Auto-delete Suspended assets

You can set Xshield to auto-delete the entries of the assets from the Assets page if they have stayed in the Suspended state for 30 minutes or more. This is a tenant-level setting for all agent-based assets (workloads and endpoints) managed from the tenant. 

Assets go to the Suspended state Five minutes after they are unreachable to Xshield. You can set a minimum wait time of 30 minutes and up to 6 hours to delete the Suspended entries.

Auto-delete only deletes the entries of the non-essential Suspended assets. The agents may still exist on the assets; you must decommission the assets manually.

The entries deleted from the Assets page are non-retrievable. If you want to manage the 'entry deleted' asset again, you must decommission the asset and install the agent again. During this time, the asset is not protected from Xshield.

Set up assets for auto-delete

To use this feature, you must first create a unique ENVIRONMENT tag that Xshield must look for (on Suspended assets) to consider deletion. Create a descriptive tag, such as 'auto-delete-suspended-scaled-down', so other users of the instance don't use this tag for critical assets.

  • For existing deployments, you must tag the potential non-essential assets with the unique ENVIRONMENT tag.

  • For upcoming deployments, you must tag all potential non-essential assets with the unique ENVIRONMENT tag when you install the agents on them. 

    For assets added by installing agents at scale (GPO on Windows and Ansible on Linux), you must factor in the unique ENVIRONMENT tag in the standard scale-installation procedures. 

    See Installing agents at scale for more details.

  • For existing and upcoming deployments with assets that are added due to the auto-scaler features of the third-party clouds (AWS Auto Scale on AWS and Virtual Machine Scale Sets (VMSS) on Azure), the unique ENVIRONMENT tag must be added to the scaled-up assets when they are spun. For example, in the Auto Scale Configuration of the AWS Auto Scale Groups.

    Refer to third-party cloud provider's documentation for how to add tags to the auto-scaler configuration.

    When the tagged assets are orphaned due to scale downs, their entries are deleted from the Assets page.

Enable auto-delete

Enable the auto-delete feature only after ensuring that the necessary critical assets are not tagged with the unique ENVIRONMENT tag. To ensure this, filter the Assets page by the unique tag and check the list of assets.

  1. Go to Settings > Configure > Account Settings.

  2. In the Delete Cloud AutoScale Suspended Assets tile, enable auto-delete.

  3. From the Auto Scale Asset Tag drop-down list, select the unique ENVIRONMENT tag.

  4. Set the wait time to delete the Suspended assets' entries.

  5. Click Save.

    Xshield runs a job to delete the tagged assets' entries when it finds assets that stay in the Suspended state for longer than the wait time.

Track auto-delete jobs

Enabling and disabling the auto-delete setting and the resulting deletion jobs are logged on the Audit Logs page as Type=System logs.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.