This page describes the Data Security metrics that are available for your database providers. 

Supported Structured Data Stores (Databases)

List of data stores and entities that Data Security supports:

Name 

Data Store Type 

Entity

Module Version

Snowflake 

Database Database Data Security

Prerequisites To Create and Edit Snowflake Connections

This section lists the queries you need to run in order to onboard Snowflake SQL connections.

You must enable read access to database tables to view PII (Personal Identifiable Information) classification. Only the ACCOUNTADMIN can run the queries:

  • CREATE WAREHOUSE IF NOT EXISTS <<WAREHOUSE_NAME>>
    CODE 
  • CREATE ROLE IF NOT EXISTS <<ROLE_NAME>>;
    CODE 
  • CREATE USER IF NOT EXISTS <<USER_NAME>> PASSWORD='<PASSWORD>' DEFAULT_WAREHOUSE = '<WAREHOUSE_NAME>' DEFAULT_ROLE = '<ROLE>' FIRST_NAME = '<FNAME>' LAST_NAME = '<LNAME>' EMAIL = '<Email_Address>';
    CODE 
  • GRANT ROLE <<ROLE_NAME>> TO USER <<USER_NAME>>
    CODE 
  • GRANT IMPORTED PRIVILEGES ON DATABASE "SNOWFLAKE" TO ROLE <<ROLE_NAME>>;
    CODE 
  • GRANT USAGE, OPERATE ON WAREHOUSE <<WAREHOUSE_NAME>> TO ROLE <<ROLE_NAME>>;
    CODE

Create and Edit Data Connections

  1. Navigate to Cisco Secure Application > Configure.  

  2. Select Database Providers. 

  3. Click Create and enter the following:

    1. Connection Name 

    2. User Name 

    3. Password 

    4. Role 

    5. Organization 

    6. Account Name 

    7. Warehouse Name 

    8. (Optional) Add list of database schemas to monitor. 

    9. (Optional) Enable PII (Personal Identifiable Information) Classification. 

      To enable this, you must grant read access to database tables. 

  4. Click Create

  1. Navigate to Cisco Secure Application > Configure.  
  2. Select Database Providers.
  3. Click the Connection name, then click the edit icon. 
  4. Edit the data connection.
  5. Click Save


Navigate Database Providers

On the Cisco Secure Application > Database Providers page, you can view these details: 

  • Security risk: These are the three statuses for a business risk: Normal, Warning, Critical. 
  • Name: The name of the database. 
  • Cloud provider: The third-party cloud provider. 
  • Region: The areas and zones of the database. 

Overview UI Screenshot

When you click on the name of a specific database provider, you can view these details: 

  • Overview: 
    • Database Provider 
    • Database Type 
    • Cloud Provider 
    • Region 
    • Organization 
    • Account 

  • Alerts:

    • Severity

    • Status

    • Category

    • Start Time
    • Affected Entity
    • Description 
  • Database Tables:

    • Security Risk

    • Table Name
    • Database Name
    • Schema Name
    • PII (Personal Identifiable Information) Category
    • Last Update Time
  • Database Users:

    • Security Risk

    • User Name
    • Roles
    • Last Activity Time
  • Database Clients:

    • Security Risk

    • Driver Name
    • CVE List
    • Last Activity Time

Overview UI Screenshot