The Asset Purge Period setting ( > Asset Settings) will purge inactive assets from your environment after they have been inactive in Cisco Vulnerability Management for a configured number of days. Administrators can configure the Asset Purge Period setting from the Settings menu for production instances only. The default retention period for legacy production instances is 180 days and for newly created instances (after July 1, 2021) and test instances it is 30 days. For test instances the setting is not configurable.
This setting means that inactive assets (usually decommissioned assets) will not stay in Cisco Vulnerability Management indefinitely. Once set, assets will be purged after the inactivity limit combined with the asset purge period and is based on last_seen_date.
Asset Inactivity Setting (60) + Asset Purge Setting (30)
= inactive assets will be purged 90 days after the asset's last_seen_date.
Important Caveats for Asset Inactivity and Purge Period
- The purge period for existing customers before July 1, 2021 is set to 180 days and for new customers, 30 days. This setting is configurable.
- The purge period for test instances is set to 30 days and is not configurable.
- Purging assets will be permanent and will also purge all vulnerabilities associated with the assets.
- Risk Meter scores and reports might change if those risk meters specifically included inactive assets.
- For assets manually set to inactive, the purge date will still be based on last_seen_date plus the inactivity limit.
- If you do not have an asset inactivity limit set, Cisco Vulnerability Management will not purge any active assets and your licensed asset count might be higher than necessary. For more information, refer to the Setting Asset Inactivity Limits information.
- Customers pay based on all active assets that the connector reports and ingests into Cisco Vulnerability Management regardless of whether they have any vulnerabilities on them.
- To understand how to see your total licensed asset count, refer to the information here.
-
When using connector-level inactivity limits and global inactivity limits:
- If you have one connector-level inactivity limit, Cisco Vulnerability Management will use the connector setting over any global setting to inactivate assets that the connector reported.
- If you have multiple connectors with connector-level inactivity limits reporting on the same asset, Cisco Vulnerability Management applies the longest connector-level inactivity limit to the asset over all other settings.
- If locators are reused after an asset is decommissioned (for example, an IP is assigned to a new asset), the new asset will start fresh and not have closed vulnerabilities from the previous incarnation of the asset.
- Assets that are outside of the set inactivity and purge periods will not be imported during connector runs. See the following example:
How to Change the Asset Purge Setting
- From the Settings menu (), click Asset Settings.
- Select an option.
- Click Save.
Example Effects of Asset Inactivity + Asset Purge Settings
Let's assume there is a connector run starting on September 30th. There is an asset that the connector last saw on June 1st. Since the Asset Inactivity limit is set to 30 days in Cisco Vulnerability Management, if the asset were imported, it would automatically be set to inactive in Cisco Vulnerability Management as it would have hit its inactivity limit on July 1st (June 1 + 30d).
Now let’s consider the Asset Purge setting which is set at 90 days. The connector asks, is the asset last_seen far enough in the past that it would meet the Asset Purge criteria? If so, then the asset will not be imported into Cisco Vulnerability Management. In this case the asset would have gone inactive on July 1st, and would have been eligible for purge on September 29th, therefore the asset will not be imported into Cisco Vulnerability Management.
Comments
Please sign in to leave a comment.