the value of their Snowflake data assets. + +:::info +This app includes [built-in monitors](#snowflake-logs-monitors). For details on creating custom monitors, refer to the [Create monitors for Snowflake Logs app](#create-monitors-for-snowflake-logs-app). +::: + +## Log types + +This app uses Sumo Logic’s [Snowflake Logs Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/snowflake-logs-source/) to collect the data from the Snowflake Logs platform. + +### Sample log messages + +
+LOGIN_HISTORY + +```json +{ + "CLIENT_IP": "52.44.184.81", + "CLIENT_PRIVATE_LINK_ID": null, + "CONNECTION": null, + "ERROR_CODE": null, + "ERROR_MESSAGE": null, + "EVENT_ID": "1023469238922246", + "EVENT_TIMESTAMP": "2025-06-12T01:14:02.745-04:00", + "EVENT_TYPE": "LOGIN", + "FIRST_AUTHENTICATION_FACTOR": "SAML2_ASSERTION", + "IS_SUCCESS": "YES", + "RELATED_EVENT_ID": "0", + "REPORTED_CLIENT_TYPE": "SNOWFLAKE_UI", + "REPORTED_CLIENT_VERSION": "9.15.2", + "SECOND_AUTHENTICATION_FACTOR": "DUO_PUSH", + "USER_NAME": "John" +} +``` +
+ +
+SESSIONS + +```json +{ + "AUTHENTICATION_METHOD":"Password", + "CLIENT_APPLICATION_ID":"Go 1.14.0", + "CLIENT_APPLICATION_VERSION":"1.14.0", + "CLIENT_BUILD_ID":"", +"CLIENT_ENVIRONMENT":"{\"APPLICATION\":\"Go\",\"OS\":\"linux\",\"OS_VERSION\":\"gc-amd64\",\"OCSP_MODE\":\"FAIL_OPEN\",\"GO_VERSION\":\"go1.23.9 X:boringcrypto\"}", + "CLIENT_VERSION":"0", + "CLOSED_REASON":"LOGOUT", + "CREATED_ON":"2025-06-12T01:59:56.812-07:00", + "LOGIN_EVENT_ID":"41338407433", + "SESSION_ID":"2709153701236758", + "USER_NAME":"JOhn" +} +``` +
+ +
+STAGES + +```json +{ + "COMMENT": null, + "CREATED": "2025-06-12T03:37:20.787-04:00", + "DELETED": "2025-06-12T03:42:25.544-04:00", + "DIRECTORY_ENABLED": null, + "ENDPOINT": null, + "INSTANCE_ID": null, + "LAST_ALTERED": "2025-06-12T03:42:25.544-04:00", + "OWNER_ROLE_TYPE": null, + "STAGE_CATALOG": "CDWQA", + "STAGE_CATALOG_ID": "46", + "STAGE_ID": "42409", + "STAGE_NAME": "dhgfak", + "STAGE_OWNER": null, + "STAGE_REGION": null, + "STAGE_SCHEMA": "DVT", + "STAGE_SCHEMA_ID": "371", + "STAGE_TYPE": "Internal Named", + "STAGE_URL": null, + "STORAGE_INTEGRATION": null +} +``` +
+ +
+DATA_TRANSFER_HISTORY + +```json +{ + "BYTES_TRANSFERRED": 15562, + "END_TIME": "2025-06-12T01:00:00-04:00", + "SOURCE_CLOUD": "aws", + "SOURCE_REGION": "us-east", + "START_TIME": "2025-06-12T00:00:00-04:00", + "TARGET_CLOUD": "aws", + "TARGET_REGION": "us-west", + "TRANSFER_TYPE": "COPY" +} +``` +
+ +
+GRANTS_TO_USERS + +```json +{ + "CREATED_ON": "2025-06-12T09:44:40.468-04:00", + "DELETED_ON": null, + "GRANTED_BY": "JOHN", + "GRANTED_TO": "USER", + "GRANTEE_NAME": "SUMO", + "ROLE": "TESTER" +} +``` +
+ +### Sample queries + +```sql title="Users Login Over Time" +_sourceCategory="Labs/SnowflakeLogs" +| Json "REPORTED_CLIENT_TYPE", "USER_NAME", "FIRST_AUTHENTICATION_FACTOR", "SECOND_AUTHENTICATION_FACTOR", "AUTHENTICATION_METHOD", "SESSION_ID", "STAGE_ID", "STAGE_TYPE", "TRANSFER_TYPE", "CLIENT_IP", "CREATED_ON", "ROLE", "GRANTED_TO", "GRANTEE_NAME", "GRANTED_BY", "QUERY_TEXT", "QUERY_TYPE", "ROLE_NAME", "EXECUTION_STATUS", "EXECUTION_TIME" as client_type, user_name, first_authentication, second_authentication, authentication_method, session_id, stage_id, stage_type, data_transfer_type, ip_address, date, role, granted_to, grantee_name, granted_by, query_text, query_type, role_name, status, execution_time nodrop + +// global filters +| where isNull(stage_type) or stage_type matches "{{stage_type}}" +| where isNull(authentication_method) or authentication_method matches "{{authentication_method}}" +| where isNull(data_transfer_type) or data_transfer_type matches "{{data_transfer_type}}" +| where isNull(client_type) or client_type matches "{{client_type}}" +| where