Asset Retention

Effective risk remediation involves focusing on what matters most to your organization. To keep your lists of assets and weaknesses as fresh and relevant as possible and minimize false positives, Tenable Exposure Management automatically removes assets that are presumed to be retired or inactive and represent no risk to your organization.

Configuring Asset Retention

Tenable Exposure Management provides asset retention settings that let you control when an asset is considered inactive and eligible for removal. This can be configured individually for each connector on its setup page.

To configure asset retention of a specific connector:

Within Tenable Exposure Management, navigate to Connectors.
In the connectors list, click on the connector for which you want to configure asset retention.

The edit connector page appears.
In the Asset Retention section, configure the retention period for inactive assets based on their last seen date. If an asset has not been detected or updated in a scan within the specified days, Tenable Exposure Management automatically removes it. This ensures your asset inventory stays current and relevant.

Tip: Some connectors allow you also to configure the asset retention based on status change.

How long after the last sync is an asset considered inactive?

Asset inactivity represents the configuration of the number of days Tenable Exposure Management waits before removing an asset once its no longer present in a scan. If your scan cycles are less frequent and you want to keep assets around for longer periods of time, choose a higher number of days, for example, 90.

If you scan multiple times a day with total coverage and want assets removed as soon as they are missing from a scan, choose a lower value, like 1.

Tenable defines the time an asset was last seen by the Last Seen time ingested from the native tool, if available. Otherwise, Tenable pulls from the most recent time the connector synced with Tenable Exposure Management.