Effective risk remediation involves focusing on what matters most to your organization. To keep your lists of assets and vulnerabilities as fresh and relevant as possible and minimize false positives, Vulcan Cyber ExposureOS automatically removes assets that are presumed to be retired or inactive and represent no risk to your organization.

Vulcan Cyber ExposureOS allows you to control how and when an asset is presumed inactive and can thus be removed from the system via the Asset Retention configuration, which was previously known as Inactive Assets.

This represents the configuration of the number of days Vulcan Cyber ExposureOS will wait before removing an asset after its last touchpoint. If your scan cycles are less frequent and you want to keep assets around for longer periods of time, pick a higher number of days, for example, 90.

If you scan multiple times a day with total coverage and want assets removed as soon as they are missing from a scan, put a very low value in the text box, like 1.

The asset's last touchpoint is defined as the Last Seen time ingested from the native tool if available, or the latest sync time into Vulcan Cyber ExposureOS if Last Seen isn't available to ingest from the connector.

When an asset is comprised of 2 or more sources merged together, the asset retention configuration applies to each source separately. For example, if an asset is comprised of the sources Qualys, AWS, and ServiceNow, and the following is true:

If our asset retention configuration is, for instance, 14 days, that would cause the ServiceNow asset information to be detached from our asset above and get removed from the platform. The Qualys and AWS information would remain as is, of course.