Using the Trust Center¶
This topic describes how to use and navigate the Trust Center Snowsight interface.
Monitoring cost¶
The Trust Center incurs serverless compute cost when it scans your Snowflake environment for security vulnerabilities.
You can use cost-related views in the ACCOUNT_USAGE and ORGANIZATION_USAGE schemas to track the costs associated with the Trust Center. When
querying these views, filter on the service_type
column to find TRUST_CENTER
values.
View |
Schema |
|
Roles with required privileges |
---|---|---|---|
ACCOUNT_USAGE |
TRUST_CENTER |
|
|
ACCOUNT_USAGE |
TRUST_CENTER |
|
|
ORGANIZATION_USAGE |
TRUST_CENTER |
|
|
ORGANIZATION_USAGE |
TRUST_CENTER |
|
Example: View the total cost that the Trust Center incurred between December 1, 2024 and December 31, 2024.
SELECT
SUM(credits_used) AS total_credits
FROM snowflake.account_usage.metering_history
WHERE
service_type = 'TRUST_CENTER' AND
start_time >= '2024-12-01' AND
end_time <= '2024-12-31';
Example: View the daily cost that the Trust Center incurred after December 1, 2024.
SELECT
usage_date AS date,
credits_used AS credits
FROM snowflake.account_usage.metering_daily_history
WHERE
service_type = 'TRUST_CENTER' AND
date > '2024-12-01';
For information about how many credits are charged per Compute-Hour for the operation of the Trust Center, see Table 5 in the Snowflake Service Consumption Table.
Costs before December 1, 2024¶
Prior to December 1, 2024, serverless compute costs were not tracked with a service type in the cost-related views in the ACCOUNT_USAGE and ORGANIZATION_USAGE schemas. If you want the historical cost of using the Trust Center before December 1, 2024, you need to query the SERVERLESS_TASK_HISTORY view instead. For example, to view the cost that the Trust Center incurred between May 20, 2024 and May 22, 2024, you can execute the following SQL statement:
SELECT SUM(CREDITS_USED)
FROM snowflake.account_usage.serverless_task_history
WHERE
DATABASE_NAME = 'SNOWFLAKE' AND
SCHEMA_NAME = 'TRUST_CENTER_STATE' AND
START_TIME BETWEEN '2024-05-20 07:00:00.000 -0700' AND '2024-05-22 07:00:00.000 -0700';
Managing scanner packages¶
You can complete the following tasks to manage scanner packages in the Trust Center:
Enable scanner packages¶
To enable a scanner package, follow these steps:
Switch to a role with the
SNOWFLAKE.TRUST_CENTER_ADMIN
application role granted to it.For more information about granting this role, see Required privileges.
In the left navigation bar, select Monitoring » Trust Center.
Select the Scanner Packages tab.
Select a scanner package from the list.
Select the Settings tab.
Select Enable.
After you enable a scanner package, you can enable or disable individual scanners in the scanner package.
View available scanner packages¶
To view available scanner packages, follow these steps:
Switch to a role with the
SNOWFLAKE.TRUST_CENTER_ADMIN
application role granted to it.For more information about granting this role, see Required privileges.
In the left navigation bar, select Monitoring » Trust Center.
Select the Scanner Packages tab.
Optionally, select Provider, Status, or Search to filter the list of scanner packages available.
Change the schedule of a scanner package¶
You can change the schedule of all scanner packages, except the Security Essentials scanner package.
Tip
After a scanner package is enabled, you can change the schedule of individual scanners in the scanner package.
To change the schedule of a scanner package, follow these steps:
Ensure you’ve enabled the CIS Benchmarks scanner package.
Switch to a role with the
SNOWFLAKE.TRUST_CENTER_ADMIN
application role granted to it.For more information about granting this role, see Required privileges.
In the left navigation bar, select Monitoring » Trust Center.
Select the Scanner Packages tab.
Select a scanner package from the list.
Select the Settings tab.
Set your desired Frequency.
Select Continue.
Run a scanner package manually¶
To run a scanner package manually, follow these steps:
Switch to a role with the
SNOWFLAKE.TRUST_CENTER_ADMIN
application role granted to it.For more information about granting this role, see Required privileges.
