[Yandex Cloud documentation](../../../index.md) > [Yandex Security Deck](../../index.md) > [Step-by-step guides](../index.md) > [Data Security Posture Management (DSPM)](index.md) > Creating a scan

# Creating a DSPM scan

{% note info %}

This feature is at the [Preview](../../../overview/concepts/launch-stages.md) stage.

{% endnote %}

[Data Security Posture Management](../../concepts/dspm.md) (DSPM) scans [data sources](../../concepts/dspm.md#data-source) – Yandex Object Storage [buckets](../../../storage/concepts/bucket.md) and Yandex 360 [Yandex Disks](https://yandex.com/support/yandex-360/business/disk/web/en/index.html) – to locate sensitive information in storage.

## Getting started {#before-begin}

Before you start using the DSPM module, set up your [workspace](../../concepts/workspace.md) and specify the default folder to store [Data Security Posture Management](../../concepts/dspm.md) (DSPM) data:

{% list tabs group=instructions %}

- Security Deck UI {#console}

  1. Go to [Yandex Security Deck](https://center.yandex.cloud/security/).
  1. In the left-hand panel, select ![database-magnifier](../../../_assets/console-icons/database-magnifier.svg) **DSPM**.
  1. If the Security Deck settings window opens, this means the DSPM data storage folder has not been configured. Under **Choose your default folder**, select a folder to store the module data by default and click **Save** at the bottom of the page.
  1. If the **DSPM** UI opens, this means the module's data storage folder has already been configured, so you can continue working.

      You can change the **DSPM** data storage folder path. To do this, navigate to the **Settings** tab. Under **Default storage**, select another folder.
  1. Activate DSPM in the current workspace. To do this, click ![wrench](../../../_assets/console-icons/wrench.svg) **Configure DSPM** at the top right.

      In the window that opens, navigate to the **Control modules** tab. Under **Control modules**, select the **Data Security Posture Management (DSPM)
** module and click **Save**.
  
      If you have no workspaces yet, [create](../workspaces/create.md) one and activate the **Data Security Posture Management (DSPM)
** when creating the workspace.

{% endlist %}

## Creating a scan for Object Storage {#object-storage}

{% list tabs group=instructions %}

- Security Deck UI {#console}

  1. Go to [Yandex Security Deck](https://center.yandex.cloud/security/).
  1. In the left-hand panel, select ![Database-Magnifier](../../../_assets/console-icons/database-magnifier.svg) **DSPM** and go to the **Regular scans** tab.
  1. In the top-right corner, click **New scan**.
  1. Under **Data sources**, select a data source with [Object Storage](../../../storage/index.md) buckets.

      If necessary, [create](create-data-source.md) a new data source.
      
      {% note info %}

      If access to the bucket is controlled by a [policy](../../../storage/security/policy.md#conditional-writes-policy), allow access to Security Deck IP addresses in the bucket policy settings. For a list of addresses, see [Public IP address ranges](../../../overview/concepts/public-ips.md#security-deck-ips).

      {% endnote %}

  1. Under **Access to data in sources**, select the [service account](../../../iam/concepts/users/service-accounts.md) to use for scanning. If you need a new service account, click **Create a new one**.

      {% note warning %}
      
      To run the scan, make sure the service account is [assigned](../../../iam/operations/sa/assign-role-for-sa.md) the `dspm.worker` [role](../../security/dspm-roles.md#dspm-worker) for all buckets you want to scan. If the buckets are [encrypted](../../../storage/concepts/encryption.md), your service account also needs the `kms.keys.decrypter` [role](../../../kms/security/index.md#kms-keys-decrypter) for the relevant Yandex Key Management Service [encryption keys](../../../kms/concepts/key.md).
      
