Managing exceptions to the CSPM module's security control rules

Go to Yandex Security Deck.

In the left-hand panel, select Control rules.

At the top of the window, click More and select the workspace for which you want to view the info on control rule exceptions. Use search, if required.

On the Security control rules page that opens, go to the Exceptions tab.

The list of exceptions for the CSPM module rules is provided under Configuration control and contains the following fields:

• Exception reason: User-specified exception reason when creating the exception.

• Exception type: Action option for the exception you are creating:

  • Resource scanned: If the conditions specified in the exception are met, the resource will only generate rule compliance signals.
  • Do not scan resource: If the conditions specified in the exception are met, the resource will not generate any signals: neither about compliance nor about rule violation.

• Rules: Number of rules for which compliance checking is excluded. To view a detailed list of excluded rules, click the line with the exception.

• Created: Information about the user who created the exception, as well as the date and time of creation.

Go to Yandex Security Deck.

In the left-hand panel, select Control rules.

At the top of the window, click More and select the workspace in which you want to create an exception to the control rules. Use search, if required.

On the Security control rules page that opens, go to the Exceptions tab.

In the top-right corner, click Create exception and select Configuration controls. In the window that opens:

1. Under Exception type, select an action option for the exception you are creating:

   • Resource has been checked manually: If the exception conditions are met, the resource will only generate signals about rule compliance.
   • Do not scan resource: If the exception conditions are met, the resource will generate no signals at all, neither about compliance nor violation.

2. Under Scope of control, specify the resources you want to exclude when checking the CSPM module rules:

   • All resources: To exclude all resources controlled in the workspace.

   • Selected resources: To exclude only some resources. To select resources to exclude from the check:

     • Click Select resources.
     • In the window that opens, select the resources to exclude from the rule and click Apply.

3. Under Excepted rules, select the CSPM module rules for which the selected resources should not be checked:

   • All rules: To exclude the selected resources from the check for compliance with all the CSPM module rules.

   • Selected rules: To exclude the selected resources from the check for compliance with a given set of rules. To select rules for which compliance check will be disabled based on the exception you are creating:

     • Click Select rules.
     • In the window that opens, select the rules you want to exclude from compliance check. If required, use the filter or search at the top of the window.
     • Click Save selection.

4. Under Reason for exclusion, give in any format the reason why you are creating an exception.

5. Click Create exception.