December 2025 Release Notes
Copy link

The Command Platform release notes include information about what’s new, which are updated monthly, and improvements and fixes, which are updated weekly.

ℹ️

Last updated: December 1st, 2025

What’s New
Copy link

Learn about new features across the Command Platform. These features were released over the past month and are available now:

Risk
Copy link

Risk is the potential for loss or damage to your assets, operations, or reputation, due to vulnerabilities being exploited by a bad actor. Security teams must assess the risk level by evaluating the likelihood of a threat occurring and the impact that it would have if realized.

View Exposure Analytics in your Preferred Theme
Copy link

Exposure Analytics previously defaulted to light mode, causing visual inconsistency with Command Platform theme preferences. This update ensures the interface aligns with light theme settings for a consistent experience across Vulnerability Management (InsightVM).

With this update in Exposure Analytics, you can:

  • Apply platform light theme automatically in Exposure Analytics
  • Eliminate abrupt dark-to-light transitions for smoother navigation

Top of page

Include EPSS Data in Bulk Export APIs
Copy link

You can now use Exploit Prediction Scoring System (EPSS) data in Vulnerability Management (InsightVM) to prioritize vulnerabilities based on the likelihood of active exploitation. This added context helps security teams focus remediation efforts on the vulnerabilities most likely to be targeted.

With this update for Bulk Exports, you can:

  • Retrieve EPSS score and percentile via asset and vulnerability bulk exports
  • Rank vulnerabilities by real-world exploit probability
  • Target remediation on the highest-risk issues

Top of page

Navigate a Consistent UI with Refreshed Vulnerability Management (InsightVM) Console UI
Copy link

The Vulnerability Management (InsightVM) console has had an updated to align its interface with the broader Rapid7 Command Platform. This refreshed UI delivers a more consistent visual experience, reducing friction when moving between solutions.

With this release in Vulnerability Management (InsightVM), you can:

  • Access a modernized and aligned Security Console interface
  • Continue using existing functionality with zero disruption

Top of page

Utilize Enhanced Operating System Data in Remediation Hub
Copy link

Remediation Hub now has extended Operating System (OS) including OS product, version, and architecture, in addition to the existing OS family. This richer data is now visible in impacted asset details, available in filters, included in exports, and passed through to automations, enabling more precise remediation workflows.

With this update in Response & Remediation > Remediation Hub, you can:

  • Gain detailed Operating System context
  • Access the enhanced Operating System fields when running Automation workflows.
  • Improve accuracy in assigning asset ownership

Top of page

Threat
Copy link

A threat is any potential event or action that could exploit vulnerabilities in a system, causing harm to assets, data, or operations. Threats can originate from various sources, including malicious actors, natural disasters, or unintentional human errors.

Explore Logs Faster with Full Screen Search
Copy link

SIEM (InsightIDR) now includes a Full Screen Search mode that lets you expand your search workspace for uninterrupted investigations. Designed for security analysts, this enhancement eliminates the visual constraints of the default view, enabling a more immersive log analysis experience.

With this capability in Search > Log Search, you can:

  • Maximize the view for deeper visibility into your log data.
  • Navigate seamlessly across multiple tabs—even when expanded.
  • Reduce distractions by eliminating the need to toggle between browser windows.

Top of page

Accelerate Threat Investigations with Distributed Search
Copy link

A next-generation search infrastructure is now available in SIEM (InsightIDR) to accelerate your threat hunts and investigations. Distributed Search parallelizes statistical queries across multiple compute resources to deliver results faster and more reliably.

With this capability in Search > Log Search, you can:

  • Achieve 35–50% faster results through parallel query execution.
  • Improve reliability with distributed, atomic workloads.
  • Scale efficiently for high-volume, complex analysis.

Applies only to LEQL queries using the calculate clause in this release. Faster groupby query performance is planned for Q1 2026.

Top of page

Monitor Cloud Log Readiness Across Environments
Copy link

The Cloud Log Coverage dashboard card in SIEM (InsightIDR) provides visibility into logging readiness across AWS, Azure, and now GCP. Available to customers with both SIEM (InsightIDR) and Cloud Security (InsightCloudSec), this feature helps security leaders and operations teams identify gaps and track improvements over time.

With this capability in Dashboards, you can:

  • Detect incomplete or misconfigured logging.
  • Proactively manage cloud posture and reduce risk exposure.
  • Support audit readiness and simplify stakeholder reporting.

Top of page

Improvements and Fixes
Copy link

Keep track of improvements and fixes to core technology.

Application Security (InsightAppSec) and AppSpider
Copy link

No updates released at this time.

Top of page

Cloud Security (InsightCloudSec)
Copy link

No updates released at this time.

