Creating a DSPM scan
Data Security Posture Management (DSPM) scans data sources to identify sensitive information in buckets.
Before you start using DSPM, set up the default folder to store Security Deck data.
To create a scan:
-
Go to Yandex Security Deck.
-
In the left-hand panel, select DSPM and go to the Regular scans tab.
-
In the top-right corner, click New scan.
-
Under Data sources, select the data source you need.
If necessary, create a new data source.
-
Under Access to data in sources, select the service account to use to run your scans. If you need to create a new service account, click Create new.
Warning
To run the scan, make sure the service account is assigned the
dspm.workerrole for all buckets you want to scan. If the buckets are encrypted, your service account also needs thekms.keys.decrypterrole for the relevant Yandex Key Management Service encryption keys. -
Under Data search categories, select the data categories to scan for:
Financial data: Credit or debit card details.Personal data: Full names, email addresses, phone numbers, and social security numbers (SNILS).Secrets: Cloud access keys, passwords, tokens, SSH keys, etc.
You can select all the available categories at once or any combination of them.
-
Under Scan settings:
-
In the Start field, select the new scan frequency:
Once,Every 7 days,Every 30 days,Every 90 days, or set a custom frequency by selectingCustom number of days. -
In the Scan name field, specify the name to identify your new scan. Follow these naming requirements:
- It must be from 2 to 63 characters long.
- It can only contain lowercase Latin letters, numbers, and hyphens.
- It must start with a letter and cannot end with a hyphen.
-
-
Click Create scan.
The new scan will appear in the scan list, ready to run.