I have citrix VDI devices which add up over time and eat up my licenses. Looking for a script (API call) to delete them automatically.
what about setting a shorter retention on them?
We have about 4000 VDI every day and it creates an issue with licensing. Current retention is 30 Days. Shorting that would create issue with reporting.
You would still need to get a list of assets needing to be deleted, but there is a REST endpoint InsightVM API (v3)
Are these persistent or non-persistent Citrix VDI? If they are non-persistent then you might look into only scanning the master image the clones boot from. The vulnerabilities on the clones will be the same as the master image.
These are non-persistent. we are also MDR customer. We want the agent on to monitor users. unfortunately rapid7 doesn’t have an option to turn off vulnerability scanning on a portion of their agents.
Hi @biju_vaderiyattil
Actually if you ask the support they might be able to help you. Check out this discussion - > InsightAgents, Assets Repopulating - Exceeding License Coverage
@biju_vaderiyattil I have this script function I use to remove assets that belong to a specific asset group:
function Remove-StaleAssets {
param (
[string] $AssetGroupToDeleteAssets = "VMS - Stale Objects - 90 days",
[bool] $GetNewHeaders = $false
)
if ($null -eq $headers -or $GetNewHeaders -eq $true)
{
$headers = Get-IVMCredentials
}
write-host "Getting Asset Group Information..."
$uri = "https://<<IVM HOSTNAME>>:3780/api/3/asset_groups/?name=" + $AssetGroupToDeleteAssets
$results = invoke-restmethod -uri $uri -Method Get -ContentType "application/json" -headers $headers
$assetGroup = $Results.resources
if($assetGroup.count -ne 1){write-host $AssetGroup.count "Multiple Asset Groups found, expecting only 1, aborting";return $null}
$AssetsURI = $AssetGroup.links | where-object rel -match "Assets"
write-host "Getting Stale Objects from Group: " $AssetGroupToDeleteAssets
$AssetsToDelete = invoke-restmethod -uri $AssetsURI.href -Method Get -ContentType "application/json" -headers $headers
write-host "Delete assets:"
foreach ($Asset in $AssetsToDelete.links | where-object rel -match "Asset"){
write-host "." -NoNewline
$result = Invoke-RestMethod -uri $asset.href -Method DELETE -headers $headers
}
Return $AssetsToDelete
}
Please note that you need to put in your IVM Console hostname in place of <>, and this function expects the Auth Header to already be populated. Here’s the function I use to generate the $headers:
function Get-IVMCredentials
{
$creds = Get-Credential
$auth = $creds.username + ":" + [System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($creds.password))
$Encoded = [System.Text.Encoding]::UTF8.GetBytes($auth)
$authorizationInfo = [System.Convert]::ToBase64String($Encoded)
$headers = @{"Authorization"="Basic $($authorizationInfo)"}
return $headers
}
if ($null -eq $headers)
{
$headers = Get-IVMCredentials
}
Please also note, I’m NOT a developer AT ALL, and you should check and review the code for yourself, and I might do things that don’t make any sense to someone that knows what they are doing.