This PR adds saved queries to identify malicious behavior.
These queries require that Panther's read-only role has access to the snowflake.account_usage audit database (this may need to be done by the Snowflake admins).
Changes
Adds Snowflake queries applicable to the aforementioned KB article
Background
Snowflake has released additional information on investigating and identifying malicious behavior to Snowflake accounts: https://community.snowflake.com/s/article/Communication-ID-0108977-Additional-Information
This PR adds saved queries to identify malicious behavior.
These queries require that Panther's read-only role has access to the snowflake.account_usage audit database (this may need to be done by the Snowflake admins).
Changes
Testing