Vulnerability table grooming is not taking place as part of normal operations with Sentinel core. This issue should be handled as part of standard sentinel database operations.
1. Download the sp_delete_vuln_by_date.sql & clean_db_17oct2017.sh file located under ftp.novell.com/outgoing/Sentinel/Vulnerability grooming.
NOTE: The files can also be obtained by contacting NetIQ Technical support
2. Copy downloaded files to the Sentinel core box. E.g. /home/novell Open putty/ssh client and navigate to folder.
NOTE: Confirm that the owner.group of the files is novell.novell and the files have execute permission. If not use the chown and chmod commands update the files.
E.g. chmod +x myfile
E.g. chown novell.novell myfile
3. login as novell user
E.g. su novell
4. Login to psql.
E.g. psql -h localhost -U dbauser SIEM
5. Run the sql file
E.g. \i /opt/novell/sentinel/bin/sp_delete_vuln_ext.sql
NOTE: It will create a new function in the db with the name public .esec_vuln_pkg_by_date_created
6. Once the function is successfully created, run the clean_db_17oct2017.sh file.
7. Now follow the steps as usual to delete the Vulnerabilities.
8. When it prompts for “Type 1 to start cleanup, 2 for controlled cleanup (or 3 to cancel) =>”, enter 2.
9. Then enter the date from which vulnerabilities will be truncated in 'yyyy-MM-dd hh:mm:ss' format
E.g. 2017-10-17 12:00:00
10. Check the log and table to confirm that the tables have been groomed as per the date given.
Currently the vulnerability table grooming done as part of the clean_db.sh script where it truncate all the data. There is no option to truncate a specific set of records.