In the left navigation bar, select Monitoring » Trust Center.
Select the Scanner Packages tab.
Select a scanner package from the list.
Managing scanners¶
You can complete the following tasks to manage scanners in the Trust Center:
View descriptions of scanners in scanner packages¶
To view descriptions of scanners in a scanner package, follow these steps:
Switch to a role with the
SNOWFLAKE.TRUST_CENTER_ADMIN
application role granted to it.For more information about granting this role, see Required privileges.
In the left navigation bar, select Monitoring » Trust Center.
Select the Scanner Packages tab.
Select a scanner package from the list.
Select a scanner from the list of scanner names.
Enable or disable a scanner in a scanner package¶
Attention
Scanners provide valuable information about possible security risks at a minimal cost. Before disabling a scanner, we recommend evaluating the value of the information provided by the scanner in relation to the cost associated with running it. For more information about evaluating the cost associated with a scanner, see Monitoring cost.
If a scanner package is disabled, all of the scanners in the package are disabled, including scanners that were enabled individually.
To enable or disable a scanner in a scanner package, follow these steps:
Switch to a role with the
SNOWFLAKE.TRUST_CENTER_ADMIN
application role granted to it.For more information about granting this role, see Required privileges.
In the left navigation bar, select Monitoring » Trust Center.
Select the Scanner Packages tab.
Select a scanner package from the list.
In the scanner STATE, enable or disable the scanner.
In the confirmation box, select Confirm.
Change the schedule of a scanner¶
You can change the schedule of some scanners.
Note
When a custom schedule is set for an individual scanner, that setting is used instead of its scanner package schedule, even if the scanner package schedule is changed.
To change the schedule of a scanner, follow these steps:
Ensure you’ve enabled the scanner.
Switch to a role with the
SNOWFLAKE.TRUST_CENTER_ADMIN
application role granted to it.For more information about granting this role, see Required privileges.
In the left navigation bar, select Monitoring » Trust Center.
Select the Scanner Packages tab.
Select a scanner package from the list.
Set your desired Frequency.
Select Save.
Reset the schedule of a scanner to the scanner package schedule¶
To change the schedule of a scanner to match its scanner package schedule, follow these steps:
Ensure you’ve enabled the scanner.
Switch to a role with the
SNOWFLAKE.TRUST_CENTER_ADMIN
application role granted to it.For more information about granting this role, see Required privileges.
In the left navigation bar, select Monitoring » Trust Center.
Select the Scanner Packages tab.
Select a scanner package from the list.
Select Reset, and then select Reset to scanner package schedule.
Select Save.
Run a scanner manually¶
To run a scanner manually, follow these steps:
Ensure you’ve enabled the scanner.
Switch to a role with the
SNOWFLAKE.TRUST_CENTER_ADMIN
application role granted to it.For more information about granting this role, see Required privileges.
In the left navigation bar, select Monitoring » Trust Center.
Select the Scanner Packages tab.
Select a scanner package from the list.
In the confirmation box, select Confirm.
Managing security risks¶
You can complete the following tasks to manage security risks in the Trust Center:
View security risks¶
To view security risks, follow these steps:
Switch to a role with the
SNOWFLAKE.TRUST_CENTER_VIEWER
orSNOWFLAKE.TRUST_CENTER_ADMIN
application role granted to it.For more information about granting these roles, see Required privileges.
In the left navigation bar, select Monitoring » Trust Center.
Select the Findings tab.
Select a recommendation from the list of violations to view details about the violation associated with the recommendation.
Optionally, select Severity, Violations, or Search to filter the list of recommendations shown.
Remediate security risks¶
When viewing individual security risks, you can learn how to remediate the risks associated with the recommendations that display, allowing you to harden the security of your account.
To remediate security risks, follow these steps:
Switch to a role with the
SNOWFLAKE.TRUST_CENTER_VIEWER
orSNOWFLAKE.TRUST_CENTER_ADMIN
application role granted to it.For more information about granting these roles, see Required privileges.
In the left navigation bar, select Monitoring » Trust Center.
Select the Findings tab.
Select a recommendation from the list of violations.
Follow the steps shown in the Remediation tab.