You can mark Targets Inactive or Delete them in bulk using lifecycle rules.
Last Updated 4/29/2024
Overview
If you notice that your scanner has not rescanned a set of targets in the last X days you may want to mark those targets as inactive such that their vuln instances can be ignored by your analysts.
Or you may choose to delete targets that have not been scanned in a certain period so that your metrics and workflows are not affected by this data.
You can now create Lifecycle rules within your Settings page.
Walkthrough
Permissions
Users must have settings.write permissions in order to enable and configure a Lifecycle Rule.
Last Scan Date
In order to test what targets would be marked inactive if a rule were to be enabled, use the following query in your Prioritize page:
target.last_scan < "-Xd"
- Replace X with the number of days you'd like to use.
- This query is using a relative date syntax and reads as:
- Find all targets with a last scan date before (<) Today minus X days (d).
Inactive Rules
You can enable or disable the Target Inactive rules in your Settings | Lifecycle tab.
If you enable the rule you can place a number which the number of Days you would like use in the query above.
Once you've placed a number you can hit Save at the top of the screen.
Note: This number must always be lower than your Target Deletion rules (if enabled).
Deletion Rules
You can enable or disable the Target Deletion rules in your Settings | Lifecycle tab.
If you enable the rule you can place a number which the number of Days you would like use in the query above.
Once you've placed a number you can hit Save at the top of the screen.
Note: This number must always be higher than your Target Inactive rules (if enabled).
Rule Schedule
The lifecycle rules will run once a day at the end of the day around 10:00 pm to 12:00 am EST.