Managers have the ability to purge hosts to permanently remove all host data in the user's account; other users may be granted permission to purge hosts. Purging hosts will remove all automatic host data as well as associated tickets and exceptions (scan results will not be removed). This host data will be removed from your account if present: vulnerability data, compliance data, and FDCC compliance data. Once purged, the host data is not recoverable.
To purge hosts, a user submits a purge host request for a single host or for multiple hosts in bulk.
It's best practice to purge a host when the host is being decommissioned or used in a completely new role - new operating system, new applications, new purpose. This ensures that previous data collected from previous scans of the host does not affect reporting moving forward. The service can not infer from scanning hosts if the host is decommissioned, firewalled, temporarily out of service, reappropriated, etc. For that it needs insider information. Worfklows are provided to purge a single host or bulk purge multiple hosts.
Host vulnerability data is collected from vulnerability scans. Purging hosts will remove the following vulnerability data: information gathered on the host such as its hostname and OS, vulnerability history, remediation tickets for the host, and comments added to the host. Since Auto scan reports are based on host information and history, this host will not appear in reports until new data is collected from new scans. Note that purging hosts does not affect Manual scan reports.
Host compliance data is collected from compliance scans. Purging hosts will remove the following compliance data: authentication status for the host, pass/fail status for controls on the host, all exceptions (approved, rejected and pending) along with the exceptions history and comments.
Host FDCC compliance information is collected from FDCC scans. Purging hosts will remove the following FDCC compliance data: authentication status for the host and pass/fail status for rules on the host.
Managers automatically have permission to purge any host in the subscription. When a Manager purges a host, all saved host information and history is deleted, including information collected from vulnerability scans, compliance scans and FDCC scans.
Unit Managers, Scanners and Readers may be granted permission to purge hosts. Managers can grant these permissions to any user in the subscription. Unit Managers can grant these permissions to any user in their business unit as long as the Unit Manager performing the edit also has the permission. To allow a user to purge vulnerability information, edit the user's account on the Edit User page and select the option "Purge host information/history". To allow this same user to purge compliance information and FDCC information, you must also select the option "Manage compliance" (available only when the compliance module is enabled for your subscription).
Auditors automatically have permission to purge any compliance host in the subscription. When an Auditor purges a compliance host, the service deletes any existing compliance information and FDCC information for the host. Auditors do not have access to vulnerability data, so vulnerability information is not deleted.
1. Select hosts to purge. You can submit a purge host request for a single host or multiple hosts in bulk.
Single Host: Select a single host from the Host Information page. You can access this page from many locations: from the Host Assets page, Tickets page, Asset Search Reports, and Risk Analysis Reports. When viewing the Host Information page for a particular host, go to File > Purge to submit a purge host request.
Multiple Hosts: Select multiple hosts at once from various reports, including Map Reports, Asset Search Reports and Risk Analysis Reports. When viewing the report, select the check box next to each host in the report that you want to purge, then select Purge from the Actions drop-down menu at the top of your report, and click Apply.
2. Review the Warning message shown in the Purge Host Information page. This message indicates the types of information that will be removed for the selected hosts. Carefully read the information provided and then click Purge to confirm the action.
3. Review the status message in the Acknowledged page. This message indicates that your request has been accepted and your hosts are marked for purging. Until the purge operation completes, host information will remain in your account. Click Close to close this window.