November 2025 Release Notes

The Command Platform release notes include information about what’s new, which are updated monthly, and improvements and fixes, which are updated weekly.

What’s New

Learn about new features across the Command Platform. These features were released over the past month and are available now:

• Risk: Exposure Command, Cloud Security (InsightCloudSec), Vulnerability Management (InsightVM)

• Threat: SIEM (InsightIDR), Cloud Security (InsightCloudSec), Managed Threat Complete, MDR

• Administration: Cloud Security (InsightCloudSec), Exposure Command

• Risk

  • Focus Remediation Efforts with Asset Group Prioritization

• Threat

  • Accelerate Response with Remediation Recommendations for Google Cloud Platform (GCP) SCC
  • Boost Productivity with Multi-Tab Search Analysis
  • Enrich Alerts with Identity Context from Microsoft Entra
  • Enhance Threat Coverage with Migrated Detection Rules
  • Upgrade SIEM (InsightIDR) Customers to Incident Command

• Administration

  • Unified Exceptions Handling and Manage Accepted Risk in IaC

Risk

Risk is the potential for loss or damage to your assets, operations, or reputation, due to vulnerabilities being exploited by a bad actor. Security teams must assess the risk level by evaluating the likelihood of a threat occurring and the impact that it would have if realized.

• Focus Remediation Efforts with Asset Group Prioritization

Focus Remediation Efforts with Asset Group Prioritization

In Remediation Hub, teams using Exposure Command, Cloud Security (InsightCloudSec), and Vulnerability Management (InsightVM) can now prioritize remediation actions based on asset and resource groups to better align with business objectives. This enhancement introduces smarter filters and richer context to help teams focus on what matters most—without the noise.

With this capability in Response & Remediation > Remediation Hub, you can:

• Prioritize remediation based on asset and resource groups–leverage contextual groupings to align remediation with your business priorities.
• Leverage site data in a consolidated filter–gain a unified, contextual view of your environment.
• Cut down on clicks–gain faster insight into high-priority exposures.

Top of page

Threat

A threat is any potential event or action that could exploit vulnerabilities in a system, causing harm to assets, data, or operations. Threats can originate from various sources, including malicious actors, natural disasters, or unintentional human errors.

• Accelerate Response with Remediation Recommendations for Google Cloud Platform (GCP) SCC
• Boost Productivity with Multi-Tab Search Analysis
• Enrich Alerts with Identity Context from Microsoft Entra
• Enhance Threat Coverage with Migrated Detection Rules
  • Upgrade SIEM (InsightIDR) Customers to Incident Command

Accelerate Response with Remediation Recommendations for Google Cloud Platform (GCP) SCC

Security teams using SIEM (InsightIDR), Cloud Security (InsightCloudSec), Managed Threat Complete, or MDR can now access expert-driven remediation guidance for Google Cloud Platform (GCP) Security Command Center (SCC) alerts. These recommendations help deliver faster, more consistent responses through enriched cloud context.

With this capability in Alerts > Alert Details, you can:

• Respond faster–get clear, structured remediation steps per alert group.
• Improve consistency–leverage expert insights and automation scripts.
• Reduce time to containment–take immediate, informed action on cloud threats.

Top of page

Boost Productivity with Multi-Tab Search Analysis

SIEM (InsightIDR) now includes Multi-Tab analysis in Log Search, enabling investigators to work across multiple tabs within a single browser window. This update eliminates context switching and redundant query creation, helping analysts stay focused.

With this update in Search > Log Search, you can:

• Open multiple tabbed searches side-by-side–explore different angles of investigation simultaneously.
• Maximize any tab–use screen space efficiently while diving into search results.
• Eliminate redundant work–reduce window sprawl and query duplication.

Top of page

Enrich Alerts with Identity Context from Microsoft Entra

SIEM (InsightIDR) now integrates Microsoft Entra ID as an event source, enabling deeper visibility into identity-based activity across your environment. This enhancement strengthens detection and response workflows by enriching logs with user context.

With this new event source in Data Connectors > Data Collectors, you can:

• Improve triage workflows–attribute alerts to specific users at ingestion time.
• Reduce false positives–resolve identities more accurately.
• Accelerate investigations–pinpoint responsible users faster.
• Enhance threat detection–gain identity-driven risk insights.

