Working with alerts
Changing alert status
- Go to Yandex Security Deck.
- In the left-hand panel, select Alerts.
- At the top of the window, select the workspace.
- Click the table row containing the alert name.
- In the window that opens, select the status in the top-left corner.
Analyzing alerts with the help of AI
-
Go to Yandex Security Deck.
-
In the left-hand panel, select Alerts.
-
At the top of the window, select the workspace.
-
Click the table row containing the alert name.
-
In the window that opens, click Alert analysis.
The AI assistant's dialog panel with its analysis will open on the right.
Leaving a comment on an alert
- Go to Yandex Security Deck.
- In the left-hand panel, select Alerts.
- At the top of the window, select the workspace.
- Click the table row containing an alert name.
- In the window that opens, go to the Comments tab.
- Enter and finalize your comment, then click Send.
Creating an alert exception
-
Go to Yandex Security Deck.
-
In the left-hand panel, select Alerts.
-
At the top of the window, select the workspace.
-
Select an alert.
-
In the window that opens:
- To create an exception for all alert resources, click Create exception.
- To create an exception for only some resources, on the Overview tab, under Access scope, select the resources and click Create exception.
-
In the window that opens, configure the exception settings based on the relevant module:
CSPMKSPM-
Under Exception type, select an action option for the exception you are creating:
Checked manually: If the conditions specified in the exception are met, the resource will generate only rule compliance signals.No check required: If the conditions specified in the exception are met, the resource will not generate any signals, neither on compliance nor on violation.
-
Under Rules, select the CSPM module rules for which the selected resources should not be checked:
-
All rules: To exclude the selected resources from the check for compliance with all the CSPM module rules. -
Selected rules: To exclude the selected resources from the check for compliance with a given set of rules. To select the rules:- Click Select rules.
- In the window that opens, select the rules you want to exclude from compliance checks. If required, use the filter or search at the top of the window.
- Click Save selection.
-
-
Under Reason for exclusion, give in any format the reason why you are creating an exception.
-
Click Create exception.
-
Under Rules, select the Kubernetes control rules the selected resources should not be checked against:
-
All rules: To exclude the selected resources from the check for compliance with all the Kubernetes control rules. -
Selected rules: To exclude the selected resources from the check for compliance with a given set of rules. To select the rules:- Click Select rules.
- In the window that opens, select the rules you want to exclude from compliance checks. If required, use the filter or search at the top of the window.
- Click Save selection.
-
-
Under Objects (optional), use a namespace to specify the objects to exclude from the check:
-
Enable Namespaces.
-
Enter the object name from the namespace. Follow these naming requirements:
- Length: between 3 and 63 characters.
- It can only contain lowercase Latin letters, numbers, and hyphens.
- It must start with a letter and cannot end with a hyphen.
To exclude multiple objects at once, use wildcards. For example, a pattern like
*-nswill exclude objects with thenssuffix, such asprod-nsandtest-ns. -
-
Under Reason for exclusion, give in any format the reason why you are creating an exception.
-
Select Activate exception.
-
Click Create exception.
-
The created exception will be displayed in the Rules and exceptions section of the relevant module.