Vendor: Snowflake
April 15, 2026 · View on GitHub
Product: Snowflake
| Rules | Models | MITRE ATT&CK® TTPs | Activity Types | Parsers |
|---|---|---|---|---|
| 18 | 10 | 1 | 2 | 4 |
| Use-Case | Activity Types/Parsers | MITRE ATT&CK® TTP | Content |
|---|---|---|---|
| Compromised Credentials | database-login ↳snowflake-s-sk4-database-login-success-login ↳snowflake-s-kv-database-login-success-login ↳snowflake-s-sk4-database-login-success-login-1 ↳snowflake-s-csv-app-login-loginhistory database-query ↳snowflake-s-sk4-database-query-success-queryhistory ↳snowflake-s-kv-database-query-success-databasequery | T1213 - Data from Information Repositories |
|
| Data Access | database-login ↳snowflake-s-sk4-database-login-success-login ↳snowflake-s-kv-database-login-success-login ↳snowflake-s-sk4-database-login-success-login-1 ↳snowflake-s-csv-app-login-loginhistory database-query ↳snowflake-s-sk4-database-query-success-queryhistory ↳snowflake-s-kv-database-query-success-databasequery | T1213 - Data from Information Repositories |
|
MITRE ATT&CK® Framework for Enterprise
| Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|
| Data from Information Repositories |