Top of page

Enhance Threat Coverage with Migrated Detection Rules

All legacy detection rules in SIEM (InsightIDR) have now been migrated to the Detection Rule Library, providing faster and broader detection capabilities through a unified interface.

With this capability in Intelligence > Detection Rules, you can:

• Stay ahead of emerging threats–detect high-risk activities such as watched or admin-led password resets with new rules.
• Streamline rule management–view migrated User Behavior Analytics (UBA) rules in a unified Detection Library.
• Improve response efficiency–gain faster insight into potential threats with consistent rule access.

Top of page

Upgrade SIEM (InsightIDR) Customers to Incident Command

SIEM (InsightIDR) customers migrating to Incident Command gain an AI-native, unified platform that turns risk insights into confident response. This helps address SOC challenges like alert fatigue, fragmented tooling, and slow triage.

With this upgrade in Incident Command, you can:

• Accelerate response times with AI-driven triage and automation–reduce investigation cycles and increase speed to resolution.
• Unify context and workflows–bring together exposure, detection, and threat intelligence in one seamless platform experience.
• Improve decision-making through guided insights–help every analyst operate with senior-level precision.

Top of page

Administration

Administration focuses on refining platform controls, improving navigation, and enhancing user management. Updates streamline permissions, configurations, and logging, creating a more intuitive and efficient experience for administrators.

• Unified Exceptions Handling and Manage Accepted Risk in IaC

Unified Exceptions Handling and Manage Accepted Risk in IaC

Cloud Security (InsightCloudSec) now uses the term “Exceptions” instead of “Exemptions,” aligning accepted-risk workflows across the platform. In addition, you can now manage exceptions for Infrastructure as Code (IaC) findings, streamlining triage and reporting.

With this enhancement in Controls & Compliance > Infrastructure as Code, you can:

• Define and manage exceptions for IaC insights–standardize how known issues are documented and handled.
• Streamline triage and remediation workflows–efficiently manage accepted risk in IaC environments.
• Maintain a comprehensive audit trail–ensure accountability and support compliance reporting.

Top of page

Improvements and Fixes

Keep track of improvements and fixes to core technology.

Application Security (InsightAppSec) and AppSpider

No updates released at this time.

Top of page

Cloud Security (InsightCloudSec)

• Version 25.11.25
• Version 25.11.18
• Version 25.11.11
• Version 25.11.4

Version 25.11.25

Software release date: December 2, 2025 | Release notes published: November 24, 2025

Important Notes This release will be available to SaaS customers on December 2, 2025.

Improved

• The new UI for the Misconfigurations page is now the default and only option.
• The new UI for the Bot Factory page is now the default and only option.
• AWS S3 Bucket Management Enhancement: Improved handling of GetBucketACL operations for better S3 bucket access control list retrieval.
• Oracle Cloud Onboarding Enhancement: Added script-based option for onboarding Oracle Cloud accounts.
• Health Check Notification Enhancement: Added support for previously implemented health checks with new categories: scan_status, ivm, and worker for improved system monitoring.
• Azure Network Security Group Enhancement: Improved reliability of Azure Network Security Group (NSG) to Subnet associations by implementing case-insensitive matching, preventing linking failures due to casing variations in resource identifiers.

New Insights

• Workspace Directory Without Custom IP Access Control Groups: Identifies workspace directories that lack custom IP access control group configuration.

Updated Insights

• Database Instances Without Automatic Backup: Updated insight 117 with cloud-agnostic overview and added AWS remediation steps and links.
• Database Instance not Encrypted (RDS): Updated remediation links for insight 2067.

New Query Filters

• Workspace Directory With Custom IP Groups: Filters workspace directories based on custom IP group configuration.

New Resources

• AWS License Manager: Added support for License Manager License resource with new harvester LicenseManagerLicenseHarvester.
  • New permissions required: license-manager:ListLicenses.

Enhanced Threat Detection

• Amazon RDS Limitless DB Support: Added ThreatFindings support for RDS Limitless DB, enabling retrieval of GuardDuty Findings for this database engine.
• Kubernetes Threat Detection Enhancement: Added ThreatFindings support for Kubernetes Clusters from AWS GuardDuty for enhanced container security monitoring.

