There are 2 main asset statuses in Cisco Vulnerability Management which are used to filter assets in the Explore UI: Active and Inactive. By default, only Active assets are shown in the UI and returned via the API.
Asset Expiry
Assets will automatically go inactive/expire at the end of the inactivity limit setting. Inactive assets will remain in Cisco Vulnerability Management until the end of the Asset Purge Period Setting.
It is important that the Cisco Vulnerability Management Asset Inactivity Limit Setting is configured so that decommissioned assets flip to inactive on the Cisco Vulnerability Management platform after they have not been reported by the scanner for a period of time.
How Automatic Asset Expiration Works
Using the Asset Setting, a nightly job is run on the Cisco Vulnerability Management platform that will automatically flip assets to inactive if they have not been seen in a time period equal to the asset setting. Asset will also automatically flip back to Active if they are again seen by the scanner.
Using the automated processing ensures that are added to, and removed from, risk scores and reporting in accordance with the Asset Setting rule you have configured.
Manual status changes
There may be cases where assets need to be removed from the automated processing. Examples:
- Reliable Decommissioning process feeds assets to Cisco Vulnerability Management admins allowing assets to be removed sooner than the Asset Settings
- Asset types are pulled into Cisco Vulnerability Management that are not going to be managed via the Cisco Vulnerability Management platform - phone systems, camera etc
- Development assets are scanned less frequently and would be inappropriately flipped to inactive based on the Asset Setting - Asset Setting is 30 days but lab assets are scanned quarterly.
Asset Status may be manually adjusted via the UI however, assets that have been manually adjusted will NO LONGER be processed in the nightly asset activity processing using the Asset Setting.
Individuals with the necessary privileges can change Asset Status by first selecting the asset(s) using the check boxes to the left of the asset which will reveal the Set Status option:
To set a static status choose Active or Inactive. Once selected the assets will be on Status Override and the asset status will NOT change unless it is again manually updated.
The icon at the left next to the checkbox will reveal the asset status and source:
You can hover for a pop up describing the status.
Asset Status Summary
There are a total of 4 possible status settings in Cisco Vulnerability Management:
For reporting and filter options assets are considered either Active or Inactive.
For asset expiry considerations assets manually set will NOT be included in any automated processing.
To restore assets to the default status use the Remove Override button under Set Status.
Finding Manually Overridden Assets
Not sure which assets have had their status manually set? Use the filter under Asset Filters: Status Set Manually = "Yes".
Comments
Please sign in to leave a comment.