Snowflake security and retrieval data can be monitored in Splunk Enterprise Security via federated queries
Snowflake and Splunk support federated search patterns in which Splunk queries Snowflake data for incident response and SecOps use cases, allowing Snowflake-hosted security and retrieval telemetry from Pillar B to be analyzed inside Splunk Enterprise Security as a Pillar D SIEM without duplicating all data into Splunk indexes.
Linked Evidence
A Snowflake webinar describes how customers can conduct incident response playbooks using Snowflake data in Splunk and offload detections directly to Snowflake or modern SIEM architectures.
Unlock your Splunk Capabilities with Snowflake Federated QueriesCisco’s announcement of Splunk Federated Search for Snowflake explains that Splunk users can query Snowflake data from the Splunk interface and combine it with Splunk data to support critical SecOps and engineering use cases.
Cisco Announces Splunk Federated Search for SnowflakeA practitioner blog describes how organizations enable Splunk SIEM users to run SPL searches directly on data resident in Snowflake, without duplicating it into Splunk, to support security analytics and incident response workflows.
How Federated Search helps Splunk SIEM customers query data in Snowflake