      {% endnote %}

  1. Under **Data search categories**, select the [data categories](../../concepts/dspm.md#data-source) to scan for, separately for text and images:

      * **In text**:
        * `Personal data`: Full names, email addresses, phone numbers, and social security numbers (SNILS).
        * `Financial data`: Bank card details.
        * `Secrets`: Cloud access keys, passwords, tokens, SSH keys, etc.
      * **On images**:
        * `Personal data`: Full names, email addresses, phone numbers, and social security numbers (SNILS).
        * `Financial data`: Bank card details.
        * `Medical data`: Data from medical documents and images.
        * `Other`: Data from personal documents, including military IDs, pensioner IDs, academic certificates, etc.

      You can select all the available categories at once or any combination of them.

  1. Under **Scan settings**:
     
     1. Select **Scan method**:
        * **Full**: Scan all source objects of the supported types. This method ensures high accurracy of sensitive data detection.
        * **Partial**: Scan only the selected partial data. Accuracy of sensitive data detection is lower, which is good for processing large amounts of data.
     
     1. In the **Start** field, select the frequency for the new scan: `Once`, `Every 7 days`, `Every 30 days`, `Every 90 days`, or set your own frequency by selecting `Custom number of days`.
     1. In the **Name of scan** field, specify the name to find your new scan. Follow these naming requirements:
     
         * Length: between 3 and 63 characters.
         * It can only contain lowercase Latin letters, numbers, and hyphens.
         * It must start with a letter and cannot end with a hyphen.
  1. Click **Create scan without validation**.

  The new scan will appear in the scan list, ready to run.

{% endlist %}


## Creating a scan for Yandex 360 {#yandex-360}

{% list tabs group=instructions %}

- Security Deck UI {#console}

  1. Go to [Yandex Security Deck](https://center.yandex.cloud/security/).
  1. In the left-hand panel, select ![Database-Magnifier](../../../_assets/console-icons/database-magnifier.svg) **DSPM** and go to the **Regular scans** tab.
  1. In the top-right corner, click **New scan**.
  1. Under **Data sources**, select the data source with [Yandex 360](https://yandex.com/support/yandex-360/business/admin/en/) resources.

      If necessary, [create](create-data-source.md) a new data source.

  1. Under **Data search categories**, select the [data categories](../../concepts/dspm.md#data-source) to scan for, separately for text and images:

      * **In text**:
        * `Personal data`: Full names, email addresses, phone numbers, and social security numbers (SNILS).
        * `Financial data`: Bank card details.
        * `Secrets`: Cloud access keys, passwords, tokens, SSH keys, etc.
      * **On images**:
        * `Personal data`: Full names, email addresses, phone numbers, and social security numbers (SNILS).
        * `Financial data`: Bank card details.
        * `Medical data`: Data from medical documents and images.
        * `Other`: Data from personal documents, including military IDs, pensioner IDs, academic certificates, etc.

      You can select all the available categories at once or any combination of them.

  1. Under **Scan settings**:
     
     1. Select **Scan method**:
        * **Full**: Scan all source objects of the supported types. This method ensures high accurracy of sensitive data detection.
        * **Partial**: Scan only the selected partial data. Accuracy of sensitive data detection is lower, which is good for processing large amounts of data.
     
     1. In the **Start** field, select the frequency for the new scan: `Once`, `Every 7 days`, `Every 30 days`, `Every 90 days`, or set your own frequency by selecting `Custom number of days`.
     1. In the **Name of scan** field, specify the name to find your new scan. Follow these naming requirements:
     
         * Length: between 3 and 63 characters.
         * It can only contain lowercase Latin letters, numbers, and hyphens.
         * It must start with a letter and cannot end with a hyphen.
  1. Click **Create scan without validation**.

  The new scan will appear in the scan list, ready to run.

{% endlist %}


#### Useful links {#see-also}

* [Creating a DSPM data source](create-data-source.md)
* [Data Security Posture Management (DSPM)](../../concepts/dspm.md)
* [Common Yandex Security Deck roles](../../security/index.md)