Contact UsGet started
© 2025 Direct Cursus Technology L.L.C.

Managing exceptions to the KSPM module's security control rules

Written by
Updated at November 25, 2025

Note

Kubernetes® Security Posture Management (KSPM) is at the Preview stage and provided upon request. Also, it requires access to Security Deck workspaces.

To get access, contact support or your account manager.

If you want to use an AI assistant to work with alerts, request access to it as well.

Viewing the list of exceptions from the rules

To view the list of exceptions from the Kubernetes security control rules applicable to the workspace:

  1. Go to Yandex Security Deck.

  2. In the left-hand panel, select Control rules.

  3. At the top of the window, click More and select the workspace for which you want to view the info on control rule exceptions. Use search, if required.

  4. On the Security control rules page that opens, go to the Exceptions tab.

    The list of exceptions for the Kubernetes rules is provided under KSPM and contains the following fields:

    • Exception: Reason for exception.
    • Status: Active or inactive.
    • Rules: List of rules for which compliance check has been excluded.
    • Author: User who created the exception.
    • Date of creation: Date and time the exception was created.

Creating an exception

To create a new exception for the Kubernetes control rules:

  1. Go to Yandex Security Deck.
  2. In the left-hand panel, select Control rules.
  3. At the top of the window, click More and select the workspace in which you want to create an exception to the control rules. Use search, if required.
  4. On the Security control rules page that opens, go to the Exceptions tab.
  5. In the top-right corner, click Create exception and select KSPM. In the window that opens, do the following:

    1. Under Scope of control, specify the resources you want to exclude when checking the Kubernetes control rules:

      • All resources: To exclude all resources controlled in the workspace.

      • Selected resources: To exclude only some resources. To select resources to exclude from the check:

        • Click Select resources.
        • In the window that opens, select the resources to exclude from the rule and click Apply.

    2. Under Excepted rules, select the Kubernetes control rules the selected resources should not be checked against:

      • All rules: To exclude the selected resources from the check for compliance with all the Kubernetes control rules.

      • Selected rules: To exclude the selected resources from the check for compliance with a given set of rules. To select rules whose compliance checks will be disabled based on the exception you are creating:

        • Click Select rules.
        • In the window that opens, select the rules you want to exclude from compliance checks. If required, use the filter or search at the top of the window.
        • Click Save selection.

    3. Under Reason for exclusion, give in any format the reason why you are creating an exception.

    4. Select Activate exception.

    5. Click Create exception.

The new exception will now be displayed under KSPM on the Exceptions tab of the Security control rules page.

Deleting an exception

To delete an exception for the Kubernetes control rules:

  1. Go to Yandex Security Deck.
  2. In the left-hand panel, select Control rules.
  3. At the top of the window, click More and select the workspace in which you want to delete an exception from the control rules. Use search, if required.
  4. On the Security control rules page that opens, go to the Exceptions tab.
  5. Under Configuration control, in the row with the exception you want to delete, click and select Delete.

This will remove the exception from the workspace and cancel the restrictions it imposed on rule checks.

Previous
Viewing control rules
Next
Overview