QUESTION

How can I build detections that use data in Snowflake?

ANSWER

The best way to do this is with scheduled queries. Real-time rules only work on ingested log events, and Snowflake tables are part of the data lake, so they're not ingested as such.