Snowflake Integration Guide 🔗
The following instructions are for configuring a Logstash plugin and a Secureworks® Taegis™ XDR transport to ingest log data from Snowflake into XDR.
Prerequisites🔗
- A completed XDR HTTP Ingest integration.
- Logstash installed and configured in a location that can access XDR and your Snowflake instance.
- Snowflake credentials: Account username, Account password & Account identifier
Configuration Steps🔗
- Complete a HTTP Ingest integration and copy the URL and Integration Key.
output {
http{
content_type => "application/json"
format => "json"
http_method => "post"
url => "<URL from integration>"
headers => [
'Authorization', 'Bearer <Integration key from integration>'
]
}
}
- Configure Logstash.
input {
jdbc {
jdbc_driver_library => "/usr/share/logstash/logstash_external_configs/driver/snowflake-jdbc-3.9.2.jar"
jdbc_driver_class => "net.snowflake.client.jdbc.SnowflakeDriver"
jdbc_connection_string => "jdbc:snowflake://<account_identifier>.snowflakecomputing.com/?db=SNOWFLAKE_SAMPLE_DATA&warehouse=COMPUTE_WH&schema=TPCH_SF1"
jdbc_user => "<snowflake_username>"
jdbc_password => "<snowflake_password>"
schedule => "* * * * *"
statement => "select * from customer limit 10;"
}
}