Using the Trust Center¶
This topic describes how to use and navigate the Trust Center Snowsight interface.
Monitoring cost¶
The Trust Center incurs serverless compute cost when it scans your Snowflake environment for security vulnerabilities.
You can use cost-related views in the ACCOUNT_USAGE and ORGANIZATION_USAGE schemas to track the costs associated with the Trust Center. When
querying these views, filter on the service_type column to find TRUST_CENTER values.
View |
Schema |
|
Roles with required privileges |
|---|---|---|---|
ACCOUNT_USAGE |
TRUST_CENTER |
|
|
ACCOUNT_USAGE |
TRUST_CENTER |
|
|
ORGANIZATION_USAGE |
TRUST_CENTER |
|
|
ORGANIZATION_USAGE |
TRUST_CENTER |
|
Example: View the total cost that the Trust Center incurred between December 1, 2024 and December 31, 2024.
SELECT
SUM(credits_used) AS total_credits
FROM snowflake.account_usage.metering_history
WHERE
service_type = 'TRUST_CENTER' AND
start_time >= '2024-12-01' AND
end_time <= '2024-12-31';
Example: View the daily cost that the Trust Center incurred after December 1, 2024.
SELECT
usage_date AS date,
credits_used AS credits
FROM snowflake.account_usage.metering_daily_history
WHERE
service_type = 'TRUST_CENTER' AND
date > '2024-12-01';
For information about how many credits are charged per Compute-Hour for the operation of the Trust Center, see Table 5 in the Snowflake Service Consumption Table.
Costs before December 1, 2024¶
Prior to December 1, 2024, serverless compute costs were not tracked with a service type in the cost-related views in the ACCOUNT_USAGE and ORGANIZATION_USAGE schemas. If you want the historical cost of using the Trust Center before December 1, 2024, you need to query the SERVERLESS_TASK_HISTORY view instead. For example, to view the cost that the Trust Center incurred between May 20, 2024 and May 22, 2024, you can execute the following SQL statement:
SELECT SUM(CREDITS_USED)
FROM snowflake.account_usage.serverless_task_history
WHERE
DATABASE_NAME = 'SNOWFLAKE' AND
SCHEMA_NAME = 'TRUST_CENTER_STATE' AND
START_TIME BETWEEN '2024-05-20 07:00:00.000 -0700' AND '2024-05-22 07:00:00.000 -0700';
Managing scanners¶
This section provides information about how you can do the following tasks in the Trust Center:
Enable scanner packages¶
To enable a scanner package, follow the steps below:
Switch to a role with the SNOWFLAKE.TRUST_CENTER_ADMIN application role granted to it.
For more information about granting these roles, see Required privileges.
In the left navigation bar, select Monitoring » Trust Center.
Select the Scanner Packages tab.
Select a scanner package from the list.
Select the Settings tab.
Select Enable.
View available scanner packages¶
To view available scanner packages, follow the steps below:
Switch to a role with the SNOWFLAKE.TRUST_CENTER_ADMIN application role granted to it.
For more information about granting these roles, see Required privileges.
In the left navigation bar, select Monitoring » Trust Center.
Select the Scanner Packages tab.
Optionally, select Provider, Status, or Search to filter the list of scanner packages available.
View descriptions of scanners in scanner packages¶
To view descriptions of scanners in a scanner package, follow the steps below:
Switch to a role with the SNOWFLAKE.TRUST_CENTER_ADMIN application role granted to it.
For more information about granting these roles, see Required privileges.
In the left navigation bar, select Monitoring » Trust Center.
Select the Scanner Packages tab.
Select a scanner package from the list.
Select a scanner from the list of scanner names.
Change the schedule of a scanner package¶
You can change the schedule of all scanner packages, except the Security Essentials scanner package.
To change the schedule of a scanner package, follow the steps below:
Ensure you enabled the CIS Benchmarks scanner package.
Switch to a role with the SNOWFLAKE.TRUST_CENTER_ADMIN application role granted to it.
For more information about granting these roles, see Required privileges.
In the left navigation bar, select Monitoring » Trust Center.
Select the Scanner Packages tab.
Select a scanner package from the list.
Select the Settings tab.
Under Scanner Package Schedule, select
Edit.Set your desired Frequency.
Select Continue.
Run a scanner package manually¶
To run a scanner package manually, follow the steps below:
Switch to a role with the SNOWFLAKE.TRUST_CENTER_ADMIN application role granted to it.
For more information about granting these roles, see Required privileges.
In the left navigation bar, select Monitoring » Trust Center.
Select the Scanner Packages tab.
Select a scanner package from the list.
On the right side of Search, select
Start.
Managing security risks¶
This section provides information about how you can do the following tasks in the Trust Center:
View security risks¶
To view security risks, follow the steps below:
Switch to a role with the SNOWFLAKE.TRUST_CENTER_VIEWER or SNOWFLAKE.TRUST_CENTER_ADMIN application role granted to it.
For more information about granting these roles, see Required privileges.
In the left navigation bar, select Monitoring » Trust Center.
Select the Findings tab.
Select a recommendation from the list of violations to view details about the violation associated with the recommendation.
Optionally, select Severity, Violations, or Search to filter the list of recommendations shown.
Remediate security risks¶
When viewing individual security risks, you can learn how to remediate the risks associated with the recommendations that display, allowing you to harden the security of your account.
To remediate security risks, follow the steps below:
Switch to a role with the SNOWFLAKE.TRUST_CENTER_VIEWER or SNOWFLAKE.TRUST_CENTER_ADMIN application role granted to it.
For more information about granting these roles, see Required privileges.
In the left navigation bar, select Monitoring » Trust Center.
Select the Findings tab.
Select a recommendation from the list of violations.
Follow the steps shown in the Remediation tab.