Contact UsGet started
© 2025 Direct Cursus Technology L.L.C.

Updating a Security Deck workspace and its components

Written by
Updated at November 10, 2025

Note

This feature is in the Preview stage. To get access, contact tech support or your account manager.

Updating a Yandex Security Deck workspace

To update a Security Deck workspace:

  1. Go to Yandex Security Deck.

  2. In the left-hand panel, select Security Deck parameters and go to the Workspaces tab.

  3. In the list that opens, click the required workspace to update its settings.

    Tip

    To quickly find the workspace of interest, use the filter.

  4. Optionally, navigate to the Основные параметры tab and update the basic workspace settings:

    1. Under Workspace name, update the workspace name and description.

    2. Under Alert sink, select the alert sink to receive all alerts generated in the workspace.

      Create a new alert sink if needed. Do it by clicking Create sink. In the window that opens, enter enter a name for the sink Create.

    3. Click Save to save your changes.

  5. Optionally, click the Ресурсы tab to update the list of resources controlled by the workspace:

    1. Update the resource list. You can do this with the current connector settings, by changing the connector settings, or by replacing the connector with a different one:

      1. In the section with the connector name, click Select cloud/catalog to update the resources (clouds and folders) the workspace will control the security of. In the window that opens:

        1. Select the resources whose security you want to control in the workspace. You can only select resources that are accessible to the service account linked to the connector.
        2. Click Save selection.

      1. In the section with the connector name, click and select Edit connector. In the window that opens:

        1. Change the connector's name in the Name field.

        2. Optionally, give the connector's description in the Description field.

        3. Update the service account for access to cloud resources in the Service account field.

          In the section below, you can see which resources the selected service account has access to.

          Make sure to assign the security-deck.worker role to this service account for the resources controlled in the workspace being created.

        4. Click Save.

      2. In the connector section that appears, click Select cloud/catalog to select the resources (clouds and folders) whose security will be managed in the new workspace:

        1. Select the resources whose security you want to manage in the workspace. You can only select the resources that are accessible to the previously selected service account.
        2. Click Save selection.

      1. In the section with the connector name, click and select Delete.

      2. Click the Add resources field and select the required connector from the list that opens.

        If needed, create a new connector:

        1. Click Create connector and in the window that opens:

          1. In the Name field, enter a name for the connector.

          2. Optionally, give the connector's description in the Description field.

          3. Select the service account for access to cloud resources in the Service account field.

            In the section below, you can see which resources the selected service account has access to.

            Make sure to assign the security-deck.worker role to this service account for the resources controlled in the workspace being created.

          4. Click Create connector.

      3. In the connector section that appears, click Select cloud/catalog to select the resources (clouds and folders) whose security will be managed in the new workspace:

        1. Select the resources whose security you want to manage in the workspace. You can only select the resources that are accessible to the previously selected service account.
        2. Click Save selection.

    2. Click Save to save your changes.

  6. Optionally, navigate to the Security compliance tab to update the list of standards against which workspace-controlled resources will be checked:

    1. Under Rule sets, select the required standards:

      • Yandex Cloud basic security rules: Minimum set of security requirements ensuring basic protection of cloud infrastructure and applications deployed on the Yandex Cloud platform.
      • Yandex Cloud cloud infrastructure protection standard: Standard providing comprehensive security requirements and best practices for protection of the cloud infrastructure and applications deployed on the Yandex Cloud platform. These elements help ensure security policy compliance and protection against common threats and vulnerabilities in the cloud environment.
      • Kubernetes Pod Security Standards (Restricted): This standard contains security controls based on the Kubernetes Pod Security Standards (PSS) Restricted profile. A restricted profile is the most secure and provides the highest detection efficiency for container-based attacks. It applies strict security policies that may require modifying applications to ensure compliance. A restricted profile is recommended for security-critical applications and environments where maximum security is required.
      • Kubernetes Pod Security Standards (Baseline): This standard contains security controls based on the Kubernetes Pod Security Standards (PSS) Baseline profile. A baseline profile is designed for easy implementation and provides common best practices for container security. It prevents the most common security issues in containers while maintaining compatibility with most applications. The baseline profile is a good starting point for organizations just getting started with container security.
      • Microsoft Threat Matrix for Kubernetes: This standard contains security controls based on the Microsoft Threat Matrix for Kubernetes, which is a framework that helps security teams understand and fend off threats specific to Kubernetes environments. It provides a comprehensive approach to attack methods and defensive strategies tailored for container orchestration platforms.

      You can select several standards at the same time. The Control modules section will thus get new Security Deck modules, which will be activated in the new workspace to check your resources for compliance with the selected standards and regulations.

    2. Click Save to save your changes.

  7. Optionally, navigate to the KSPM tab to update the security control settings for Kubernetes clusters.

Note

You cannot update the folder that the workspace uses to store its resources and settings.

Editing a connector

To update a Security Deck connector:

  1. Go to Yandex Security Deck.

  2. In the left-hand panel, select Security Deck parameters and go to the Connectors tab.

    Tip

    To quickly find the connector you need, use the filter.

  3. In the list that opens, click in the row with the required connector and select Edit. In the window that opens:

    1. Change the connector's name in the Name field.

    2. Optionally, give the connector's description in the Description field.

    3. Update the service account for access to cloud resources in the Service account field.

      In the section below, you can see which resources the selected service account has access to.

      Make sure to assign the security-deck.worker role to this service account for the resources controlled in the workspace being created.

    4. Click Save.

Updating an alert sink

To update a Security Deck alert sink:

  1. Go to Yandex Security Deck.

  2. In the left-hand panel, select Security Deck parameters and go to the Alert Sinks tab.

    Tip

    To quickly find the alert sink you need, use the filter.

  3. In the list that opens, click in the row with the required connector and select Edit.

  4. In the window that opens, update the alert sink settings and click Save.

See also

Previous
Viewing the workspace dashboard and operations
Next
Configuring workspace access permissions