While we realize that Rapid7 Agents will fall off after 30 days of inactivity, we were wondering if there was a way to expedite that process by manually removing them and their data from the console itself. We commonly run into situations where a machine is unrecoverable, thus the vulnerability data is no longer relevant and creates inaccuracies in reports and dashboards.
Does anyone have any ideas on how to do this? I was unable to find anything in the official documentation.
You can delete the assets individually from their respective asset pages, or delete in bulk from within the ‘Rapid7 Insight Agents’ site or a dynamic asset group (using that site along with any other filtering criteria). If the agents are truly inactive, they won’t repopulate and show up in reports, dashboards, etc.
Of course, if they are active and internet-connected, they’ll repopulate next time the console synchronizes, but I don’t think that’s the scenario you’re describing here. I hope that helps!
In the InsightVM Console, under Maintenance -> Data Retention, there’s an option to “Retain only active agent within the past X days/months/years” I use it for either 7 or 14 days on most consoles I’ve built. If you have agents on laptops that may be off for long periods of time, they may drop out of reporting until the laptop is turned back on though, so keep that in mind.