While we realize that Rapid7 Agents will fall off after 30 days of inactivity, we were wondering if there was a way to expedite that process by manually removing them and their data from the console itself. We commonly run into situations where a machine is unrecoverable, thus the vulnerability data is no longer relevant and creates inaccuracies in reports and dashboards.
Does anyone have any ideas on how to do this? I was unable to find anything in the official documentation.
You can delete the assets individually from their respective asset pages, or delete in bulk from within the âRapid7 Insight Agentsâ site or a dynamic asset group (using that site along with any other filtering criteria). If the agents are truly inactive, they wonât repopulate and show up in reports, dashboards, etc.
Of course, if they are active and internet-connected, theyâll repopulate next time the console synchronizes, but I donât think thatâs the scenario youâre describing here. I hope that helps!
In the InsightVM Console, under Maintenance -> Data Retention, thereâs an option to âRetain only active agent within the past X days/months/yearsâ I use it for either 7 or 14 days on most consoles Iâve built. If you have agents on laptops that may be off for long periods of time, they may drop out of reporting until the laptop is turned back on though, so keep that in mind.