Top of page

SIEM (InsightIDR)
Copy link

No updates released at this time.

Top of page

Vulnerability Management (InsightVM)
Copy link

Version 8.31.0
Copy link

Software release date: Dec 3, 2025 | Release notes published: Dec 1, 2025

Improved:

  • Optimized OS Remote Execution Fingerprinting to significantly reduce scan duration and resource usage. To enable, set the custom property: com.rapid7.remoteexecution.fingerprinting.optimize=true
  • Improved Oracle SID Enumeration Stability: Addressed a stability issue where the Oracle SID enumeration thread could stall for extended periods when scanning misbehaving endpoints, potentially impacting overall scan performance. To prevent indefinite stalling, the Scan Engine now introduces a Failure Threshold mechanism:
    • The engine enforces a default limit of 5 consecutive enumeration failures. If this limit is reached, the thread will exit to preserve scan stability.
    • Default Exclusions: The failure count will not be triggered by the following common error codes: ORA-12504, ORA-12505, ORA-01005, ORA-01017, ORA-12537, and ORA-28000. This threshold and error codes can now be customized.
    • Custom Configuration Properties: The following custom properties are now available to change the default failure limit and the error codes:
      • com.rapid7.oracle.bootstrap.failure.limit: Sets the number of allowed failures before stopping (Default: 5). Set to 0 to disable this feature.
      • com.rapid7.oracle.bootstrap.failure.codes: Defines which specific Oracle error codes contribute to the failure count.
      • com.rapid7.oracle.bootstrap.exclude.failure.codes: Defines Oracle error codes that should be ignored when counting failures (this takes precedence over the inclusion list).

Top of page

Nexpose
Copy link

Version 8.31.0
Copy link

Software release date: Dec 3, 2025 | Release notes published: Dec 1, 2025

Improved:

  • Optimized OS Remote Execution Fingerprinting to significantly reduce scan duration and resource usage. To enable, set the custom property: com.rapid7.remoteexecution.fingerprinting.optimize=true
  • Improved Oracle SID Enumeration Stability: Addressed a stability issue where the Oracle SID enumeration thread could stall for extended periods when scanning misbehaving endpoints, potentially impacting overall scan performance. To prevent indefinite stalling, the Scan Engine now introduces a Failure Threshold mechanism:
    • The engine enforces a default limit of 5 consecutive enumeration failures. If this limit is reached, the thread will exit to preserve scan stability.
    • Default Exclusions: The failure count will not be triggered by the following common error codes: ORA-12504, ORA-12505, ORA-01005, ORA-01017, ORA-12537, and ORA-28000. This threshold and error codes can now be customized.
    • Custom Configuration Properties: The following custom properties are now available to change the default failure limit and the error codes:
      • com.rapid7.oracle.bootstrap.failure.limit: Sets the number of allowed failures before stopping (Default: 5). Set to 0 to disable this feature.
      • com.rapid7.oracle.bootstrap.failure.codes: Defines which specific Oracle error codes contribute to the failure count.
      • com.rapid7.oracle.bootstrap.exclude.failure.codes: Defines Oracle error codes that should be ignored when counting failures (this takes precedence over the inclusion list).

Top of page

Digital Risk Protection (Threat Command)
Copy link

No updates released at this time.

Top of page

Rapid7 Agent (Insight Agent)
Copy link

Software Release Date: December 2, 2025 | Release Notes Published: December 2, 2025

Agent Installer Experience Redesigned: The Agent Installers tab has been renamed to Installers, and the page has been redesigned for faster, more intuitive navigation:

  • Simplified layout with clearly labeled tabs for Agent and Add-Ons (if licensed).
  • New section headers, Installation Method and Available Installers, for easier navigation.
  • Quick version access with Locked, Current, and Previous Releases tabs.

To view the changes, go to Data Connectors > Agents > Installer(s).

Top of page

Next-Generation Antivirus
Copy link

Software Release Date: December 2, 2025 | Release Notes Published: December 2, 2025

You can now download NGAV installers directly from the Command Platform, no support ticket required.

To access the installer files:

  1. Go to Data Connectors > Agents > Installers > Add-Ons (if licensed).
  2. Select Next-Generation Antivirus.
  3. Download and install both components: Endpoint Service and NGAV Service.

Top of page

Ransomware Prevention
Copy link

Software Release Date: December 2, 2025 | Release Notes Published: December 2, 2025

The Ransomware Prevention installer is now available for direct download from the Command Platform.

To access the installer file:

  1. Go to Data Connectors > Agents > Installers > Add-Ons (if licensed).
  2. Expand Ransomware Prevention.
  3. Select and download the installer for your operating system.

Top of page

Velociraptor
Copy link

No updates released at this time.

Top of page