November 2025 Release Notes

The Command Platform release notes include information about what’s new, which are updated monthly, and improvements and fixes, which are updated weekly.

What’s New

Learn about new features across the Command Platform. These features were released over the past month and are available now:

• Risk: Exposure Command, Cloud Security (InsightCloudSec), Vulnerability Management (InsightVM)

• Threat: SIEM (InsightIDR), Cloud Security (InsightCloudSec), Managed Threat Complete, MDR

• Administration: Cloud Security (InsightCloudSec), Exposure Command

• Risk

  • Focus Remediation Efforts with Asset Group Prioritization

• Threat

  • Accelerate Response with Remediation Recommendations for Google Cloud Platform (GCP) SCC
  • Boost Productivity with Multi-Tab Search Analysis
  • Enrich Alerts with Identity Context from Microsoft Entra
  • Enhance Threat Coverage with Migrated Detection Rules
  • Upgrade SIEM (InsightIDR) Customers to Incident Command

• Administration

  • Unified Exceptions Handling and Manage Accepted Risk in IaC

Risk

Risk is the potential for loss or damage to your assets, operations, or reputation, due to vulnerabilities being exploited by a bad actor. Security teams must assess the risk level by evaluating the likelihood of a threat occurring and the impact that it would have if realized.

• Focus Remediation Efforts with Asset Group Prioritization

Focus Remediation Efforts with Asset Group Prioritization

In Remediation Hub, teams using Exposure Command, Cloud Security (InsightCloudSec), and Vulnerability Management (InsightVM) can now prioritize remediation actions based on asset and resource groups to better align with business objectives. This enhancement introduces smarter filters and richer context to help teams focus on what matters most—without the noise.

With this capability in Response & Remediation > Remediation Hub, you can:

• Prioritize remediation based on asset and resource groups–leverage contextual groupings to align remediation with your business priorities.
• Leverage site data in a consolidated filter–gain a unified, contextual view of your environment.
• Cut down on clicks–gain faster insight into high-priority exposures.

Top of page

Threat

A threat is any potential event or action that could exploit vulnerabilities in a system, causing harm to assets, data, or operations. Threats can originate from various sources, including malicious actors, natural disasters, or unintentional human errors.

• Accelerate Response with Remediation Recommendations for Google Cloud Platform (GCP) SCC
• Boost Productivity with Multi-Tab Search Analysis
• Enrich Alerts with Identity Context from Microsoft Entra
• Enhance Threat Coverage with Migrated Detection Rules
  • Upgrade SIEM (InsightIDR) Customers to Incident Command

Accelerate Response with Remediation Recommendations for Google Cloud Platform (GCP) SCC

Security teams using SIEM (InsightIDR), Cloud Security (InsightCloudSec), Managed Threat Complete, or MDR can now access expert-driven remediation guidance for Google Cloud Platform (GCP) Security Command Center (SCC) alerts. These recommendations help deliver faster, more consistent responses through enriched cloud context.

With this capability in Alerts > Alert Details, you can:

• Respond faster–get clear, structured remediation steps per alert group.
• Improve consistency–leverage expert insights and automation scripts.
• Reduce time to containment–take immediate, informed action on cloud threats.

Top of page

Boost Productivity with Multi-Tab Search Analysis

SIEM (InsightIDR) now includes Multi-Tab analysis in Log Search, enabling investigators to work across multiple tabs within a single browser window. This update eliminates context switching and redundant query creation, helping analysts stay focused.

With this update in Search > Log Search, you can:

• Open multiple tabbed searches side-by-side–explore different angles of investigation simultaneously.
• Maximize any tab–use screen space efficiently while diving into search results.
• Eliminate redundant work–reduce window sprawl and query duplication.

Top of page

Enrich Alerts with Identity Context from Microsoft Entra

SIEM (InsightIDR) now integrates Microsoft Entra ID as an event source, enabling deeper visibility into identity-based activity across your environment. This enhancement strengthens detection and response workflows by enriching logs with user context.

With this new event source in Data Connectors > Data Collectors, you can:

• Improve triage workflows–attribute alerts to specific users at ingestion time.
• Reduce false positives–resolve identities more accurately.
• Accelerate investigations–pinpoint responsible users faster.
• Enhance threat detection–gain identity-driven risk insights.

Top of page

Enhance Threat Coverage with Migrated Detection Rules

All legacy detection rules in SIEM (InsightIDR) have now been migrated to the Detection Rule Library, providing faster and broader detection capabilities through a unified interface.

With this capability in Intelligence > Detection Rules, you can:

• Stay ahead of emerging threats–detect high-risk activities such as watched or admin-led password resets with new rules.
• Streamline rule management–view migrated User Behavior Analytics (UBA) rules in a unified Detection Library.
• Improve response efficiency–gain faster insight into potential threats with consistent rule access.

Top of page

Upgrade SIEM (InsightIDR) Customers to Incident Command

SIEM (InsightIDR) customers migrating to Incident Command gain an AI-native, unified platform that turns risk insights into confident response. This helps address SOC challenges like alert fatigue, fragmented tooling, and slow triage.

With this upgrade in Incident Command, you can:

• Accelerate response times with AI-driven triage and automation–reduce investigation cycles and increase speed to resolution.
• Unify context and workflows–bring together exposure, detection, and threat intelligence in one seamless platform experience.
• Improve decision-making through guided insights–help every analyst operate with senior-level precision.

