Create a Post
Showing results for 
Search instead for 
Did you mean: 

CSPM unused assets

Is there a way to generate a report to show assets in AWS/Azure that have not been used or touched for a period of time?

0 Kudos
2 Replies
Employee Alumnus
Employee Alumnus

Hello Dankline,

We only check the configuration and meta data of the objects, so we will not see if an application is running or not on an instance or what objects have being uploaded on an S3 bucket.

Once said that, we can enforce different lifecycle rules according to the status or the configuration of the different services:

Make sure that S3 have lifecycle rules :

S3Bucket should have lifecycle.rules

Or ensure older objects are being deleted after a period of time:

S3Bucket should have lifecycle.rules contain [ expiration.days<=365 ]

Or sent to an archive bucket after a certain period of time:

S3Bucket should have lifecycle.rules with [ transition.storageClass='STANDARD_IA' and days<=180 ]

Or identify instances that have being running for more than a year:

Instance where (not tags with [ key='app' and value='prod' ]) and isRunning=true should not have launchTime before(-12, 'months')

Or users that have not connected to AWS in a period of time:

IamUser where passwordEnabled=true should not have passwordLastUsed before(-6,'months')

The GSL language is very powerful and allows customer to very easily translate their own configuration and lifecycle posture into rules that can be continuously enforced and monitored. Once the rules are created and added to a continuous policy you can create reports or widgets  to visualize the status of the lifecycle configuration policy. 


Thank you, Gonzalo.  Do we have a similar capability, using GSL in Azure?  I'm interested in being able to identify VMs that are no longer being used, and orphaned vnets, etc.  Is there GSL documentation that can help in crafting these rules?


0 Kudos