This rule detects instances when a user account in Snowflake is re-enabled within the environment. Specifically, it logs queries from the Snowflake Query History that signify a change in the user account status from disabled to enabled. The rule is vital for maintaining an audit trail and ensuring that access controls are monitored, as re-enabling users can indicate potential unauthorized actions or changes in privileges. It checks for specific query text that corresponds to the user being enabled, while also validating that a 'USER DISABLED' action did not occur unexpectedly. The rule utilizes the log types aligned to the Snowflake platform and falls under the MITRE ATT&CK framework for persistence techniques related to user account management.