Contact UsTry it for free
© 2026 Direct Cursus Technology L.L.C.

Managing exceptions

Written by
Updated at April 27, 2026

Note

This feature is in the Preview stage. To get access, contact tech support or your account manager.

This section describes how to create exceptions, manage their settings, and perform basic operations with them.

Getting started

The Yandex SIEM section will appear in the Cloud Center interface as a Security Deck module after the access request is approved.

You need the ycem.editor role to use the service.

Creating an exception from a correlation rule

To create an exception from a correlation rule:

  1. Go to Security Deck.
  2. In the left-hand panel, select Yandex SIEM.
  3. Navigate to Correlation rules.
  4. In the rule's row, click and select Create exception.
  5. Under Conditions, add one or more key = value pairs for events that should not trigger the rule.
  6. Under Parameters, fill in the required Name field, and, optionally, the Description field.
  7. Click Save.

The associated rule will be filled in automatically.

Creating an exception from the exceptions section

To create an exception from the exceptions section:

  1. Go to Security Deck.
  2. In the left-hand panel, select Yandex SIEM.
  3. Navigate to Exceptions.
  4. Click New exception.
  5. From the list that opens, select the correlation rule you are creating the exception for.
  6. Under Conditions, add one or more key = value pairs for events that should not trigger the rule.
  7. Under Parameters, fill in the required Name field, and, optionally, the Description field.
  8. Click Save.

Editing an exception

To edit exception settings:

  1. Go to Security Deck.
  2. In the left-hand panel, select Yandex SIEM.
  3. Navigate to Exceptions.
  4. In the exception row, click and select Edit.
  5. Edit the fields as needed.
  6. Click Save.

Disabling an exception

To disable an exception:

  1. Go to Security Deck.
  2. In the left-hand panel, select Yandex SIEM.
  3. Navigate to Exceptions.
  4. In the exception row, click and select Disable.

A disabled exception changes its status to Inactive and will no longer apply when processing events.

Resetting changes

To reset the changes you made to the exception to the last deployed version:

  1. Go to Security Deck.
  2. In the left-hand panel, select Yandex SIEM.
  3. Navigate to Exceptions.
  4. In the exception row, click and select Reset changes.

All unsaved changed will be canceled. The exception will reset to the last deployed configuration.

Deleting an exception

To delete an exception:

  1. Go to Security Deck.
  2. In the left-hand panel, select Yandex SIEM.
  3. Navigate to Exceptions.
  4. In the exception row, click and select Delete.
  5. Confirm the deletion.

Warning

Exception deletion is irreversible. All exception settings will be cleared.

See also

Previous
Overview
Next
Working with a list of exceptions