[SnowflakeConnector] - resolved bug in CCF Data Connector related to Output stream for Snowflake tables

Author: Srikar Shastry

Solutions/Snowflake/Data Connectors/SnowflakeLogs_ccp/SnowflakeLogs_ConnectorDefinition.json

@@ -104,7 +104,7 @@
           "clv2ws1"
         ],
         "outputStream": "Custom-SnowflakeLoad_CL",
-        "transformKql": "source \r\n| extend Data = tostring(data), TimeGenerated = now()\r\n| where Data !contains \"[]\"\r\n| project TimeGenerated, Data"
+        "transformKql": "source \r\n| extend Data = tostring(data), TimeGenerated = now() \r\n| where Data !contains \"[]\"\r\n| project TimeGenerated, Data"
       },
       {
         "streams": [
@@ -114,7 +114,7 @@
           "clv2ws1"
         ],
         "outputStream": "Custom-SnowflakeLogin_CL",
-        "transformKql": "source\r\n| extend Data = tostring(data), TimeGenerated = now()\r\n| where Data !contains \"[]\"\r\n| project TimeGenerated, Data"
+        "transformKql": "source \r\n| extend Data = tostring(data), TimeGenerated = now() \r\n| where Data !contains \"[]\"\r\n| project TimeGenerated, Data"
       },
       {
         "streams": [
@@ -124,7 +124,7 @@
           "clv2ws1"
         ],
         "outputStream": "Custom-SnowflakeMaterializedView_CL",
-        "transformKql": "source \r\n| extend Data = tostring(data), TimeGenerated = now() \r\n| where Data !contains \"[]\" \r\n| project TimeGenerated, Data"
+        "transformKql": "source \r\n| extend Data = tostring(data), TimeGenerated = now() \r\n| where Data !contains \"[]\"\r\n| project TimeGenerated, Data"
       },
       {
         "streams": [
@@ -134,7 +134,7 @@
           "clv2ws1"
         ],
         "outputStream": "Custom-SnowflakeQuery_CL",
-        "transformKql": "source \r\n| extend Data = tostring(data), TimeGenerated = now() \r\n| where Data !contains \"[]\" \r\n| project TimeGenerated, Data"
+        "transformKql": "source \r\n| extend Data = tostring(data), TimeGenerated = now() \r\n| where Data !contains \"[]\"\r\n| project TimeGenerated, Data"
       },
       {
         "streams": [
@@ -144,7 +144,7 @@
           "clv2ws1"
         ],
         "outputStream": "Custom-SnowflakeRoleGrant_CL",
-        "transformKql": "source \r\n| extend Data = tostring(data), TimeGenerated = now() \r\n| where Data !contains \"[]\" \r\n| project TimeGenerated, Data"
+        "transformKql": "source \r\n| extend Data = tostring(data), TimeGenerated = now() \r\n| where Data !contains \"[]\"\r\n| project TimeGenerated, Data"
       },
       {
         "streams": [
@@ -154,7 +154,7 @@
           "clv2ws1"
         ],
         "outputStream": "Custom-SnowflakeRoles_CL",
-        "transformKql": "source \r\n| extend Data = tostring(data), TimeGenerated = now() \r\n| where Data !contains \"[]\" \r\n| project TimeGenerated, Data"
+        "transformKql": "source \r\n| extend Data = tostring(data), TimeGenerated = now() \r\n| where Data !contains \"[]\"\r\n| project TimeGenerated, Data"
       },
       {
         "streams": [
@@ -163,8 +163,8 @@
         "destinations": [
           "clv2ws1"
         ],
-        "outputStream": "Custom-SnowflakeTable_CL",
-        "transformKql": "source \r\n| extend Data = tostring(data), TimeGenerated = now() \r\n| where Data !contains \"[]\" \r\n| project TimeGenerated, Data"
+        "outputStream": "Custom-SnowflakeTables_CL",
+        "transformKql": "source \r\n| extend Data = tostring(data), TimeGenerated = now() \r\n| where Data !contains \"[]\"\r\n| project TimeGenerated, Data"
       },
       {
         "streams": [
@@ -174,7 +174,7 @@
           "clv2ws1"
         ],
         "outputStream": "Custom-SnowflakeTableStorageMetrics_CL",
-        "transformKql": "source \r\n| extend Data = tostring(data), TimeGenerated = now() \r\n| where Data !contains \"[]\" \r\n| project TimeGenerated, Data"
+        "transformKql": "source \r\n| extend Data = tostring(data), TimeGenerated = now() \r\n| where Data !contains \"[]\"\r\n| project TimeGenerated, Data"
       },
       {
         "streams": [
@@ -184,7 +184,7 @@
           "clv2ws1"
         ],
         "outputStream": "Custom-SnowflakeUserGrant_CL",
-        "transformKql": "source \r\n| extend Data = tostring(data), TimeGenerated = now() \r\n| where Data !contains \"[]\" \r\n| project TimeGenerated, Data"
+        "transformKql": "source \r\n| extend Data = tostring(data), TimeGenerated = now() \r\n| where Data !contains \"[]\"\r\n| project TimeGenerated, Data"
       },
       {
         "streams": [
@@ -194,7 +194,7 @@
           "clv2ws1"
         ],
         "outputStream": "Custom-SnowflakeUsers_CL",
-        "transformKql": "source \r\n| extend Data = tostring(data), TimeGenerated = now() \r\n| where Data !contains \"[]\" \r\n| project TimeGenerated, Data"
+        "transformKql": "source \r\n| extend Data = tostring(data), TimeGenerated = now() \r\n| where Data !contains \"[]\"\r\n| project TimeGenerated, Data"
       }
     ]
   }