Fixed

• Resolved a bug where fatal errors in the IAMPolicyProcessor could result in fatal errors in Infrastructure as Code (IaC) scans.
• Fixed an issue where remote plugins would unnecessarily reload because timestamp metadata was ignored for checksum calculations.
• AWS Organization management now correctly indicates credential update validation failures are due to AWS simulation and may not be accurate. Added a checkbox that allows skipping validation for improved workflow flexibility.
• Refactored and cleaned up log generation code for job completion. The job_duration and unk values will no longer appear in logs consistently, improving log clarity.
• Improved plugin reload efficiency by properly utilizing timestamp metadata for checksum calculations, ensuring plugins only reload when actually updated.
• Redacted verbose error logging by default in HTTP responses for improved security.
• Resolved an issue in BotFactory Modern UI where using “Select All” for resource types caused bot runs to fail due to the inclusion of the unsupported Application resource. The “Select All” functionality now matches the legacy UI, allowing bots to run successfully with only valid resources selected.

Version 25.11.18

Software release date: November 18, 2025 | Release notes published: November 17, 2025

Improved

• Azure App Runner Service Enhancement: Added new attribute identity_type to the AppRunnerServices table to identify if Container Instances have a managed identity.
• Organization Management Enhancement: Organization edit UI now allows changes to non-credential settings even if credential validation fails, particularly useful for AWS where validation is simulation-based.
• AWS Lambda Enhancement: Updated ServerlessFunctionHarvester for AWS to correctly harvest Lambda SnapStart data.
• Cloud Organizations List Enhancement: Added “View as Tree” option to “Action” menu in “Clouds/Organizations” UI, displaying organization structure in a modal.

New Insights

• App Run Service Without Managed Identity: Identifies App Runner Services without managed identity configuration.
• App Run Service Allows Public Access (Azure): Identifies App Runner Services (Container Instances in Azure) with public networking enabled.
• Web App Without Virtual Network Integration: Supports CIS Microsoft Azure Benchmark requirements 2.1.18 (ensure app is integrated with virtual network).
• Web App with Public Network Access: Supports CIS Microsoft Azure Benchmark requirements 2.1.14 (ensure public network access is disabled).
• Workspace Directory without Certificate Based Auth Enabled (AWS): Identifies workspaces with directories lacking certificate-based authentication (maps to CIS Controls v8.1.2 Recommendation 3.3).
• Workspace Image Exceeds 90 Day Age Limit: Identifies workspace images exceeding the recommended 90-day age limit.

Updated Insights

• Re-added insights to multiple compliance packs, replacing deprecated ones for improved security coverage.
  • Resource Access List Exposes Critical Ports to the Public replaces deprecated Access List Exposes High Risk Port to the Public.
  • Resource Access List Exposes High-Risk UDP Ports to the Public replaces deprecated Access List Exposes High Risk UDP Ports to the Public.
  • Resource Access Lists Expose SSH Ports to the Public replaces deprecated Access List Exposes SSH to the Public (SG).
  • Resource Access Lists Expose Windows RDP Ports to the Public replaces deprecated Access List Exposes Windows RDP to the Public (SG).
• Updated compliance packs: MITRE ATT&CK Mitigation Pack, ISO 27001:2022, ISO 27017:2015, NIST 800-53 (Rev 4), NIST 800-53 (Rev 5), NIST 800-171, NIST Cybersecurity Framework 1.1, PCI DSS Pack, PCI DSS v4.0, SOC 2.

New Query Filters

• App Run Service Has No Identity Type: Filters App Runner Services without identity type configuration.
• Workspace Image Lifecycle State: Filters workspace images by lifecycle state.
• Workspace Image Type: Filters workspace images by type.
• Workspace Image Operating System: Filters workspace images by operating system.
• Workspace Image Creation Date: Filters workspace images by creation date.
• Workspace Image Updates Available: Filters workspace images with available updates.

Updated Query Filters

• Query Filter Terminology Update: Renamed Web App Has No Network Access Restrictions (Azure) to Web App Has No Network Access Restrictions (underlying logic unchanged).

New Resources

• AWS WorkSpaces Enhancement: Added support for WorkspaceImage resource with new harvester WorkspaceImageHarvester.
  • New permissions required: workspaces:DescribeWorkspaceImages.