isNull(second_authentication) or second_authentication matches "{{2FA}}" + +// panel specific +| where !isNull(client_type) +| timeslice 1d +| count by user_name, _timeslice +| count as frequency by _timeslice +| fillmissing timeslice +``` + +```sql title="Breakdown by Session Closed Reason" +_sourceCategory="Labs/SnowflakeLogs" +| Json "AUTHENTICATION_METHOD", "SESSION_ID", "CLOSED_REASON", "TARGET_CLOUD", "SOURCE_CLOUD", "REPORTED_CLIENT_TYPE", "CLIENT_IP", "IS_SUCCESS", "USER_NAME", "ERROR_CODE", "ERROR_MESSAGE", "TRANSFER_TYPE", "SOURCE_REGION", "TARGET_REGION", "BYTES_TRANSFERRED" as authentication_method, session_id, session_closed_reason, target_cloud, source_cloud, client_type, ip_address, is_success, user_name, error_code, error_message, data_transfer_type, source_region, target_region, bytes_transferred nodrop + +// global filters +| where isNull(session_closed_reason) or session_closed_reason matches "{{session_closed_reason}}" +| where isNull(source_cloud) or source_cloud matches "{{source_cloud}}" +| where isNull(target_cloud) or target_cloud matches "{{target_cloud}}" +| where isNull(login_success) or login_success matches "{{login_success}}" + +// panel specific +| where !isNull(authentication_method) +| count by session_closed_reason, session_id +| count as frequency by session_closed_reason +| sort by frequency, session_closed_reason +``` + +## Collection configuration and app installation + +import CollectionConfiguration from '../../reuse/apps/collection-configuration.md'; + + + +:::important +Use the [Cloud-to-Cloud Integration for Snowflake Logs](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/snowflake-logs-source/) to create the source and use the same source category while installing the app. By following these steps, you can ensure that your Snowflake Logs app is properly integrated and configured to collect and analyze your Snowflake Logs data. +::: + +### Create a new collector and install the app + +import AppCollectionOPtion1 from '../../reuse/apps/app-collection-option-1.md'; + + + +### Use an existing collector and install the app + +import AppCollectionOPtion2 from '../../reuse/apps/app-collection-option-2.md'; + + + +### Use an existing source and install the app + +import AppCollectionOPtion3 from '../../reuse/apps/app-collection-option-3.md'; + + + +## Viewing Snowflake Logs dashboards + +import ViewDashboards from '../../reuse/apps/view-dashboards.md'; + + + +### Snowflake Logs - Overview + +The **Snowflake Logs - Overview** dashboard provides a comprehensive view of key metrics and operational insights within your Snowflake environment. It enables real-time monitoring of user activity, system performance, and data transfer trends, helping stakeholders better understand overall usage and behavior. +Key panels include Total Users, 2FA Enabled Users, Total Sessions, User Geolocation, and more, allowing you to track login activity, system utilization, and authentication patterns over time. By analyzing data by authentication methods, transfer types, and other factors, you can proactively manage resources, optimize processes, and improve operational efficiency. + +Entries Overview dashboard + +### Snowflake Logs - Security + +The **Snowflake Logs - Security** dashboard offers in-depth visibility into security-related activities and potential threats within your Snowflake environment. It highlights key events such as failed login attempts, data transfers, and geolocation-based login patterns. With metrics like Failed Login Summary, Data Transfer by Source Cloud Platform, and Transfers Over 1GB, the dashboard helps security teams identify anomalies, investigate incidents, and take proactive steps to mitigate risks effectively. + +Audits