Creating a DSPM scan

1. Go to Yandex Security Deck.

2. In the left-hand panel, select DSPM.

3. If the Security Deck settings window opens, this means the DSPM data storage folder has not been configured. Under Choose your default folder, select a folder to store the module data by default and click Save at the bottom of the page.

4. If the DSPM UI opens, this means the module's data storage folder has already been configured, so you can continue working.

   You can change the DSPM data storage folder path. To do this, navigate to the Settings tab. Under Default storage, select another folder.

5. Activate DSPM in the current workspace. To do this, click Configure DSPM at the top right.

   In the window that opens, navigate to the Security compliance tab. Under Control modules, select the **Data Security Posture Management (DSPM)
   ** module and click Save.

   If you have no workspaces yet, create one and activate the **Data Security Posture Management (DSPM)
   ** when creating the workspace.

1. Go to Yandex Security Deck.

2. In the left-hand panel, select DSPM and go to the Regular scans tab.

3. In the top-right corner, click New scan.

4. Under Data sources, select a data source with Object Storage buckets.

   If necessary, create a new data source.

   Note

   If access to the bucket is controlled by a policy, allow access to the Security Deck IP addresses in the bucket policy settings. For a list of addresses, see Public IP address ranges.

5. Under Access to data in sources, select the service account to use for scanning. If you need a new service account, click Create a new one.

   Warning

   To run the scan, make sure the service account is assigned the dspm.worker role for all buckets you want to scan. If the buckets are encrypted, your service account also needs the kms.keys.decrypter role for the relevant Yandex Key Management Service encryption keys.

6. Under Data search categories, select the data categories to scan for, separately for text and images:

   • In text:
     • Personal data: Full names, email addresses, phone numbers, and social security numbers (SNILS).
     • Financial data: Bank card details.
     • Secrets: Cloud access keys, passwords, tokens, SSH keys, etc.
   • On images:
     • Personal data: Full names, email addresses, phone numbers, and social security numbers (SNILS).
     • Financial data: Bank card details.
     • Medical data: Data from medical documents and images.
     • Other: Data from personal documents, including military IDs, pensioner IDs, academic certificates, etc.

   You can select all the available categories at once or any combination of them.

7. Under Scan settings:

   1. Select Scan method:

      • Full: Scan all source objects of the supported types. This method ensures high accurracy of sensitive data detection.
      • Partial: Scan only the selected partial data. Accuracy of sensitive data detection is lower, which is good for processing large amounts of data.

   2. In the Start field, select the frequency for the new scan: Once, Every 7 days, Every 30 days, Every 90 days, or set your own frequency by selecting Custom number of days.

   3. In the Name of scan field, specify the name to find your new scan. Follow these naming requirements:

      • Length: between 3 and 63 characters.
      • It can only contain lowercase Latin letters, numbers, and hyphens.
      • It must start with a letter and cannot end with a hyphen.

8. Click Create scan without validation.

The new scan will appear in the scan list, ready to run.

1. Go to Yandex Security Deck.

2. In the left-hand panel, select DSPM and go to the Regular scans tab.

3. In the top-right corner, click New scan.

4. Under Data sources, select the data source with Yandex 360 resources.

   If necessary, create a new data source.

5. Under Data search categories, select the data categories to scan for, separately for text and images:

   • In text:
     • Personal data: Full names, email addresses, phone numbers, and social security numbers (SNILS).
     • Financial data: Bank card details.
     • Secrets: Cloud access keys, passwords, tokens, SSH keys, etc.
   • On images:
     • Personal data: Full names, email addresses, phone numbers, and social security numbers (SNILS).
     • Financial data: Bank card details.
     • Medical data: Data from medical documents and images.
     • Other: Data from personal documents, including military IDs, pensioner IDs, academic certificates, etc.

   You can select all the available categories at once or any combination of them.

6. Under Scan settings:

   1. Select Scan method:

      • Full: Scan all source objects of the supported types. This method ensures high accurracy of sensitive data detection.
      • Partial: Scan only the selected partial data. Accuracy of sensitive data detection is lower, which is good for processing large amounts of data.

   2. In the Start field, select the frequency for the new scan: Once, Every 7 days, Every 30 days, Every 90 days, or set your own frequency by selecting Custom number of days.

   3. In the Name of scan field, specify the name to find your new scan. Follow these naming requirements:

      • Length: between 3 and 63 characters.
      • It can only contain lowercase Latin letters, numbers, and hyphens.
      • It must start with a letter and cannot end with a hyphen.

7. Click Create scan without validation.

The new scan will appear in the scan list, ready to run.