This denial is likely due to a missing netlink rule. Unfortunately due to a limitation in the kernel that is unlikely to be resolved, seccomp denials do not include the values of the arguments to the denied syscall which makes this difficult to debug.
Today, you could put the snap in devmode, then strace it choosing -e socket and see what it is using, then add an appropriate plug. Soon, we will use EPERM instead of kill in the seccomp policy, which would mean you wouldn’t need to put the snap in devmode.
snappy-debug should be updated (it is in backlog) to list the interfaces that have netlink rules so you can better decide what to plug.
Looking at existing plugs and the name of the snap, I’m going to suggest you try to plugs network-observe (don’t forget to snap connect it!) and see if it makes a difference.