This setting will purge inactive assets from your environment after they have been inactive in Cisco Vulnerability Management for a configured number of days. The Asset Purge Period setting can be configured by administrators from the Settings menu for production instances only. The default retention period for legacy production instances is 180 days and for newly created instances (after July 1, 2021) and test instances it is 30 days. For test instances the setting is not configurable.
This setting means that inactive assets (usually decommissioned assets) will not stay in Cisco Vulnerability Management indefinitely. Once set, assets will be purged after the inactivity limit combined with the asset purge period and is based on last_seen_date.
Asset Inactivity Setting (60) + Asset Purge Setting (30)
= inactive assets will be purged 90 days after the asset's last_seen_date.
Important Caveats for Asset Inactivity and Purge Period:
- The purge period for existing customers before July 1, 2021 is set to 180 days and for new customers, 30 days. This setting is configurable.
- The purge period for test instances is set to 30 days and is not configurable.
- Purging assets will be permanent and will also purge all vulnerabilities associated with the assets.
- Risk Meter scores and reports may change if those risk meters specifically included inactive assets.
- For assets manually set to inactive, the purge date will still be based on last_seen_date plus the inactivity limit.
- If you do not have an asset inactivity limit set, we will not purge any active assets and your licensed asset count may be higher than necessary. Read more about Setting Asset Inactivity Limits.
- Customers pay based on all active assets reported by connector and ingested into Cisco Vulnerability Management regardless of whether they have any vulnerabilities on them.
- To understand how to see your total licensed asset count, please read this article.
When using connector-level inactivity limits and global inactivity limits:
- If you have ONE connector-level inactivity limit, we will use the connector setting over any global setting to inactivate assets reported by that connector.
- If you have MULTIPLE connectors with connector-level inactivity limits reporting on the same asset, we will apply the longest connector-level inactivity limit to the asset over all other settings.
- If locators are reused after an asset is decommissioned (ex. an IP is assigned to a new asset), the new asset will start fresh and not have closed vulns from the previous incarnation of the asset.
- Assets which are outside of the set inactivity and purge periods will not be imported during connector runs. See Example Below.
How to Change the Asset Purge Setting & Example
To update your Asset Purge Setting, navigate to the settings menu and select "Asset Settings." There you will find options of 30, 90, 180 days and the ability to set a custom period.
Example Effects of Asset Inactivity + Asset Purge Settings
Let's assume we have a connector run kicking off September 30th. There is an asset that was last seen by the connector on June 1st. Since the Asset Inactivity limit is set to 30 days in Cisco Vulnerability Management, if the asset were imported, it would automatically be set to inactive in Cisco Vulnerability Management as it would have hit its inactivity limit on July 1st (June 1 + 30d).
Now let’s consider the Asset Purge setting which is set at 90 days. The connector asks, is the asset last_seen far enough in the past that it would meet the Asset Purge criteria? If so, then the asset will NOT be imported into Cisco Vulnerability Management. In this case the asset would have gone inactive on July 1st, and would have been eligible for Purge on September 29th therefore the asset will NOT be imported into Cisco Vulnerability Management.