Snowflake

On this page

Snowflake is a Warehouse output connector. Connect to your Snowflake data warehouse to get all your vulnerability data in one place.

IP Allowlists

You might need to add the Monad IP range of 34.210.32.104/32 to your Snowflake allowlist, so Monad can connect to it.

Introduction

In this guide, you will learn how to seamlessly integrate your Snowflake warehouse into Monad (if you still don’t have a Snowflake account, you can create a free one with $400 in credits) - be sure to select “Enterprise” or “Business Critical” edition when signing up.

Editions matter

Our connector needs an “Enterprise” or “Business Critical” instance of Snowflake to operate.

This integration empowers you to centralize your security and environment data, unlocking your BI or SQL analytics tools, or SQL queries on it.

Configuring your Snowflake Environment

Create a Monad Warehouse, Database, Schema and Service Role

Check your access

You MUST have ACCOUNTADMIN privileges in snowflake to accomplish these steps.

Note

All object names (users, roles, databases, warehouses) in Snowflake are case-sensitive.

The easiest way to configure your Snowflake account to work with Monad is to use a worksheet from the Snowflake UI.
You can access Worksheets from the home screen when logging into Snowflake.

1. Open a Worksheet. Snowflake Worksheet

2. Copy + Paste the commands below into your worksheet.

CREATE WAREHOUSE MONAD_WH WITH WAREHOUSE_SIZE = 'XLARGE' WAREHOUSE_TYPE = 'STANDARD' AUTO_SUSPEND = 600 AUTO_RESUME = TRUE MIN_CLUSTER_COUNT = 1 MAX_CLUSTER_COUNT = 2 SCALING_POLICY = 'STANDARD';
CREATE DATABASE MONAD_DB;
CREATE ROLE MONAD_SERVICE_ROLE;    
CREATE SCHEMA MONAD_DB.MONAD_SCHEMA;
GRANT USAGE ON DATABASE MONAD_DB to role MONAD_SERVICE_ROLE;
GRANT CREATE SCHEMA ON DATABASE MONAD_DB to role MONAD_SERVICE_ROLE;
GRANT USAGE ON SCHEMA MONAD_DB.MONAD_SCHEMA to role MONAD_SERVICE_ROLE;
GRANT USAGE ON WAREHOUSE MONAD_WH to role MONAD_SERVICE_ROLE;
GRANT ALL PRIVILEGES ON SCHEMA MONAD_DB.MONAD_SCHEMA to role MONAD_SERVICE_ROLE;
GRANT CREATE INTEGRATION ON ACCOUNT TO ROLE MONAD_SERVICE_ROLE;
GRANT SELECT ON FUTURE TABLES IN DATABASE MONAD_DB to role ACCOUNTADMIN;
GRANT SELECT ON ALL TABLES IN DATABASE MONAD_DB to role ACCOUNTADMIN;

What do these commands do?

  • Create a warehouse and a database for monad to use
  • Create a user and role for Monad to use
  • Grant that role the appropriate permissions to the warehouse, database and schema
  • Allow the Monad service role the ability to create integrations
  • Allow your (ACCOUNTADMIN) role to select from the Monad tables

What if I want to use my existing DB / Schema?

Please contact us if you would like to use an existing DB/Schema for your export - the above commands create a specific DB / Schema for Monad exports.

3. Click the dropdown next to the play button in the upper right and select “Run All” (Or hit “ctrl”+”shift”+”enter”). snowflake create role

4. Wait until the commands have finished running before moving on to the next step. You should see a success status message.

Create your monad service user

1. Delete the text we pasted from step 3 above. You should have an empty worksheet

2. Copy + Paste the below commands into the now empty worksheet:

Note

In the create service user commands below:

  • Replace the email address with a valid one for your company.
  • Replace PASSWORD with a secure password you record for later use.
CREATE user "MONAD_SERVICE_USER" password = "PASSWORD" email = 'monadservice@example.com' DEFAULT_ROLE = 'MONAD_SERVICE_ROLE' DEFAULT_WAREHOUSE = 'MONAD_WH' must_change_password = false;
GRANT role MONAD_SERVICE_ROLE to user MONAD_SERVICE_USER;

What do these commands do?

  • Create a user called MONAD_SERVICE_USER with the email and password you choose (that’s why we ask you to replace those parts)

3. Run the command in your worksheet again (“Run All”, or “ctrl”+”shift”+”enter”). snowflake create service user

Finding your snowflake account identifier

Monad needs your snowflake account identifier to connect to Snowflake. To find your account identifier, do the following:

1. From your snowflake home page, locate your account button at the bottom left of the screen. snowflake account button

2. Click on your account. It should popup a section to the right with more account info.

3. Hover over the account name to see more info. snowflake account modal

4. Click on the copy account url button (chain link icon). snowflake copy account url

5. Remove the https:// and the .snowflakecomputing.com from the copied url.

Example replacement

https://pfb93600.prod3.us-west-2.aws.snowflakecomputing.com –> pfb93600.prod3.us-west-2.aws

6. The result is your account identifier (e.g. pfb93600.prod3.us-west-2.aws) - note it down for the next steps.

Setting up your Monad Connector

Snowflake is now configured to allow Monad access to write data. The following steps configure Monad to connect to Snowflake.

  1. Log in to your Monad account, and click Add connector.
  2. Select the Snowflake connector.
  3. Fill in the following fields:
  4. (Optional) - select your models to export
  5. Click Connect.

Sample Completed setup form:

Monad then tests the connection to Snowflake, and if successful, begins syncing data from your Monad account into your Snowflake warehouse.

Accessing and Verifying your Data

Now that you’re set up, it’s important to make sure all that hard work has paid off.
We’ll walk through how to verify that your data is flowing into Snowflake.

  1. From the Snowflake UI, choose the Databases tab.
  2. Verify that the MONAD_SCHEMA contains some tables (including but not limited to MART_FINDING, MART_SAST_FINDING, MART_MACHINE, CISA_KEV_VULNERABILITY etc)

Note that the exact tables that appear in your warehouse will vary based on your input connectors present.

If you see tables, you’re all set! If not, please reach out. We’re happy to help!

This page was last modified: 13 Oct 2023