What's New in April 2025

[block:callout] { "type": "info", "body": "This article was published on May 05, 2025." } [/block]

Learn about what we released in April 2025. These capabilities are now available across the Command Platform:

Attack surface

Your attack surface is comprised of all of the potential entry points that attackers could exploit across your systems, applications, and networks. Developing knowledge of your attack surface is a key goal in improving your company's security posture.

Protect your asset space with Surface Command integrations

Surface Command now integrates with additional third-party tools to further enhance your visibility across the attack surface. The newest connectors—Cyberhaven and KACE Asset Management Appliance—enable streamlined insights, automation, and contextual analysis across diverse asset types.

With this capability, you can:

  • Achieve full-spectrum visibility–understand your entire attack surface, including assets, networks, business applications, data storage, and user identities.
  • Gain multi-source context–correlate vulnerabilities and exposures from different security tools for deeper insights into risks and threats.
  • Automate security workflows–leverage integrated, action-oriented APIs to trigger remediation processes and streamline security operations.

Impacted Offerings:

  • Surface Command
  • Exposure Command

Where: Surface Command > Connectors

Configure multiple connector instances with Connector Profiles

Surface Command now supports Connector Profiles, enabling users to deploy and configure multiple instances of the same connector across distributed environments. This is especially useful for organizations with identical data sources (e.g., Active Directory or on-prem scanners) deployed in different locations.

With this capability, you can:

  • Streamline configuration–easily configure multiple instances of the same connector to suit different environments.
  • Eliminate deployment friction–no longer rely on special connector copies from Rapid7 for each instance.
  • Improve operational efficiency–standardize connector setup across distributed infrastructure.

Impacted Offerings:

  • Surface Command
  • Exposure Command

Where: Connectors > Connector Summary > Settings

Risk

Risk is the potential for loss or damage to your assets, operations, or reputation, due to vulnerabilities being exploited by a bad actor. Security teams must assess the risk level by evaluating the likelihood of a threat occurring and the impact that it would have if realized.

Gain financial assurance with the Breach Protection Warranty

With the cost of data breaches rising, Managed Threat Complete Ultimate customers now receive built-in financial protection through the Breach Protection Warranty—covering up to $1M in breach-related expenses at no additional cost.

With this capability, you can:

  • Protect against real-world costs–including forensics, legal, and public relations support.
  • Receive tiered support–coverage levels scale to organization size, up to $1M.
  • Strengthen your security foundation–eligibility is aligned to security best practices.

Impacted Offerings:

  • Managed Threat Complete
  • MDR

Where: Risk > Warranty Coverage

Consolidate cybersecurity reports with Unified Executive Risk View

Unified Reporting now enables centralized access to executive risk view reports across Rapid7 products. By consolidating insights from multiple tools into one location, you can streamline reporting and accelerate decision-making.

With this capability, you can:

  • Streamline reporting–view and manage reports across your Rapid7 products from a single platform.
  • Gain on-demand access–easily find and download reports across capabilities for quicker executive insight.

Impacted Offerings:

  • InsightVM
  • Exposure Command
  • InsightCloudSec

Where: Risk > Reports

Threat

A threat is any potential event or action that could exploit vulnerabilities in a system, causing harm to assets, data, or operations. Threats can originate from various sources, including malicious actors, natural disasters, or unintentional human errors.

Prioritize high-fidelity threat intelligence with Intelligence Hub

The new Intelligence Hub enhances your threat detection strategy with curated intelligence and dynamic contextual analysis. Embedded into the Command platform, this update filters noise and focuses your team on high-impact threat signals.

With this capability, you can:

  • Filter out noise–gain access to high-fidelity threat intelligence curated by Rapid7 experts.
  • Strengthen threat response–incorporate data from honeypots, AttackerKB, exploitation triage, and open source intelligence.
  • Improve operational efficiency–access actionable intelligence directly within the Command platform.

Impacted Offerings:

  • Threat Command

Where: Detection & Response > Threat Intelligence

Accelerate intelligence delivery with Rapid7 Labs in the TIP Threat Library

Rapid7 Labs now powers the Threat Library in the Intelligence Hub, offering faster and more relevant threat updates. As TIP is gradually phased out, users benefit from enhanced speed and accuracy in threat intelligence delivery.

With this capability, you can:

  • Improve relevance–gain intelligence curated by Rapid7 Labs to enhance accuracy.
  • Accelerate updates–receive faster, automated intelligence publication for quicker reaction time.

Impacted Offerings:

  • Threat Command

Where: Detection & Response > Threat Command > Intelligence Hub > Threat Library

Customize detection and response with additional MDR services

MDR now includes advanced customization capabilities that let organizations tailor detection rules, dashboards, and data source ingestion to match their unique environments.

With this capability, you can:

  • Build custom dashboards and reports tailored to your security goals.
  • Ingest and parse custom event sources for broader visibility.
  • Create bespoke detection rules for unique attack patterns.
  • Delegate SOC monitoring and triage for non-standard data sources.

Impacted Offerings:

  • MDR
  • Managed Threat Complete

Where: Threat > Detections

The new Detection and Response Dashboard offers real-time, interactive visualizations to help teams track coverage gaps, analyze security posture, and drill into incidents for deeper investigation.

With this capability, you can:

  • Detect coverage gaps–quickly find weaknesses across your attack surface.
  • Map investments–visualize detection gaps with MITRE ATT&CK mapping.
  • Investigate faster–drill into visualizations for clear context on alerts and incidents.

Impacted Offerings:

  • MDR
  • Managed Threat Complete

Where: Threat > Detection and Response Dashboard

Administration

Administration focuses on refining platform controls, improving navigation, and enhancing user management. Updates streamline permissions, configurations, and logging, creating a more intuitive and efficient experience for administrators.

Improve system performance with historical asset record deletion

InsightVM now supports automated removal of obsolete historical asset records. This improves system responsiveness and optimizes storage usage for large-scale environments.

With this capability, you can:

  • Improve scalability–enhanced performance for growing environments.
  • Improve performance–faster query times and dashboard loading.

Impacted Offerings:

  • Exposure Command
  • InsightVM
  • Managed Threat Complete

Where: Administration > Maintenance Schedule

Track cloud events with Principal API Activity Timeline (Azure)

InsightIDR now features a graph-based API activity timeline that visualizes user and service actions across Azure environments, improving investigation speed and audit accuracy.

With this capability, you can:

  • Investigate faster–visualize timelines of user and service activity.
  • Access data on demand–quickly retrieve logs over flexible timeframes.
  • Respond proactively–detect and mitigate suspicious API behavior early.

Impacted Offerings:

  • MDR
  • Managed Threat Complete

Where: InsightIDR > Logs > Cloud Activity Timeline