Device and risk event data purging for active and inactive users in IDSP
search cancel

Device and risk event data purging for active and inactive users in IDSP

book

Article ID: 431798

calendar_today

Updated On:

Products

Symantec Identity Security Platform - IDSP (formerly VIP Authentication Hub)

Issue/Introduction

When running IDSP 3.4.8, how can deleted data be purged? Specifically:

  1. Device Purging: How do we purge deleted devices while allowing for configuration of the purge period (e.g., devices registered in the last month with DELETED=1) and the execution schedule (adjustable to the local time zone where VIPAH/ISP 4.x is deployed)? This should include all events associated with those devices (via device_id or tag).

  2. Risk Event Purging: How do we purge risk events for both active and inactive users? The solution should allow configuration of the purge period (e.g., the last two years—ideally with active and inactive users configured via separate parameters) and the execution schedule (adjustable to the local time zone where VIPAH/ISP 4.x is deployed).

Resolution

Version 4.0.0 already provides these features (1)(2)(3).

Furthermore, these purge functionalities will be enhanced in IDSP version 4.0.2.

To configure the data purge timers in IDSP, perform the following steps:

Set the environment variables

# export NAMESPACE=<namespace>
# export RELEASENAME=<releasename>

The following command illustrates how to update the environment variables for the scheduler:

# kubectl set env deployment/${RELEASENAME}-ssp-scheduler -n ${NAMESPACE} \
  RISK_INACTIVE_USER_CLEANUP_CRON="0 5 9 * * WED" \
  RISK_EVENT_CLEANUP_FIXED_DELAY="18000000" \
  ISSUED_TAG_PURGE_CRON="0 22 * * * ?" && \
  kubectl rollout status deployment/${RELEASENAME}-ssp-scheduler -n ${NAMESPACE}

Expected Output:

deployment.apps/bcn-ssp-scheduler env updated
Waiting for deployment "<releasename>-ssp-scheduler" rollout to finish: 1 old replicas are pending termination...
deployment "<releasename>-ssp-scheduler" successfully rolled out

To verify the current values, run the following command:

# kubectl describe pod ${RELEASENAME}-ssp-scheduler-<id> -n ${NAMESPACE}

Output Snippet:

...
RISK_INACTIVE_USER_CLEANUP_CRON:  0 5 9 * * WED
RISK_EVENT_CLEANUP_FIXED_DELAY:   18000000
ISSUED_TAG_PURGE_CRON:            0 22 * * * ?
...

Additional Information

  1. Scheduler Job

  2. Risk Active User Event Data Clean-up Scheduler

  3. Risk Inactive User Event Data Clean-up Scheduler

Powered by Wolken Software