How can I onboard audit logs from Snowflake accounts other than my Panther data lake account into Panther?
Snowflake does not emit their audit logs, therefore you cannot ingest them into Panther like a regular log source. The workaround method involves using Scheduled Queries. However, there are some limitations to this method:
It is not possible to backfill these logs, so you won’t be able to perform analysis on historical logs.
Additionally, you cannot use any of the objects in snowflake.account_usage
in a data share, so you cannot simply connect those accounts to Panther’s Snowflake and perform queries that way.