Working with a list of exceptions
Note
This feature is in the Preview stage. To get access, contact tech support or your account manager.
This section describes how to view a list of exceptions, apply filters, and manage exception deployment.
Getting started
The Yandex SIEM section will appear in the Cloud Center interface as a Security Deck module after the access request is approved.
You need the ycem.editor role to use the service.
Viewing a list of exceptions
To view a list of exceptions:
- Go to Security Deck.
- In the left-hand panel, select Yandex SIEM.
- Navigate to Exceptions.
You will see a list of all available exceptions and their statuses.
Filtering exceptions
To filter exceptions based on specific criteria:
- Go to Security Deck.
- In the left-hand panel, select Yandex SIEM.
- Navigate to Exceptions.
- Use filters above the list:
- Status: Filter exceptions by status: Healthy, Unhealthy, or Inactive.
- Attached rule: Filter by the correlation rule attached to the exception.
The list will refresh to show only exceptions that match the selected criteria.
Staging an exception for deployment
To apply changes to an exception, stage it for deployment:
- Go to Security Deck.
- In the left-hand panel, select Yandex SIEM.
- Navigate to Exceptions.
- In the exception row, click and select Mark for deployment.
The exception deployment status will switch to Will be deployed. Once deployment is complete, the status will change to Deployed.
Canceling exception deployment
To cancel a scheduled exception deployment:
- Go to Security Deck.
- In the left-hand panel, select Yandex SIEM.
- Navigate to Exceptions.
- In the exception row, click and select Do not deploy.
The exception deployment status will switch back to Changed.