This article explains connecting Snowflake to Workbench.
Note
When the system runs queries and receives data, it consumes CU (compute units). The system also consumes CU for periodic event polling.
CU have a monetary value assigned to them. The number of CU that are consumed depends on your organization's size and user activity. The cost can get high for a robust environment. To control the cost of consuming CU, you can set the warehouse to auto-suspend after 1 minute of inactivity. We can also reduce our polling frequency, which can reduce consumed CU.
In this article
- Before you start
- Step 1: Enable console access
- Step 2: Configure the technology in Workbench
- Viewing security device details
Before you start
Make sure you have the following available to you:
-
An account with sufficient permissions to perform the tasks detailed in this article. This guide was tested using the default ACCOUNTADMIN role.
-
The ability to run SQL queries.
-
Access to the openssl command line tool.
Step 1: Enable console access
-
Log in to the Snowflake console and navigate to Admin > Warehouses. Create a new warehouse and name it Expel_warehouse. Click Create Warehouse.
-
Navigate to Admin > Users&Roles > Roles and create a new role named EXPELROLE. Click Create Role.
-
In SnowSQL CLI, grant the SECURITY_VIEWER role the EXPELROLE with the following command:
GRANT DATABASE ROLE SNOWFLAKE.SECURITY_VIEWER TO ROLE EXPELROLE
This command allows Expel to retrieve events from the following views:SNOWFLAKE.ACCOUNT_USAGE.LOGIN_HISTORY
SNOWFLAKE.ACCOUNT_USAGE.GRANTS_TO_ROLES
SNOWFLAKE.ACCOUNT_USAGE.GRANTS_TO_USERS
-
Navigate to Admin > Users&Roles > Users and create a new user named EXPEL_INTEGRATION. Set the Default Role to EXPELROLE and the Default Warehouse to EXPEL_WAREHOUSE.
-
Click Save User.
-
In the openSSL command line, generate an encrypted RSA private key. You’re prompted to type a passphrase.
$ openssl genrsa 2048 | openssl pkcs8 -topk8 -v2 des3 -inform PEM -out rsa_key.p8
Note
Write down the passphrase because you need it later in this article. -
Generate the corresponding public key using the following command:
$ openssl rsa -in rsa_key.p8 -pubout -out rsa_key.pub
-
In Snowflake, use the following SQL statement to attach the public key from the previous step to the Expel user. See the Snowflake documentation for more information.
ALTER USER EXPEL_INTEGRATION SET RSA_PUBLIC_KEY='MIIBI...';
-
Navigate to Admin > Warehouses and transfer the ownership of EXPEL_WAREHOUSE to the EXPELROLE.
-
Determine the account identifier. It usually has the following format:
orgname-account_name
. It's typically in the URL you use to log in. Detailed instructions can be found here.
Step 2: Configure the technology in Workbench
-
Log into https://workbench.expel.io/settings/security-devices?setupIntegration=snowflake. The Add Security Device screen for Snowflake appears.
-
Fill out the fields like this:
-
Name: Expel.
-
Location: the location of your server.
-
Username: EXPEL_INTEGRATION.
-
Account: the org name from the account identifier (URL).
-
Private key: the generated private key.
-
Passphrase: the passphrase you used while generating the key.
-
Warehouse name: EXPEL_WAREHOUSE.
-
-
Your device is now connected. To check device health, follow the Viewing security device details instructions below.
After your devices are connected to Workbench, you can view details about them. To open the device details, click Organization Settings > Security Devices. Locate the device you want more details for. Click the arrow next to the name and click View details.
The side panel that appears looks like this:
The side panel contains the following sections:
-
Device Health: you see an Alerts Analysis dashboard snapshot for the selected device along with the device’s health status, connection, data, and alerts data. This at-a-glance information lets you stay on top of the device and what it's doing.
-
Information: you see general device data, including the device name, location, GUID, and so on. These are the data points associated with creating or editing a device.
-
History: you see the history of changes in health status or edits made by a Workbench user. You know what changed, who made the change, and when.
In these sections you can click buttons to copy information or go directly to other areas in Workbench. Additionally, we include tool tips to help you understand what you're seeing.
In the side panel, you can edit the selected device by clicking Edit Device. You can also navigate to the previous or next device in the list by clicking the arrows.