Define purge rules to automatically purge assets and cloud agents based on the terminated/deallocated state of the cloud instance or time since last activity or vulnerability scan. Your purge rules will run daily. When you purge an asset you remove the asset and the data associated with it.
Note: For the tracking method EC2, if IP addresses are added to the Vulnerability Management (VM) application when the purge event is performed, IP addresses will also be removed from the VM application. For the tracking method EC2 and IP, if IP addresses are added to the VM application when the purge event is performed, IP addresses will not be removed from the VM application since the hosts are different.
1) This feature must be enabled for your subscription. Please reach out to Qualys Support or your Technical Account Manager to have one or both of these capabilities enabled:
- On Demand Purge
- Rule-based Purge
2) Only the managers and super users can purge assets or manage purge rules. The sub-users or other user types cannot purge assets.
When enabled for your subscription, you can purge the following types of assets.
For On Demand Purge:
- Cloud agent assets
- EC2 assets discovered by AWS (connector and AWS cloud agent)
- Assets discovered by Azure (connector and Azure cloud agent)
Note: You cannot purge Google Cloud Platform (GCP) assets discovered by cloud agents and connectors.
For Rule-based Purge:
- Cloud agent assets
- EC2 assets discovered by AWS (connector and AWS cloud agent)
- Assets discovered by Azure (connector and Azure cloud agent)
- Google Cloud Platform (GCP) assets discovered by connector and GCP cloud agent
- Asset will be removed from your account
- Existing asset data will be removed from your account
- Scan results from scanners will remain on your account
- If an asset has a cloud agent, the agent will be uninstalled and its
license freed up
Create rules to automate the purging of assets on a daily basis. For example, create a rule to remove any terminated EC2 instance that has not been scanned or last updated in more than 30 days. Your rule will run daily and routinely remove the asset.
To get started, go to Assets > Purge Rules and click Create Rule.
You’ll start by giving the rule a friendly name and description. Then add criteria to define the rule conditions.
Select Cloud Agent Based Filter to remove cloud agent assets based on criteria like when the agent last checked in to the platform, modules activated for the agent, agent version, and more.
Select Cloud Provider Metadata Based Filter to remove cloud assets and cloud agents based on cloud provider metadata. You’ll first choose AWS, Azure or GCP, then select the metadata that defines the assets you want to purge. In this example, the rule will remove EC2 assets that are terminated.
Select the option “Purge cloud agent assets matching criteria” to also remove the cloud agent and its license for matching assets.
Click Add Criteria again to add more criteria to the rule, including time-based criteria like when the asset was last scanned or updated.
Set an asset limit for the rule. If the number of matching assets exceeds the limit when the rule is executed, then no assets will be purged.
Review your settings on the last page and hit Finish. The rule will be saved to your purge rules list.
All of your rules run daily. If you don’t want a rule to run then you can choose to disable it. Identify the rule in your list and choose Disable from the Quick Actions menu.
From your Assets list, first identify the EC2 assets discovered by AWS (connector and AWS cloud agent) and assets discovered by Azure (connector and Azure cloud agent) that you want to remove from your subscription. The Sources column provides indicators to help you identify these assets.
 |
Identifies EC2 assets from AWS connectors |
 |
Identifies Azure assets from Azure Connectors |
 |
Identifies cloud agent assets |
Select the asset in your list to purge and choose Purge Asset from the Quick Actions menu. If this option is disabled that means the asset cannot be purged because it's not an AWS or Azure asset or a cloud agent asset.
Optionally, select multiple assets (up to 100) and choose Purge Asset from the Actions menu above the data list. All selected assets will be purged once you confirm the action.