Overview dashboard + +## Create monitors for Snowflake Logs app + +import CreateMonitors from '../../reuse/apps/create-monitors.md'; + + + +### Snowflake Logs monitors + +| Name | Description | Trigger Type (Critical / Warning / MissingData) | Alert Condition | +|:--|:--|:--|:--| +| `Snowflake Logs - Data Transfer Limitation` | This alert is triggered when more than 1GB data transfer in single session occurs. | Critical | Count > 0 | +| `Snowflake Logs - Logins from Embargoed Geo Locations` | This alert is triggered when logins are detected from sanctioned or embargoed regions. This helps you maintain adherence to legal and regulatory standards. | Critical | Count > 0| + +## Upgrade/Downgrade the Snowflake Logs app (Optional) + +import AppUpdate from '../../reuse/apps/app-update.md'; + + + +## Uninstalling the Snowflake Logs app (Optional) + +import AppUninstall from '../../reuse/apps/app-uninstall.md'; + + \ No newline at end of file diff --git a/sidebars.ts b/sidebars.ts index 3b233a550d..b17872ce8f 100644 --- a/sidebars.ts +++ b/sidebars.ts @@ -2583,6 +2583,7 @@ integrations: [ 'integrations/saas-cloud/salesforce', 'integrations/saas-cloud/sentinelone', 'integrations/saas-cloud/slack', + 'integrations/saas-cloud/snowflake-logs', 'integrations/saas-cloud/sophos', 'integrations/saas-cloud/sumo-collection', 'integrations/saas-cloud/symantec-endpoint-security-service', From fc90fb70f23516da5b1793ccb5dafe57eb892533 Mon Sep 17 00:00:00 2001 From: Jagadisha V <129049263+JV0812@users.noreply.github.com> Date: Fri, 20 Jun 2025 17:02:09 +0530 Subject: [PATCH 3/4] Update snowflake-logs.md --- .../integrations/saas-cloud/snowflake-logs.md | 22 +++++++++---------- 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/docs/integrations/saas-cloud/snowflake-logs.md b/docs/integrations/saas-cloud/snowflake-logs.md index 6c61ccfca4..7570d15955 100644 --- a/docs/integrations/saas-cloud/snowflake-logs.md +++ b/docs/integrations/saas-cloud/snowflake-logs.md @@ -9,9 +9,7 @@ import useBaseUrl from '@docusaurus/useBaseUrl'; Thumbnail icon -The Sumo Logic app for Snowflake Logs offers a powerful analytics solution designed to help you fully leverage the Snowflake cloud data platform. Known for its scalability and advanced data warehousing capabilities and analytics, Snowflake supports data-driven decision-making at scale. - -The app provides real-time visibility into key metrics, query performance, and the overall health of Snowflake environments. By analyzing Snowflake logs, you can monitor system performance, track login activity, optimize data management, and maintain better control over your data warehouse. +The Sumo Logic app for Snowflake Logs offers a powerful analytics solution designed to help you fully leverage the Snowflake cloud data platform. Known for its scalability and advanced data warehousing capabilities and analytics, Snowflake supports data-driven decision-making at scale. This app provides real-time visibility into key metrics, query performance, and the overall health of Snowflake environments. By analyzing Snowflake logs, you can monitor system performance, track login activity, optimize data management, and maintain better control over your data warehouse. With centralized monitoring and actionable insights, the app enables you to streamline operations, make informed decisions, and maximize the value of their Snowflake data assets. @@ -26,7 +24,7 @@ This app uses Sumo Logic’s [Snowflake Logs Source](/docs/send-data/hosted-coll ### Sample log messages
-LOGIN_HISTORY +Login History ```json { @@ -50,7 +48,7 @@ This app uses Sumo Logic’s [Snowflake Logs Source](/docs/send-data/hosted-coll
-SESSIONS +Sessions ```json { @@ -70,7 +68,7 @@ This app uses Sumo Logic’s [Snowflake Logs Source](/docs/send-data/hosted-coll
