Threat Detector (TD)

The Threat Detector (TD) module is the first line of defense of the user's cloud infrastructure in Yandex Security Deck, which automatically detects suspicious activity and notifies the user about detected threats.

Threat Detector analyzes the audit events found in the client's infrastructure and registered using Yandex Audit Trails. The module does not require you to configure rules or involve security experts; it activates automatically when you set up your Security Deck workspace.

Each time a rule is triggered by a potential security threat, Security Deck generates an alert with detailed information about the event and recommendations for how to remove the threat. You can analyze the alert and find a solution with the help of the AI assistant, which will drill down on the problem and propose some remedies.

RulesRules

You can view information about the Threat Detector security control rules under Threat detection on the Security control rules page.

Exceptions to rulesExceptions to rules

Exceptions allow you to flexibly configure when and for which objects Threat Detector should ignore the results of a rule check. You can view the list of exceptions set for your workspace in the Security Deck interface under Rules and exceptions.

See alsoSee also

• Security Deck workspaces
• About Alerts
• Viewing Threat Detector (TD) security control rules
• Managing exceptions from Threat Detector (TD) security rules