Nucleus allows for automated removal (decommission) and deactivation of assets from the Nucleus console in an automated fashion. This helps for dynamic environments or DevOps type environments where VMs are being spun up and down, containers are being deployed and removed, or cloud infrastructure is being changed constantly.
Nucleus allows users to dictate which assets should be removed from the risk profile, the metrics, and the Nucleus console based on a variety of attributes. For example, you can get rid of all containers in a certain subnet if they have not been seen in 2 weeks.
Note: Asset removal or deactivation rules run when a scan is imported, so you will not have to worry about time syncing; your asset list will update dynamically as scans are imported.
To create an asset removal or deactivation rule in Nucleus, follow these steps:
1. Figure out which assets you would like to remove, and the parameters by which you would like to remove future assets
- Asset Type: Applications, Containers, Hosts, etc
- Asset IP: Is there a certain subnet you care about?
- Asset Name: Use wildcard or regex matching to remove assets with certain hostnames
- Connector: Specify for assets which get scan data from a specific connector
2. Navigate to the Automation > Asset Removal page
3. Click + Add Rule
4. On Tab 1, enter in the following information:
- Rule Name: Enter in a name that is descriptive enough you can remember which assets you are removing and why
- Rule Type: Select whether you want to completely remove asset from the Nucleus console or deactivate them
- Remove Asset After: Choose the intervals by which you would like to remove assets, with two broad options
- Time-Based (hasn't been seen in x number of days)
- Scan-based (hasn't been seen in x number of scans)
5. Click Next
6. On tab 2, enter in the matching criteria to remove the assets of your choosing. Select All if you want to remove all assets after a certain time.
- Use the information you gathered in Step 1 to populate the matching rule on this page.
7. [OPTIONAL] On Tab 3, you can test the rule on an asset to see if it will match the way you expect
- Although optional, this is a highly recommended step so you do not accidentally remove assets you were intending to keep in Nucleus
8. Click Save & Finish
All done! You now have set up an automated Asset Removal or Deactivation rule. Use these in order to keep your asset list as up to date as possible.