Using the Trust Center

This topic describes how to use and navigate the Trust Center Snowsight interface.

Monitoring cost

The Trust Center can incur serverless compute cost when you enable scanner packages.

You can monitor Trust Center cost using the SERVERLESS_TASK_HISTORY view to query the serverless task usage history.

By default, only users with the ACCOUNTADMIN role or the USAGE_VIEWER database role can access the SERVERLESS_TASK_HISTORY view. For information, see SNOWFLAKE database roles.

For example, to view the cost that the Trust Center incurred between May 20, 2024 and May 22, 2024, you can execute the following SQL statement:

SELECT SUM(CREDITS_USED)
  FROM snowflake.account_usage.serverless_task_history
  WHERE
    DATABASE_NAME = 'SNOWFLAKE' AND
    SCHEMA_NAME = 'TRUST_CENTER_STATE' AND
    START_TIME BETWEEN '2024-05-20 07:00:00.000 -0700' AND '2024-05-22 07:00:00.000 -0700';
Copy

For more information about credit consumption by serverless features, see Serverless credit usage.

Managing scanners

This section provides information about how you can do the following tasks in the Trust Center:

Enable scanner packages

To enable a scanner package, follow the steps below:

  1. Sign in to Snowsight.

  2. Switch to a role with the SNOWFLAKE.TRUST_CENTER_ADMIN application role granted to it.

    For more information about granting these roles, see Required privileges.

  3. In the left navigation bar, select Monitoring » Trust Center.

  4. Select the Scanner Packages tab.

  5. Select a scanner package from the list.

  6. Select the Settings tab.

  7. Select Enable.

View available scanner packages

To view available scanner packages, follow the steps below:

  1. Sign in to Snowsight.

  2. Switch to a role with the SNOWFLAKE.TRUST_CENTER_ADMIN application role granted to it.

    For more information about granting these roles, see Required privileges.

  3. In the left navigation bar, select Monitoring » Trust Center.

  4. Select the Scanner Packages tab.

  5. Optionally, select Provider, Status, or Search to filter the list of scanner packages available.

View descriptions of scanners in scanner packages

To view descriptions of scanners in a scanner package, follow the steps below:

  1. Sign in to Snowsight.

  2. Switch to a role with the SNOWFLAKE.TRUST_CENTER_ADMIN application role granted to it.

    For more information about granting these roles, see Required privileges.

  3. In the left navigation bar, select Monitoring » Trust Center.

  4. Select the Scanner Packages tab.

  5. Select a scanner package from the list.

  6. Select a scanner from the list of scanner names.

Change the schedule of a scanner package

You can change the schedule of all scanner packages, except the Security Essentials scanner package.

To change the schedule of a scanner package, follow the steps below:

  1. Ensure you enabled the CIS Benchmarks scanner package.

  2. Sign in to Snowsight.

  3. Switch to a role with the SNOWFLAKE.TRUST_CENTER_ADMIN application role granted to it.

    For more information about granting these roles, see Required privileges.

  4. In the left navigation bar, select Monitoring » Trust Center.

  5. Select the Scanner Packages tab.

  6. Select a scanner package from the list.

  7. Select the Settings tab.

  8. Under Scanner Package Schedule, select trust-center-edit-image Edit.

  9. Set your desired Frequency.

  10. Select Continue.

Run a scanner package manually

To run a scanner package manually, follow the steps below:

  1. Sign in to Snowsight.

  2. Switch to a role with the SNOWFLAKE.TRUST_CENTER_ADMIN application role granted to it.

    For more information about granting these roles, see Required privileges.

  3. In the left navigation bar, select Monitoring » Trust Center.

  4. Select the Scanner Packages tab.

  5. Select a scanner package from the list.

  6. On the right side of Search, select trust-center-start-image Start.

Managing security risks

This section provides information about how you can do the following tasks in the Trust Center:

View security risks

To view security risks, follow the steps below:

  1. Sign in to Snowsight.

  2. Switch to a role with the SNOWFLAKE.TRUST_CENTER_VIEWER or SNOWFLAKE.TRUST_CENTER_ADMIN application role granted to it.

    For more information about granting these roles, see Required privileges.

  3. In the left navigation bar, select Monitoring » Trust Center.

  4. Select the Findings tab.

  5. Select a recommendation from the list of violations to view details about the violation associated with the recommendation.

  6. Optionally, select Severity, Violations, or Search to filter the list of recommendations shown.

Remediate security risks

When viewing individual security risks, you can learn how to remediate the risks associated with the recommendations that display, allowing you to harden the security of your account.

To remediate security risks, follow the steps below:

  1. Sign in to Snowsight.

  2. Switch to a role with the SNOWFLAKE.TRUST_CENTER_VIEWER or SNOWFLAKE.TRUST_CENTER_ADMIN application role granted to it.

    For more information about granting these roles, see Required privileges.

  3. In the left navigation bar, select Monitoring » Trust Center.

  4. Select the Findings tab.

  5. Select a recommendation from the list of violations.

  6. Follow the steps shown in the Remediation tab.