Fixed

• Resolved an issue with database instances where Azure SQL Databases would have an empty list for their audit action groups property.
• Fixed Cloud User/Role Console Logon Within Threshold Query Filter to resolve false positive results.
• Fixed an issue to correctly handle duplicate ResourceLinks entries for load balancers to instances and instances to subnets.
• Ensured the v2/public/resource/query and v3/public/resource/query endpoints handle resource type filters in insights correctly.
• Resolved an issue preventing the public API documentation (at /docs route) from loading for some users.

Version 25.11.11

Software release date: November 12, 2025 | Release notes published: November 10, 2025

Important Notes The release will be available to SaaS customers on November 12, 2025.

Improved

• AWS KMS Key Classification Enhancement: Introduces new logic for determining whether AWS KMS Keys (ServiceEncryptionKeys) are ‘AWS Managed’ or ‘Customer Managed’ in the event that the kms:DescribeKey action is denied by a KMS Key Policy.
• Bot Action Terminology Update: Renamed the Bot Action Curate Insight/Bot Exemptions to Curate Insight/Bot Live Exceptions to align with the recent renaming of Exemptions to Exceptions.
• Source Document Storage Integration: Added new feature flags that allow storing Source Documents for specific integrations:
  • DIVVY_TENABLE_AGENT_SOURCE_DOCUMENT_STORAGE_ENABLED
  • DIVVY_QUALYS_AGENT_SOURCE_DOCUMENT_STORAGE_ENABLED
  • DIVVY_CROWDSTRIKE_AGENT_SOURCE_DOCUMENT_STORAGE_ENABLED
  • DIVVY_SENTINELONE_AGENT_SOURCE_DOCUMENT_STORAGE_ENABLED
• Azure Web App Resource Enhancement: Expanded the WebApp resource with new fields for Azure to indicate whether VNet routing is enabled for various configuration options.
• Vulnerability Instance Deduplication: Added process to remove duplicate occurrences of Instance resources from the list of resources on the vulnerabilities page when the instance has been assessed after getting a new base image.
• External Database Scanning Support: Added support for External Scanning of Database Instances. Database Instances can now show up in Layered Context with the ‘Public (Validated)’ Label under ‘Public Access’. Controlled by Feature Flag PA_DBINSTANCE_EXTERNAL_SCANNER which is default not enabled.
• IaC Private Endpoint Enhancement: Added option to select the scanning method in the private endpoint.

New Insights

• Web App Without VNet Content Sharing Enabled: Identifies Azure Web Apps that do not have VNet content sharing enabled.
• Web App Without VNet Enabled For Image Pulls: Identifies Azure Web Apps that do not have VNet enabled for image pulls.
• Database Instance With Internet Routable IP Address (Validated): Identifies Database Instances with validated internet-routable IP addresses through external scanning.

Updated Insights

• Kubernetes Insights Deprecation: Deprecated the following insights as the same insights are already defined on ClusterRoles and that is sufficient:
  • Minimize access to the proxy sub-resource of nodes on Roles
  • Minimize access to the approval sub-resource of certificatesigningrequests objects on Roles
  • Minimize access to webhook configuration objects on Roles
• App Service Not Enforcing Client Certificate Validation: Updated content.

New Query Filters

• Web App Without VNet Image Pull Enabled: Filters Azure Web Apps without VNet image pull enabled.
• Web App Without VNet Content Share Enabled: Filters Azure Web Apps without VNet content share enabled.
• Web App Without VNet Backup Restore Enabled: Filters Azure Web Apps without VNet backup restore enabled.
• Database Instance With Internet Routable IP Address (Validated): Filters Database Instances with validated internet-routable IP addresses.

Fixed

• Fixed error when opening the Resource Details panel of an application in Applications.
• Resolved issue with stale Source Documents for ServiceEncryptionKey resource.
• Handled occasional exception which caused Azure Database Instance harvester to fail while listing backup retention policies for Managed SQL instances.
• Fixed NoProviderCredentialsException exception to be silenced when attempting to harvest global data on startup without credentials for certain clouds.

