While we realize that Rapid7 Agents will fall off after 30 days of inactivity, we were wondering if there was a way to expedite that process by manually removing them and their data from the console itself. We commonly run into situations where a machine is unrecoverable, thus the vulnerability data is no longer relevant and creates inaccuracies in reports and dashboards.
Does anyone have any ideas on how to do this? I was unable to find anything in the official documentation.
Thank you.
You can delete the assets individually from their respective asset pages, or delete in bulk from within the âRapid7 Insight Agentsâ site or a dynamic asset group (using that site along with any other filtering criteria). If the agents are truly inactive, they wonât repopulate and show up in reports, dashboards, etc.
Of course, if they are active and internet-connected, theyâll repopulate next time the console synchronizes, but I donât think thatâs the scenario youâre describing here. I hope that helps!
In the InsightVM Console, under Maintenance -> Data Retention, thereâs an option to âRetain only active agent within the past X days/months/yearsâ I use it for either 7 or 14 days on most consoles Iâve built. If you have agents on laptops that may be off for long periods of time, they may drop out of reporting until the laptop is turned back on though, so keep that in mind.
Restful api script to bulk delete the asset group using the asset id. @daniel_cruzan @justin_prince @peter_david
Was this a question or a suggestion?
Question ? Is there any possibility to perform the action using restful API
Like @peter_david mentioned, the retention settings are most likely the easiest way to manage this.
However with some crafty loops you can use the API to bulk delete assets.