Define purge rules to automatically purge assets and cloud agents based on the terminated/deallocated state of the cloud instance or time since last activity or vulnerability scan. Your purge rules will run daily. When you purge an asset you remove the asset and the data associated with it.
1) This feature must be enabled for your subscription. Please reach out to Qualys Support or your Technical Account Manager to have one or both of these capabilities enabled:
- On Demand Purge
- Rule-based Purge
2) To purge assets or manage purge rules, you must have all Asset Management permissions: Manage Asset Data Connectors, Create Asset, Delete Asset, Read Asset and Update Asset.
When enabled for your subscription, you can purge these types of assets:
- EC2 assets discovered by AWS connectors
- Assets discovered by Azure connectors and cloud agents
- Google Cloud Platform (GCP) assets discovered by cloud agents
- Cloud agent assets
- Asset will be removed from your account
- Existing asset data will be removed from your account
- Scan results from scanners will remain on your account
- If an asset has a cloud agent, the agent will be uninstalled and its license freed up
Create rules to automate the purging of assets on a daily basis. For example, create a rule to remove any terminated EC2 instance that has not been scanned or last updated in more than 30 days. Your rule will run daily and routinely remove the asset.
To get started, go to Assets > Purge Rules and click Create Rule.
You’ll start by giving the rule a friendly name and description. Then add criteria to define the rule conditions.
Select Cloud Agent Based Filter to remove cloud agent assets based on criteria like when the agent last checked in to the platform, modules activated for the agent, agent version, and more.
Select Cloud Provider Metadata Based Filter to remove cloud assets and cloud agents based on cloud provider metadata. You’ll first choose AWS, Azure or GCP, then select the metadata that defines the assets you want to purge. In this example, the rule will remove EC2 assets that are terminated.
Select the option “Purge cloud agent assets matching criteria” to also remove the cloud agent and its license for matching assets.
Click Add Criteria again to add more criteria to the rule, including time-based criteria like when the asset was last scanned or updated.
Set an asset limit for the rule. If the number of matching assets exceeds the limit when the rule is executed, then no assets will be purged.
Review your settings on the last page and hit Finish. The rule will be saved to your purge rules list.
All of your rules run daily. If you don’t want a rule to run then you can choose to disable it. Identify the rule in your list and choose Disable from the Quick Actions menu.
From your Assets list, first identify the EC2 asset or cloud agent asset you want to remove from your subscription. The Sources column provides indicators to help you identify these assets.
Identifies EC2 assets from AWS connectors
Identifies cloud agent assets
Select the asset in your list to purge and choose Purge Asset from the Quick Actions menu. If this option is disabled that means the asset cannot be purged because it's not an EC2 asset or a cloud agent asset.
Optionally, select multiple assets (up to 100) and choose Purge Asset from the Actions menu above the data list. All selected assets will be purged once you confirm the action.