Automatically Inactivating Assets
Asset persist in Kenna even after we are no longer receiving new vulnerability information about those assets from your scanner. To remove decommissioned assets risk scoring and fix information, they must be set to "inactive" in Kenna. Inactive assets are removed from Risk Meter scoring, will not appear in any default reporting, and will not appear in any fix asset lists.
In order to automatically have assets set to inactive select Asset Settings from main menu.
Kenna will use the scanner data to determine when an asset was last seen. After an asset has exceeded the inactivity limit that you choose in Asset Settings, Kenna will automatically set the asset to inactive. If you scan weekly, a 30 day inactivity limit may be appropriate. If you scan quarterly, the limit would need to be set higher.
If an asset appears in scan data after it has been set to inactive, Kenna will set the Asset back to active and it will reappear in all other areas of Kenna reporting and processing. Using this feature will help ensure that the risk picture portrayed by your Risk Meters is accurate and up-to-date.
Manually Inactivating Assets
If you choose not to use the automatic Asset Setting feature, you can still find inactive assets in the environment and set them to inactive manually.
- Perform a text search of asset_last_seen:<now-90d to find all assets that have not been seen in the last 90 days
- Select the checkbox in the far upper-left of the Assets table
- Click the "Apply to all assets matching this criteria?" link to allow for bulk operations on all results
- Click the "Inactive" button to the upper-right of the Assets table
This will bulk-deactivate all assets matching the above "last seen" query.