Version 25.11.4

Software release date: November 4, 2025 | Release notes published: November 3, 2025

Improved

• Access Explorer UI Enhancement: The Modern Experience is now the default and only UI for Access Explorer. The toggle to switch back to the old UI has been permanently removed.
• Azure Web App Resource Enhancement: Expanded WebApp resource with new field to indicate whether VNet routing is enabled for outbound traffic, providing better visibility into network configuration.
• Organization Management Enhancement: Added picklists for parent folder and skip lists in Organizations edit UI for AWS, Azure, and GCP. This may slightly change behavior, so you are advised to re-examine your opt-ins and opt-outs to ensure appropriate accounts are harvested.
• Resource Attribute Handling Improvement: Dropped HashAttr usage from Subnets and ResourceAccessLists to improve attribute handling. This addresses issues around the relationship between these resource types.
• CSP Organization Monitoring: Added column for CSP Organization status that indicates synchronization status and added status changes to system events for better tracking.
• Insight Exceptions Enhancement: Preserve insight exceptions even when their associated resources are deleted (Feature Flagged).

New Insights

• Web App Without Vnet Routing Enabled: Identifies Azure Web Apps that do not have VNet routing enabled for outbound traffic.
• App Service Plan SKU Without Private Endpoint Support: Identifies App Service Plans using SKUs that do not support private endpoints.
• Workspaces without User Access Activity (AWS) in the last 30 days: Added insight for workspaces without user activity (maps to Recommendation 2.14 - CIS AWS End User Compute Services Benchmark v1.2.0).

New Query Filters

• Web App Without Vnet Routing Enabled: Filters Azure Web Apps without VNet routing enabled for outbound traffic.
• App Service Plan SKU Without Private Endpoint Support: Filters App Service Plans using SKUs that do not support private endpoints.

Updated Insights

• Web App Allowing a Configuration State of All Allowed: Updated with current links providing context on:
  • State of FTP / FTPS service
  • Managing web apps using Command Line
  • How to set web apps using PowerShell

New Resources

• Kubernetes Gateway Support: Added support for Kubernetes Gateway resources.
• AWS DevOps Guru Integration: Added support for DevOps Guru Insight resources (AWS specific) with new DevOpsGuruInsightHarvester.
  • New permission required: devops-guru:ListInsights

Fixed

• Resolved an issue causing the Azure NetworkFirewallHarvester to fail on some legacy firewalls using classic rules.
• Fixed an issue where Kubernetes resources did not show correct Latest Harvest time.
• Resolved an issue where hiding columns in the resource-listing-table caused the remaining columns to become excessively wide. Table columns now resize appropriately based on visible selections for a more user-friendly experience.

Top of page

SIEM (InsightIDR)

No updates released at this time.

Top of page

Vulnerability Management (InsightVM)

• 8.30.0
• 8.29.0
• 8.28.0
• 8.27.0

Version 8.30.0

Software release date: Nov 26, 2025 | Release notes published: Nov 24, 2025

Improved:

• The InsightVM Security Console interface has been updated with a refreshed visual design, delivering a modernized, cleaner look for improved usability. This brings the Security Console’s appearance in line with other Rapid7 platform products for a more consistent user experience.
  • Note: This update is purely visual — no changes have been made to functionality, navigation, or workflows.
• New Policy Content: Support has been added for the following versions of CIS and STIG benchmarks to enable organizations to adhere to the latest security best practices:

  • Linux:

    • CIS Ubuntu Linux 20.04 LTS Benchmark v3.0.0
    • CIS Ubuntu Linux 20.04 LTS Benchmark v3.0.0
    • CIS SUSE Linux Enterprise 15 Benchmark v2.0.1
    • CIS SUSE Linux Enterprise 12 Benchmark v3.2.1
    • CIS Red Hat Enterprise Linux 8 STIG Benchmark v2.0.0

  • Microsoft Windows Server:

    • CIS Microsoft Windows Server 2022 STIG Benchmark v2.0.0
    • CIS Microsoft Windows Server 2022 Stand-alone Benchmark v1.0.0
    • CIS Microsoft Windows Server 2022 Benchmark v4.0.0
    • CIS Microsoft Windows Server 2019 STIG Benchmark v4.0.0
    • CIS Microsoft Windows Server 2019 Benchmark v4.0.0

  • Microsoft Windows Client:

    • CIS Microsoft Windows 10 Stand-alone Benchmark v4.0.0
    • CIS Microsoft Windows 10 Enterprise Benchmark v4.0.0

Version 8.29.0

Software release date: Nov 19, 2025 | Release notes published: Nov 17, 2025

Improved:

• New Policy Content: CIS Microsoft Windows 10 Stand-alone Benchmark v4.0.0. Added built-in policy support for the CIS Microsoft Windows 10 Stand-alone Benchmark version 4.0.0, enabling organizations to assess Windows 10 configurations against updated security best practices.

