Contact UsTry it for free
© 2026 Direct Cursus Technology L.L.C.

Managing DSPM data analysis

Written by
Updated at May 15, 2026

Note

The data analysis feature is currently in Preview and provided free of charge.

Upon General Availability, data analysis will be billed independently of data source scans.

Data analysis is the first stage of DSPM Data management. It is intended to automatically detect, identify, and catalog resources that may contain sensitive data within a selected environment.

You can save the data analysis results to a local file or to a Yandex Object Storage bucket.

Getting started

Before you start using the DSPM module, set up your workspace and specify the default folder to store Data Security Posture Management (DSPM) data:

  1. Go to Yandex Security Deck.

  2. In the left-hand panel, select DSPM.

  3. If the Security Deck settings window opens, this means the DSPM data storage folder has not been configured. Under Choose your default folder, select a folder to store the module data by default and click Save at the bottom of the page.

  4. If the DSPM UI opens, this means the module's data storage folder has already been configured, so you can continue working.

    You can change the DSPM data storage folder path. To do this, navigate to the Settings tab. Under Default storage, select another folder.

  5. Activate DSPM in the current workspace. To do this, click Configure DSPM at the top right.

    In the window that opens, navigate to the Security compliance tab. Under Control modules, select the **Data Security Posture Management (DSPM)
    ** module and click Save.

    If you have no workspaces yet, create one and activate the **Data Security Posture Management (DSPM)
    ** when creating the workspace.

Viewing analysis results

The summary for preliminary analysis of resources in the environment is available in the Data analytics section of the DSPM module. To see it, do the following:

  1. Go to Yandex Security Deck.

  2. In the left-hand panel, select DSPM and go to the Data analytics tab.

    The page displays information about the number and total size of files found in the environment's resources that may potentially contain sensitive data:

    • A list of clouds, folders, and buckets that host objects potentially containing sensitive information.

      The number of files found and their total size are indicated for each cloud, folder, and bucket.

    • Infographics showing the number of files found by type and their size as a percentage.

      Click More details to expand the diagram and show more detailed information.

  3. If required, use filters to get specific information about resources and the types of files found in them:

    • Optionally, under Resource, select the resources you want analyzed.

      If needed, use the Search by resource name filter to view resources by cloud, folder, or bucket name.

    • Optionally, under Buckets, select Public for the analysis to only display information about objects located in buckets with public access.

    • Optionally, under Formats, select the MIME types of files you want analyzed:

      • Scannable: Files of all supported MIME types.
      • Office documents: Text files of MIME types such as Text files, text/plain, etc.
      • Office documents: Document, table, and presentation files of MIME types such as application/msword, application/vnd.ms-excel, etc.
      • PDF documents: Document files of MIME type application/pdf.
      • Images: Image files of MIME types such as image/bmp, image/gif, etc.
      • Email and messages: Message files of MIME type message/rfc822.
      • Specialized formats: Files in specialized formats such as application/x-x509-cert; format=pem, etc.

    To reset the applied filters, click Reset.

Saving analysis results

To save a summary for preliminary analysis of environment resources to a file or bucket:

  1. Go to Yandex Security Deck.

  2. In the left-hand panel, select DSPM and go to the Data analytics tab.

  3. Click Export and select:

    • Download results by file to save the analysis results to a local file.

      In the window that opens, click Download.

      Note

      You can save no more than 10,000 log lines to a local file. To export a larger number of lines, export the analysis results to a bucket.

    • Export results to bucket to save the analysis results to an Object Storage bucket. In the window that opens:

      • In the Bucket field, select the bucket to save the results to.

      • In the Path to bucket field, set the prefix of the object to save the results to.

      • In the File name field, specify the name of the file to save the results to. The file will automatically get the .csv extension.

      • In the Service account field, select the service account on whose behalf export will be done. You must have the right to use the selected service account, i.e., the iam.serviceAccounts.user role or higher, and the service account must have the following roles:

      • Click Export to export the analysis results to the bucket.

        If the selected service account does not have enough permissions for the operation, the information about this will be displayed on the Parameter validation tab.

        Expand the section with information about missing roles, select the service account, and click Assign roles to grant the lacking permissions to this service account. Then click Export again.

See also

Previous
Creating a scan
Next
Managing scan results