-STAGES +Stages ```json { @@ -98,7 +96,7 @@ This app uses Sumo Logic’s [Snowflake Logs Source](/docs/send-data/hosted-coll
-DATA_TRANSFER_HISTORY +Data Transfer History ```json { @@ -115,7 +113,7 @@ This app uses Sumo Logic’s [Snowflake Logs Source](/docs/send-data/hosted-coll
-GRANTS_TO_USERS +Grants to User ```json { @@ -210,7 +208,7 @@ Key panels include Total Users, 2FA Enabled Users, Total Sessions, User Geolocat ### Snowflake Logs - Security -The **Snowflake Logs - Security** dashboard offers in-depth visibility into security-related activities and potential threats within your Snowflake environment. It highlights key events such as failed login attempts, data transfers, and geolocation-based login patterns. With metrics like Failed Login Summary, Data Transfer by Source Cloud Platform, and Transfers Over 1GB, the dashboard helps security teams identify anomalies, investigate incidents, and take proactive steps to mitigate risks effectively. +The **Snowflake Logs - Security** dashboard offers in-depth visibility into security-related activities and potential threats within your Snowflake environment. It highlights key events such as failed login attempts, data transfers, and geolocation-based login patterns. With metrics like Failed Login Summary, Data Transfer by Source Cloud Platform, and Transfers Over 1GB, helping security teams identify anomalies, investigate incidents, and take proactive steps to mitigate risks effectively. Audits Overview dashboard @@ -224,8 +222,8 @@ import CreateMonitors from '../../reuse/apps/create-monitors.md'; | Name | Description | Trigger Type (Critical / Warning / MissingData) | Alert Condition | |:--|:--|:--|:--| -| `Snowflake Logs - Data Transfer Limitation` | This alert is triggered when more than 1GB data transfer in single session occurs. | Critical | Count > 0 | -| `Snowflake Logs - Logins from Embargoed Geo Locations` | This alert is triggered when logins are detected from sanctioned or embargoed regions. This helps you maintain adherence to legal and regulatory standards. | Critical | Count > 0| +| `Snowflake Logs - Data Transfer Limitation` | This alert is triggered when more than 1GB data transfer occurs in single session. | Critical | Count > 0 | +| `Snowflake Logs - Logins from Embargoed Geo Locations` | This alert is triggered when logins are detected from sanctioned or embargoed regions, helping you to maintain adherence to legal and regulatory standards. | Critical | Count > 0| ## Upgrade/Downgrade the Snowflake Logs app (Optional) @@ -237,4 +235,4 @@ import AppUpdate from '../../reuse/apps/app-update.md'; import AppUninstall from '../../reuse/apps/app-uninstall.md'; - \ No newline at end of file + From 9e0b7d82e104d133ee2318681bb6a59fefaa34e3 Mon Sep 17 00:00:00 2001 From: Amee Lepcha Date: Fri, 20 Jun 2025 17:06:02 +0530 Subject: [PATCH 4/4] Update index.md --- docs/integrations/saas-cloud/index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/integrations/saas-cloud/index.md b/docs/integrations/saas-cloud/index.md index a160f92fa9..fb711a5ce6 100644 --- a/docs/integrations/saas-cloud/index.md +++ b/docs/integrations/saas-cloud/index.md @@ -348,13 +348,13 @@ Learn about the Sumo Logic apps for SaaS and Cloud applications.
icon

Slack

 -

Monitor the key metrics, query performance, and overall health of Snowflake environments to optimize Snowflake's potential.

+

Monitor analytics for your Slack users, channels, and access logs for workspaces.

icon

Snowflake Logs

 -

Monitor analytics for your Slack users, channels, and access logs for workspaces.

+

Monitor the key metrics, query performance, and overall health of Snowflake environments to optimize Snowflake's potential.