Fixed:

• Fixed an issue where the asset graph displayed assets that should have been excluded based on retention settings. The graph now correctly reflects only assets within the defined retention period.
• Fixed an issue preventing the successful retrieval of vulnerabilities via the /api/3/assets/{id}/services/{protocol}/{port}/vulnerabilities API endpoint for certain assets. This was resolved for services on assets that contained data for multiple Network Interface Cards (NICs).
• Resolved a UI issue preventing the loading of the vulnerability investigation page.

Version 8.28.0

Software release date: Nov 07, 2025 | Release notes published: Nov 07, 2025

Improved:

• Implemented optimisations to reduce excessive memory consumption, significantly improving system stability during intensive operations

Fixed:

• Addressed an issue impacting certain Linux systems using the latest version of the Scan Assistant

Version 8.27.0

Software release date: Nov 05, 2025 | Release notes published: Nov 03, 2025

Improved:

• Recurring vulnerability coverage has been added for Dell PowerEdge systems, expanding visibility into risks affecting common enterprise hardware.

Fixed:

• Resolved an issue in APIv3 where tags were not returned correctly when no filter parameters were specified.
• Fixed a bug preventing users from removing associated SIDs from existing shared credentials, ensuring credentials can now be fully edited and managed.
• Addressed formatting issues in the Detailed Policy Report, specifically within the Passed and Failed results section, to improve layout consistency and readability.

Top of page

Nexpose

• 8.30.0
• 8.29.0
• 8.28.0
• 8.27.0

Version 8.30.0

Software release date: Nov 26, 2025 | Release notes published: Nov 24, 2025

Improved:

• The InsightVM Security Console interface has been updated with a refreshed visual design, delivering a modernized, cleaner look for improved usability. This brings the Security Console’s appearance in line with other Rapid7 platform products for a more consistent user experience.
  • Note: This update is purely visual — no changes have been made to functionality, navigation, or workflows.
• New Policy Content: Support has been added for the following versions of CIS and STIG benchmarks to enable organizations to adhere to the latest security best practices:

  • Linux:

    • CIS Ubuntu Linux 20.04 LTS Benchmark v3.0.0
    • CIS Ubuntu Linux 20.04 LTS Benchmark v3.0.0
    • CIS SUSE Linux Enterprise 15 Benchmark v2.0.1
    • CIS SUSE Linux Enterprise 12 Benchmark v3.2.1
    • CIS Red Hat Enterprise Linux 8 STIG Benchmark v2.0.0

  • Microsoft Windows Server:

    • CIS Microsoft Windows Server 2022 STIG Benchmark v2.0.0
    • CIS Microsoft Windows Server 2022 Stand-alone Benchmark v1.0.0
    • CIS Microsoft Windows Server 2022 Benchmark v4.0.0
    • CIS Microsoft Windows Server 2019 STIG Benchmark v4.0.0
    • CIS Microsoft Windows Server 2019 Benchmark v4.0.0

  • Microsoft Windows Client:

    • CIS Microsoft Windows 10 Stand-alone Benchmark v4.0.0
    • CIS Microsoft Windows 10 Enterprise Benchmark v4.0.0

Version 8.29.0

Software release date: Nov 19, 2025 | Release notes published: Nov 17, 2025

Improved:

• New Policy Content: CIS Microsoft Windows 10 Stand-alone Benchmark v4.0.0. Added built-in policy support for the CIS Microsoft Windows 10 Stand-alone Benchmark version 4.0.0, enabling organizations to assess Windows 10 configurations against updated security best practices.

