Managing exceptions from Threat Detector (TD) security rules
The Threat Detector module's security control rules are used in the Security Deck workspaces. If you have no workspaces yet, create one.
Exceptions to the Threat Detector module's security control rules allow you to flexibly configure when and for which objects the results of a rule check should be ignored.
Viewing a list of exceptions
To view the list of exceptions from the Threat Detector module's security control rules applicable to the workspace:
-
Go to Yandex Security Deck.
-
In the left-hand panel, select Rules and exceptions.
-
At the top of the window, select the workspace for which you want to view the info on control rule exceptions.
-
On the Security control rules page that opens, go to the Exceptions tab.
The list of exceptions for the Threat Detector module rules is provided under Threat Detector and contains the following fields:
-
Exception reason: User-specified exception reason when creating the exception.
-
Exception type: Action which the exception will trigger:
Resource scanned: If the conditions specified in the exception are met, the resource will generate rule compliance signals.Do not scan resource: If the conditions specified in the exception are met, the resource will not generate rule compliance signals for the resources in question.
-
Rules: Number of rules for which compliance checking is excluded. To view a detailed list of excluded rules, click the line with the exception.
-
Created: Information about the user who created the exception, as well as the date and time of creation.
-
Creating an exception
To create a new exception for the Threat Detector module's security control rules:
-
Go to Yandex Security Deck.
-
In the left-hand panel, select Rules and exceptions.
-
At the top of the window, select the workspace in which you want to create an exception from the control rules.
-
On the Security control rules page that opens, go to the Exceptions tab.
-
In the top-right corner, click Create exception and select
Threat Detector. In the window that opens:-
Under Excepted rules, select the Threat Detector module rules for which the selected resources should not be checked:
-
All rules: To exclude the selected resources from the check for compliance with all the Threat Detector module rules. -
Selected rules: To exclude the selected resources from the check for compliance with a given set of rules. To select rules whose compliance checks will be disabled based on the exception you are creating:- Click Select rules.
- In the window that opens, select the rules you want to exclude from compliance checks. If required, use the filter or search at the top of the window.
- Click Save selection.
-
-
Under Scope of control, specify the resources you want to exclude when checking the Threat Detector module rules:
-
All resources: To exclude all resources controlled in the workspace. -
Resources selected: To exclude only some resources. To select resources excluded from the check:- Click Select resources.
- In the window that opens, select the resources to exclude from the rule and click Apply.
-
-
Under Reason for exclusion, give in any format the reason why you are creating an exception.
-
Click Create exception.
-
After the next infrastructure check is completed, the new exception will be displayed on the Security control rules page, on the Exceptions tab, under Threat Detector. The frequency of checks is 8 hours.
Deleting an exception
To delete an exception for the Threat Detector module's security control rules:
- Go to Yandex Security Deck.
- In the left-hand panel, select Rules and exceptions.
- At the top of the window, select the workspace in which you want to delete an exception from the control rules.
- On the Security control rules page that opens, go to the Exceptions tab.
- Under Threat Detector, in the row with the exception you want to delete, click and select Delete.
This exception will be deleted from the environment, and the limitations it placed on rule compliance checks will be canceled after the next infrastructure scan is completed. The frequency of checks is 8 hours.