Tracecat

Snowflake MCP server

Query the Snowflake security data lake and run Cortex Agents from your AI agents.

SIEM / datalake
http
Official docs

About

Connect Tracecat to Snowflake to query the security data lake for detection engineers and SOC analysts working with long-retention logs. You can ask Cortex Analyst a natural-language question and run the resulting SQL against your security tables from a workflow. From there, execute Cortex Search queries, invoke Cortex Agents end-to-end, and bring the results back into a Tracecat case with every call attributed to the connected role in Snowflake's account usage logs.

Setup

  1. 1

    Sign in with OAuth

    You'll authorize Tracecat to access Snowflake on your behalf. No API keys to manage.

  2. 2

    Select the Snowflake tile in the Tracecat MCP catalog

    Open the MCP catalog in your workspace, select the Snowflake tile, and complete the OAuth flow.

  3. 3

    Enable Snowflake in your agent

    In your ai.agent action or Agents tools tab, select Snowflake from the MCP integrations dropdown.

Tools

CORTEX_SEARCH_SERVICE_QUERY

Query a Cortex Search service for semantic search over indexed Snowflake data.

CORTEX_ANALYST_MESSAGE

Send a natural-language message to Cortex Analyst and get back a SQL-grounded answer.

SYSTEM_EXECUTE_SQL

Execute a SQL statement against Snowflake using the connected role.

CORTEX_AGENT_RUN

Run a Snowflake Cortex Agent end-to-end with tool calling enabled.

GENERIC

Invoke a Snowflake user-defined function or stored procedure registered as an MCP tool.

Deploy the Snowflake MCP server in minutes

Connect your security agents to 50+ hosted MCP servers.

Self-host free