Solutions/Snowflake/Data Connectors/SnowflakeLogs_ccp/SnowflakeLogs_DCR.json

@@ -41,7 +41,7 @@
         "linkHeaderTokenJsonPath": "[[concat('https://',parameters('accountId'),'.snowflakecomputing.com','$.statementStatusUrl')]"
       },
       "connectorDefinitionName": "SnowflakeLogsCCPDefinition",
-      "dataType": "SnowflakeLoad",
+      "dataType": "SnowflakeLoad_CL",
       "dcrConfig": {
         "streamName": "Custom-SnowflakeLoad",
         "dataCollectionEndpoint": "{{dataCollectionEndpoint}}",
@@ -94,7 +94,7 @@
         "linkHeaderTokenJsonPath": "[[concat('https://',parameters('accountId'),'.snowflakecomputing.com','$.statementStatusUrl')]"
       },
       "connectorDefinitionName": "SnowflakeLogsCCPDefinition",
-      "dataType": "SnowflakeLogin",
+      "dataType": "SnowflakeLogin_CL",
       "dcrConfig": {
         "streamName": "Custom-SnowflakeLogin",
         "dataCollectionEndpoint": "{{dataCollectionEndpoint}}",
@@ -147,7 +147,7 @@
         "linkHeaderTokenJsonPath": "[[concat('https://',parameters('accountId'),'.snowflakecomputing.com','$.statementStatusUrl')]"
       },
       "connectorDefinitionName": "SnowflakeLogsCCPDefinition",
-      "dataType": "SnowflakeMaterializedView",
+      "dataType": "SnowflakeMaterializedView_CL",
       "dcrConfig": {
         "streamName": "Custom-SnowflakeMaterializedView",
         "dataCollectionEndpoint": "{{dataCollectionEndpoint}}",
@@ -200,7 +200,7 @@
         "linkHeaderTokenJsonPath": "[[concat('https://',parameters('accountId'),'.snowflakecomputing.com','$.statementStatusUrl')]"
       },
       "connectorDefinitionName": "SnowflakeLogsCCPDefinition",
-      "dataType": "SnowflakeQuery",
+      "dataType": "SnowflakeQuery_CL",
       "dcrConfig": {
         "streamName": "Custom-SnowflakeQuery",
         "dataCollectionEndpoint": "{{dataCollectionEndpoint}}",
@@ -253,7 +253,7 @@
         "linkHeaderTokenJsonPath": "[[concat('https://',parameters('accountId'),'.snowflakecomputing.com','$.statementStatusUrl')]"
       },
       "connectorDefinitionName": "SnowflakeLogsCCPDefinition",
-      "dataType": "SnowflakeRoleGrant",
+      "dataType": "SnowflakeRoleGrant_CL",
       "dcrConfig": {
         "streamName": "Custom-SnowflakeRoleGrant",
         "dataCollectionEndpoint": "{{dataCollectionEndpoint}}",
@@ -306,7 +306,7 @@
         "linkHeaderTokenJsonPath": "[[concat('https://',parameters('accountId'),'.snowflakecomputing.com','$.statementStatusUrl')]"
       },
       "connectorDefinitionName": "SnowflakeLogsCCPDefinition",
-      "dataType": "SnowflakeRoles",
