I set up a dynamic asset group to capture assets that haven’t been scanned in over 10 days. This is to identify which assets are stale and can be deleted from the console.
I was trying to write a python script to delete the assets from that dynamic group automatically without me having to log in to the console each time.
Is there anyway to use the API to delete the assets? The docs say it only works on static groups.
Or is there some other automatic way at all? Without even having to use the API?
Why don’t you just set the data retention policy in the UI?
wouldn’t this get rid of data even for active assets? My goal is to just get rid of assets that haven’t been scanned in X days.
It was originally set up like you are doing, but I changed it to this method over a year and it is working the same for me. I still have historical data for assets that are regularly scanned.
https://docs.rapid7.com/insightvm/database-backuprestore-and-data-retention/
Configuring a retention setting for asset data ensures that any asset that was not scanned within the specified time frame will be purged. However, note that asset data retention settings do not affect historical scan data. Assets removed as a result of asset data retention settings will still remain in trending data sets if they were present in earlier scans.
hmm, so if my asset retention is set for 3 year, then assets not scanned within those 3 years will be deleted? If that’s correct, then that partly works for what I need.
I actually didn’t specify that I have a certain dynamic group of assets (different from all others) that I need to delete sooner than whatever the retention period is set to. Lets says 1 month for example. In this situation, there is no appropriate solution, right? Other than manually deleting them.
If you have ICON, that could be a Workflow. Otherwise have you script first pull a list of assets from those groups, then loop through each one and call the asset delete endpoint. If run daily on your schedules, it shouldn’t find much outside the first call because it would just be one off maintenance moving forward
