Remediate Risk

Remediation Hub offers a list of prioritized updates called solutions that are focused on reducing vulnerability risk. This list makes the Remediation Hub the first place you should check to drive risk reduction across your hybrid environments.

Access Remediation Hub

Remediation Hub is accessible from the Insight Platform. To view the Remediation Hub, you must have the following permissions:

SolutionRequired Permission
Insight PlatformAdministrator (Shared)
InsightVMGlobal Administrator
InsightCloudSecDomain Admin, Domain Viewer, or Organization Admin

Vulnerabilities data requires InsightVM and InsightCloudSec

Vulnerability data originates from InsightVM and InsightCloudSec. For setup instructions, visit the InsightVM Quick Start Guide and the InsightCloudSec Cloud Vulnerability Management home page.

Understand Remediation Hub

Remediation Hub contains three main sections:

Emergent threats

Rapid7’s security research team actively monitors and researches emergent threats. Emergent Threat Response delivers fast expert analysis and first-rate security content for the highest priority security threats to help you understand your exposures and act quickly to protect your assets from exploitation. When there is an active emergent threat, Remediation Hub notifies users with a callout banner at the top of the page that Rapid7 teams are responding. This callout initially provides a link to a blog post that is constantly being updated. As more becomes known about the vulnerability and content is created in various Rapid7 solutions, the Remediation Hub shows customers the CVE numbers and the impact on assets across their environment. Emergent threats are shown for 14 days. If there is no current emergent threat, the banner will not be displayed.

Key metrics

The following key metrics are displayed at the top of the Remediation Hub:

MetricDescription
Total RiskNormalized, aggregate score (from 0 to 1000) representing the risk of all vulnerabilities and assets across your cloud and on-prem environments.
Cloud RiskScore (from 0 to 1000) representing the risk of cloud accounts and assets with vulnerabilities present. The counts shown are based on total accounts and assets with vulnerabilities present. This score comes directly from InsightCloudSec.
On-Prem RiskScore (from 0 to 1000) representing the risk of sites and assets with vulnerabilities present. The counts shown are based on total sites and assets with vulnerabilities present. This score comes directly from InsightVM.

Solutions

All risks are paired with a solution (also known as a remediation). Solutions are sorted by highest risk score reduction by default. Each solution in the table includes the following:

  • Type (on-prem or cloud)
  • A short description of the solution
  • The amount that the risk score is reduced by implementing the provided solution
  • The number of assets, images, CVEs, and findings that are associated with the risk

You can apply filters to reduce the scope of solutions and assets returned and export solution details from the Remediation Hub.

Explore solutions

Click a solution from the table to open a panel containing details on the total number of impacted assets and vulnerabilities as well as a description of the solution. Depending on the type of asset, available details may differ:

Cloud asset details
PropertyDescription
Asset NameThe name of the asset and its type.
Resource IDUnique ID for the asset.
Resource TypeThe type of resource. For example, Instance, ECS Task Definition, or ReplicaSet.
Image IDUnique ID associated with the asset (if applicable).
OS PlatformOperating system the asset uses. For example, Linux, Windows, MacOS.
RegionThe zone and location the asset is located in. For example, eu-central-2, us-east-2.
Cloud AccountThe cloud service provider (CSP) user account the asset is associated with.
TagsTags associated with the asset as imported from the CSP.
ActionsOptions to view the asset in InsightCloudSec.
On-prem asset details
PropertyDescription
Asset NameThe name of the asset and its type.
IP AddressUnique network ID assigned to the asset.
SitePhysical location where the asset is assigned.
OS PlatformOperating system the asset uses. For example, Linux, Windows, MacOS.
LocationThe zone and location the asset is located in. For example, eu-central-2, us-east-2.
OwnerThe owner of the asset.
CustomCustom tags associated with the asset.
ActionsOptions to view the asset in InsightVM.
Vulnerabilities details
PropertyDescription
Vulnerability NameThe name of the vulnerability.
SeverityThe CVSS severity.
RiskThe active risk score of the vulnerability.
AssetsNumber of assets affected by the vulnerability across your environment. The number of assets will be higher than the solution as some assets are affected by other vulnerabilities.
ActionsOptions to view the asset in InsightCloudSec or InsightVM.