Throughout my cleanup of our current Qualys implementation, I've realized that due to datacenter moves, server decommissioning, etc, there are quite a number of IPs that have NOT been scanned in > 6 months time. In a perfect world, I could identify the owner(s) or look at some CMDB to see if those systems/servers are still 'active' but maybe I've been blocked by a firewall or something but in reality, thats not going to be possible for a majority of the IPs.
Therefore, I'm looking to purge that information from the system. I would continue to scan those IPs as part of my overall netblock scans so if a new system popped up there or if that same system came back online because I fixed some firewall problem I'd still get the vuln data which right now is the most important part. We're not doing any trending of vuln fixes (vuln mgmt program is still in its infancy in all honesty) so I dont feel like Im losing a ton by purging things.
In any case, just looking for some guidance on this thought process and to see how others are handling purging data (when do you, if ever, do it) and systems that haven't been scanned in some amount of time.