Managing exceptions to the CSPM module's security control rules

Go to Yandex Security Deck.

In the left-hand panel, select Control rules.

At the top of the window, select the workspace for which you want to view the info on control rule exceptions.

On the Security control rules page that opens, go to the Exceptions tab.

The list of exceptions for the CSPM module rules is provided under Configuration control and contains the following fields:

• Exception reason: User-specified exception reason when creating the exception.

• Exception type: Action option for the exception you are creating:

  • Resource scanned: If the conditions specified in the exception are met, the resource will generate only rule compliance signals.
  • Do not scan resource: If the conditions specified in the exception are met, the resource will not generate any signals, neither on compliance nor on violation.

• Rules: Number of rules for which compliance checking is excluded. To view a detailed list of excluded rules, click the line with the exception.

• Created: Information about the user who created the exception, as well as the date and time of creation.

Go to Yandex Security Deck.

In the left-hand panel, select Control rules.

At the top of the window, select the workspace in which you want to create an exception from the control rules.

On the Security control rules page that opens, go to the Exceptions tab.

In the top-right corner, click Create exception and select Configuration controls. In the window that opens:

1. Under Exception type, select an action option for the exception you are creating:

   • Resource has been checked manually: If the exception conditions are met, the resource will only generate signals about rule compliance.
   • Do not scan resource: If the exception conditions are met, the resource will generate no signals at all, neither about compliance nor violation.

2. Under Scope of control, specify the resources you want to exclude when checking the CSPM module rules:

   • All resources: To exclude all resources controlled in the workspace.

   • Resources selected: To exclude only some resources. To select resources excluded from the check:

     • Click Select resources.
     • In the window that opens, select the resources to exclude from the rule and click Apply.

3. Under Excepted rules, select the CSPM module rules for which the selected resources should not be checked:

   • All rules: To exclude the selected resources from the check for compliance with all the CSPM module rules.

   • Selected rules: To exclude checks for compliance with a given set of rules. To select rules whose compliance checks will be disabled based on the exception you are creating:

     • Click Select rules.
     • In the window that opens, select the rules you want to exclude from compliance checks. If required, use the filter or search at the top of the window.
     • Click Save selection.

4. Under Reason for exclusion, give in any format the reason why you are creating an exception.

5. Click Create exception.