There are two main asset statuses in Cisco Vulnerability Management which are used to filter assets in the Vulnerability Management Explore page: Active and Inactive. By default, only Active assets are shown in the UI and returned using the API.
Asset Expiry
Assets will automatically go inactive/expire at the end of the inactivity limit setting. Inactive assets will remain in Cisco Vulnerability Management until the end of the Asset Purge Period Setting.
It is important that the Cisco Vulnerability Management Asset Inactivity Limit Setting is configured so that decommissioned assets change to inactive in Cisco Vulnerability Management after the scanner has not reported them for a period of time.
How Automatic Asset Expiration Works
Using the Asset Setting, a nightly job is run on the Cisco Vulnerability Management platform that will automatically change assets to inactive if they have not been seen in a time period equal to the asset setting. Assets will also automatically change back to Active if the scanner sees them again.
Using the automated processing ensures that assets are added to, and removed from, Cisco Security Risk Scores and reporting in accordance with the Asset Setting rule you have configured.
Manual status changes
There might be cases where assets need to be removed from the automated processing. For example:
- A Reliable Decommissioning process feeds assets to Cisco Vulnerability Management administrators which allows assets to be removed sooner than the Asset Settings.
- Asset types are pulled into Cisco Vulnerability Management that are not going to be managed using Cisco Vulnerability Management, such as phone systems, and cameras.
- Development assets are scanned less frequently and would be inappropriately changed to inactive based on the Asset Setting. For example, the Asset Setting is 30 days but lab assets are scanned quarterly.
Asset Status can be manually adjusted using the UI, however assets that have been manually adjusted will no longer be processed in the nightly asset activity processing using the Asset Setting.
Change the status of an Asset
You must have the correct permissions to change the status of an asset.
1. On the Vulnerability Management Explore page, select the checkbox beside the asset that you want to change the status for.
2. Click Set Status.
3. Change the status of the asset. After you change the status, the asset will be on Status Override and the asset status will not change unless it is manually updated again.
View the status of an asset
To view the status of an asset, hover over the icon in the Status column.
Asset Status Summary
There are four possible status settings in Cisco Vulnerability Management:
For reporting and filter options, assets are considered either Active or Inactive.
For asset expiry considerations, assets that are manually set will not be included in any automated processing.
To restore assets to the default status use the Remove Override button under Set Status.
Finding Manually Overridden Assets
To find which assets have had their status manually set, under Asset Filters, use the Status Set Manually filter.
Comments
Please sign in to leave a comment.