Fixed:

• Fixed an issue where the asset graph displayed assets that should have been excluded based on retention settings. The graph now correctly reflects only assets within the defined retention period.
• Fixed an issue preventing the successful retrieval of vulnerabilities via the /api/3/assets/{id}/services/{protocol}/{port}/vulnerabilities API endpoint for certain assets. This was resolved for services on assets that contained data for multiple Network Interface Cards (NICs).
• Resolved a UI issue preventing the loading of the vulnerability investigation page.

Version 8.28.0

Software release date: Nov 07, 2025 | Release notes published: Nov 07, 2025

Improved:

• Implemented optimisations to reduce excessive memory consumption, significantly improving system stability during intensive operations

Fixed:

• Addressed an issue impacting certain Linux systems using the latest version of the Scan Assistant

Version 8.27.0

Software release date: Nov 05, 2025 | Release notes published: Nov 03, 2025

Improved:

• Recurring vulnerability coverage has been added for Dell PowerEdge systems, expanding visibility into risks affecting common enterprise hardware.

Fixed:

• Resolved an issue in APIv3 where tags were not returned correctly when no filter parameters were specified.
• Fixed a bug preventing users from removing associated SIDs from existing shared credentials, ensuring credentials can now be fully edited and managed.
• Addressed formatting issues in the Detailed Policy Report, specifically within the Passed and Failed results section, to improve layout consistency and readability.

Top of page

Digital Risk Protection (Threat Command)

No updates released at this time.

Top of page

Rapid7 Agent (Insight Agent)

Version 4.0.20.15

Software release date: Nov 17, 2025 | Release notes published: Nov 17, 2025

New

• The Rapid7 Agent (Insight Agent) now supports macOS 26 (Tahoe), starting with the previous version 4.0.19.25. We conducted internal tests after the October 4.0.19.25 release to confirm its compatibility.

Improved:

• We upgraded the OpenSSL and Python libraries used by the Rapid7 Agent (Insight Agent) to version 3.5.2 and 3.13.7 respectively to resolve CVEs associated with previous versions. This upgrade applies to all currently-supported operating systems and architectures.
• In preparation for the planned VBScript deprecation by Microsoft , we migrated VBScript code to C++/C# in Rapid7 Agent (Insight Agent) installer packages for Windows.

Updated Operating System Support:

• As of version 4.0.20.15, the Rapid7 Agent (Insight Agent) no longer supports the following operating systems for any architecture:

  • Ubuntu 24.10
  • Open Suse LEAP 15.5
  • Fedora 40

  For the complete list of supported and unsupported operating systems, refer to our docs .

Top of page

Next-Generation Antivirus

Software release period: November 14, 2025 - December 12, 2025 | Release notes published: November 17, 2025

New:

Starting November 14, 2025, we’re rolling out On-Demand Scanning for Next-Generation Antivirus (NGAV). This new capability lets you run antivirus scans across your environment, without waiting for files to be accessed. It complements NGAV’s on-access protection by allowing you to proactively scan for known malware on Windows, Linux, and macOS assets.

Note: If autoupdates are enabled in your environment, you’ll receive this update automatically. If autoupdates are not enabled, you can reach out to your Cybersecurity Advisor for the installer package.

With On-Demand Scanning, you can:

• Run Quick or Full Scans by organization, prevention group, or specific assets.
• Choose a scan action: disinfect threats immediately or run detection-only.
• Track scan status in real time, with results retained for 5 days.
• Investigate detections: alerts are automatically sent to SIEM (InsightIDR) as high-priority for triage.

To run on-demand scans, ensure:

• Rapid7 Agent (Insight Agent) version is 4.0.19 or later.
• NGAV version is 2.0+ (Windows) or 3.0+ (Linux/macOS).
• On-Access Scanning engine is enabled.
• On-Demand Scanning is turned on in Security Settings.

Impacted offerings:

• Managed Detection and Response
• Managed Threat Complete with the Next-Generation Antivirus add-on

Where: Command Platform > Administration > Data Collection > Agents

Improved:

We’ve added a new Antivirus Health status of “Disabled” to improve visibility when On-Access Scanning is intentionally turned off. This change clarifies that the On-Access Scanning engine is not running and real-time protection is inactive.

Top of page

Ransomware Prevention

No updates released at this time.

Top of page

Velociraptor

No updates released at this time.

Top of page