diff --git a/go.mod b/go.mod
index 8754692a..78a5bc3e 100644
--- a/go.mod
+++ b/go.mod
@@ -200,3 +200,5 @@ require (
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.3.0 // indirect
 )
+
+replace github.com/kubescape/storage => github.com/kubescape/storage v0.0.0-20231016192125-da13f3622eee
diff --git a/watcher/watcher.go b/watcher/watcher.go
index ade8334c..71f8b8c8 100644
--- a/watcher/watcher.go
+++ b/watcher/watcher.go
@@ -282,6 +282,18 @@ func (wh *WatchHandler) HandleSBOMFilteredEvents(sfEvents <-chan watch.Event, pr
 			continue
 		}
 
+		if !slices.Contains(wh.managedInstanceIDSlugs, hashedInstanceID) {
+			wh.storageClient.SpdxV1beta1().OpenVulnerabilityExchangeContainers(obj.ObjectMeta.Namespace).Delete(context.TODO(), obj.ObjectMeta.Name, v1.DeleteOptions{})
+			logger.L().Ctx(context.TODO()).Info(
+				fmt.Sprintf(
+					`unrecognized instance ID "%s". Known: "%v", no triggering`,
+					hashedInstanceID,
+					wh.managedInstanceIDSlugs,
+				),
+			)
+			continue
+		}
+
 		wlid, ok := obj.ObjectMeta.Annotations[instanceidhandlerv1.WlidMetadataKey]
 		if !ok {
 			logger.L().Ctx(context.TODO()).Error(