+      "dataType": "SnowflakeRoles_CL",
       "dcrConfig": {
         "streamName": "Custom-SnowflakeRoles",
         "dataCollectionEndpoint": "{{dataCollectionEndpoint}}",
@@ -320,7 +320,7 @@
   {
     "type": "Microsoft.SecurityInsights/dataConnectors",
     "apiVersion": "2025-03-01",
-    "name": "SnowflakeTablePoller",
+    "name": "SnowflakeTablesPoller",
     "location": "[parameters('workspace-location')]",
     "kind": "RestApiPoller",
     "properties": {
@@ -359,7 +359,7 @@
         "linkHeaderTokenJsonPath": "[[concat('https://',parameters('accountId'),'.snowflakecomputing.com','$.statementStatusUrl')]"
       },
       "connectorDefinitionName": "SnowflakeLogsCCPDefinition",
-      "dataType": "SnowflakeTable",
+      "dataType": "SnowflakeTables_CL",
       "dcrConfig": {
         "streamName": "Custom-SnowflakeTable",
         "dataCollectionEndpoint": "{{dataCollectionEndpoint}}",
@@ -412,7 +412,7 @@
         "linkHeaderTokenJsonPath": "[[concat('https://',parameters('accountId'),'.snowflakecomputing.com','$.statementStatusUrl')]"
       },
       "connectorDefinitionName": "SnowflakeLogsCCPDefinition",
-      "dataType": "SnowflakeTableStorageMetrics",
+      "dataType": "SnowflakeTableStorageMetrics_CL",
       "dcrConfig": {
         "streamName": "Custom-SnowflakeTableStorageMetrics",
         "dataCollectionEndpoint": "{{dataCollectionEndpoint}}",
@@ -465,7 +465,7 @@
         "linkHeaderTokenJsonPath": "[[concat('https://',parameters('accountId'),'.snowflakecomputing.com','$.statementStatusUrl')]"
       },
       "connectorDefinitionName": "SnowflakeLogsCCPDefinition",
-      "dataType": "SnowflakeUserGrant",
+      "dataType": "SnowflakeUserGrant_CL",
       "dcrConfig": {
         "streamName": "Custom-SnowflakeUserGrant",
         "dataCollectionEndpoint": "{{dataCollectionEndpoint}}",
@@ -518,7 +518,7 @@
         "linkHeaderTokenJsonPath": "[[concat('https://',parameters('accountId'),'.snowflakecomputing.com','$.statementStatusUrl')]"
       },
       "connectorDefinitionName": "SnowflakeLogsCCPDefinition",
-      "dataType": "SnowflakeUsers",
+      "dataType": "SnowflakeUsers_CL",
       "dcrConfig": {
         "streamName": "Custom-SnowflakeUsers",
         "dataCollectionEndpoint": "{{dataCollectionEndpoint}}",

Solutions/Snowflake/Data Connectors/SnowflakeLogs_ccp/SnowflakeLogs_PollingConfig.json

@@ -38,7 +38,7 @@
   ],
   "Metadata": "SolutionMetadata.json",
   "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Snowflake",
-  "Version": "3.0.6",
+  "Version": "3.0.7",
   "TemplateSpec": true,
   "Is1PConnector": false
 }