Top of page

Administration

Administration focuses on refining platform controls, improving navigation, and enhancing user management. Updates streamline permissions, configurations, and logging, creating a more intuitive and efficient experience for administrators.

• Unified Exceptions Handling and Manage Accepted Risk in IaC

Unified Exceptions Handling and Manage Accepted Risk in IaC

Cloud Security (InsightCloudSec) now uses the term “Exceptions” instead of “Exemptions,” aligning accepted-risk workflows across the platform. In addition, you can now manage exceptions for Infrastructure as Code (IaC) findings, streamlining triage and reporting.

With this enhancement in Controls & Compliance > Infrastructure as Code, you can:

• Define and manage exceptions for IaC insights–standardize how known issues are documented and handled.
• Streamline triage and remediation workflows–efficiently manage accepted risk in IaC environments.
• Maintain a comprehensive audit trail–ensure accountability and support compliance reporting.

Top of page

Improvements and Fixes

Keep track of improvements and fixes to core technology.

Application Security (InsightAppSec) and AppSpider

No updates released at this time.

Top of page

Cloud Security (InsightCloudSec)

• Version 25.11.4

Version 25.11.4

Software release date: November 4, 2025 | Release notes published: November 3, 2025

Improved

• Access Explorer UI Enhancement: The Modern Experience is now the default and only UI for Access Explorer. The toggle to switch back to the old UI has been permanently removed.
• Azure Web App Resource Enhancement: Expanded WebApp resource with new field to indicate whether VNet routing is enabled for outbound traffic, providing better visibility into network configuration.
• Organization Management Enhancement: Added picklists for parent folder and skip lists in Organizations edit UI for AWS, Azure, and GCP. This may slightly change behavior, so you are advised to re-examine your opt-ins and opt-outs to ensure appropriate accounts are harvested.
• Resource Attribute Handling Improvement: Dropped HashAttr usage from Subnets and ResourceAccessLists to improve attribute handling. This addresses issues around the relationship between these resource types.
• CSP Organization Monitoring: Added column for CSP Organization status that indicates synchronization status and added status changes to system events for better tracking.
• Insight Exceptions Enhancement: Preserve insight exceptions even when their associated resources are deleted (Feature Flagged).

New Insights

• Web App Without Vnet Routing Enabled: Identifies Azure Web Apps that do not have VNet routing enabled for outbound traffic.
• App Service Plan SKU Without Private Endpoint Support: Identifies App Service Plans using SKUs that do not support private endpoints.
• Workspaces without User Access Activity (AWS) in the last 30 days: Added insight for workspaces without user activity (maps to Recommendation 2.14 - CIS AWS End User Compute Services Benchmark v1.2.0).

New Query Filters

• Web App Without Vnet Routing Enabled: Filters Azure Web Apps without VNet routing enabled for outbound traffic.
• App Service Plan SKU Without Private Endpoint Support: Filters App Service Plans using SKUs that do not support private endpoints.

Updated Insights

• Web App Allowing a Configuration State of All Allowed: Updated with current links providing context on:
  • State of FTP / FTPS service
  • Managing web apps using Command Line
  • How to set web apps using PowerShell

New Resources

• Kubernetes Gateway Support: Added support for Kubernetes Gateway resources.
• AWS DevOps Guru Integration: Added support for DevOps Guru Insight resources (AWS specific) with new DevOpsGuruInsightHarvester.
  • New permission required: devops-guru:ListInsights

Fixed

• Resolved an issue causing the Azure NetworkFirewallHarvester to fail on some legacy firewalls using classic rules.
• Fixed an issue where Kubernetes resources did not show correct Latest Harvest time.
• Resolved an issue where hiding columns in the resource-listing-table caused the remaining columns to become excessively wide. Table columns now resize appropriately based on visible selections for a more user-friendly experience.

Top of page

SIEM (InsightIDR)

No updates released at this time.

Top of page

Vulnerability Management (InsightVM)

• 8.27.0

Version 8.27.0

Software release date: Nov 05, 2025 | Release notes published: Nov 03, 2025

Improved:

• Recurring vulnerability coverage has been added for Dell PowerEdge systems, expanding visibility into risks affecting common enterprise hardware.

Fixed:

• Resolved an issue in APIv3 where tags were not returned correctly when no filter parameters were specified.
• Fixed a bug preventing users from removing associated SIDs from existing shared credentials, ensuring credentials can now be fully edited and managed.
• Addressed formatting issues in the Detailed Policy Report, specifically within the Passed and Failed results section, to improve layout consistency and readability.

Top of page

Nexpose

• 8.27.0

Version 8.27.0

Software release date: Nov 05, 2025 | Release notes published: Nov 03, 2025

Improved:

• Recurring vulnerability coverage has been added for Dell PowerEdge systems, expanding visibility into risks affecting common enterprise hardware.

Fixed:

• Resolved an issue in APIv3 where tags were not returned correctly when no filter parameters were specified.
• Fixed a bug preventing users from removing associated SIDs from existing shared credentials, ensuring credentials can now be fully edited and managed.
• Addressed formatting issues in the Detailed Policy Report, specifically within the Passed and Failed results section, to improve layout consistency and readability.

Top of page

Digital Risk Protection (Threat Command)

No updates released at this time.

Top of page