October 2025 Release Notes
The Command Platform release notes include information about what’s new, which are updated monthly, and improvements and fixes, which are updated weekly.
Last updated: October 20th, 2025
What’s New
Learn about new features across the Command Platform. These features were released over the past month and are available now:
Risk
Risk is the potential for loss or damage to your assets, operations, or reputation, due to vulnerabilities being exploited by a bad actor. Security teams must assess the risk level by evaluating the likelihood of a threat occurring and the impact that it would have if realized.
Simplify compliance with risk-aware visibility
Cloud Security (InsightCloudSec) now offers a modernized Risk-Aware Compliance experience that makes it easier to identify and remediate misconfigurations in the cloud. This new interface provides a consistent, user-friendly view across compliance features, helping you quickly assess compliance posture and adopt new capabilities more effectively.
With this capability in Findings > Misconfigurations, you can:
- Benefit from significantly improved performance for faster risk analysis and compliance assessments.
- Easily detect misconfigured assets in relation to the compliance standards that matter most to your organization.
- Visualize exemption status to optimize workflows and reduce manual overhead.
- Leverage enhanced tag visibility to manage and organize cloud infrastructure more effectively.
Accelerate risk reduction with Remediation Hub
Starting in August 2025, all Vulnerability Management (InsightVM) customers gained access to Remediation Hub, a centralized workspace that delivers a prioritized list of high-impact remediation actions. Powered by our threat-aware Active Risk Score, Remediation Hub helps security teams focus on the changes that drive the greatest risk reduction.
With this capability in Response & Remediation > Remediation Hub, you can:
- Resolve large volumes of vulnerabilities at once by focusing on remediation solutions that address them in bulk.
- Rely on intelligent logic to identify the most effective fix and reduce duplicated effort.
- Direct remediation teams to the actions with the greatest security impact.
Smarter filters and deeper insights in Remediation Hub
Security teams often need to cut through noise, meet SLAs, and streamline patching across complex environments. With enhanced filtering and richer context in Remediation Hub, you can focus on the vulnerabilities that matter most, align remediation efforts with business priorities, and plan patches with greater confidence.
With this update in Response & Remediation > Remediation Hub, you can:
- Filter by CVSS score to see only remediations that address vulnerabilities meeting or exceeding your selected severity threshold.
- Filter by Active Risk score to quickly identify and prioritize vulnerabilities that present the most risk to your environment.
Threat
A threat is any potential event or action that could exploit vulnerabilities in a system, causing harm to assets, data, or operations. Threats can originate from various sources, including malicious actors, natural disasters, or unintentional human errors.
Enhance threat coverage with migrated detection rules
The SIEM (InsightIDR) Detection Library continues to expand, delivering faster and broader threat detection capabilities. This month, we’ve migrated 4 legacy rules as part of our ongoing effort to unify and strengthen your detection experience.
With these updates available in Detection Rules > Detection Rule Library, you can:
- Stay ahead of emerging threats – detect high-risk activities such as watched or admin-led password resets with new rules.
- Streamline rule management – view migrated User Behavior Analytics (UBA) rules in a unified Detection Library.
- Improve response efficiency – gain faster insight into potential threats with consistent rule access.
Migrated Legacy Rules:
- Account Visits Suspicious Link.
- Ingress from Community Threat.
- Network Access for Threat.
- Suspicious Process Hash Discovered.
Improvements and Fixes
Keep track of improvements and fixes to core technology.
Application Security (InsightAppSec) and AppSpider
No updates released at this time.
Cloud Security (InsightCloudSec)
Release availability for self-hosted users
Self-hosted users will be able to download 25.10.21 version on October 28th from the following locations:
- Terraform deployments: Public S3 bucket . Modules can be updated with the
terraform get -updatecommand. - Amazon Elastic Container Repository (ECR) deployments: You can obtain the ECR build images for this version from the InsightCloudSec ECR Gallery
Version 25.10.21
Software release date: October 21, 2025 | Release notes published: October 20, 2025
Important Notes
- Impact of Vulnerability Assessment Extension Changes: These changes may potentially affect the results of existing bots that rely on the Instance Without Vulnerability Assessment Extension insight or related Query Filters.
- Reason for Extension Changes: Microsoft has deprecated “Enable vulnerability scanning with the integrated Qualys scanner”, making the previous extensions obsolete.
- BotFactory UI Updates: We have begun gradually removing the ‘Switch to Legacy UI’ toggle on the BotFactory page. For our self-hosted customers, this update is currently planned for mid-November.
Improved
- New UI for the Resources page is now the default and only option for rendering resources content. The toggle to switch back to the old UI has been permanently removed.
- Access Explorer page UI toggle is set to Modern UI by default. Users can still switch to the old UI.
- Enhanced Column Sorting in Layered Context: Updated sorting behavior for risk-focused columns to display the most critical items first by default:
- Sensitive Data: Riskiest resources now appear at the top
- Public Access: Resources with public exposure are prioritized
- Insights: Critical insights displayed first
- Vulnerabilities: High-severity vulnerabilities shown first
- Threat Findings: Most severe threats prioritized
- This change makes it easier for users to identify and prioritize high-risk items for remediation.
- AWS GuardDuty Support: Added support for AWS GuardDuty findings that don’t have specific ICS supported resource type mappings.
- IaC Exceptions Enhancement: Enhanced IaC Exceptions with new settings capabilities:
- Maximum age configuration
- Required approver settings
- Required approver email configuration
- Note: “Exemptions” has been renamed to “Exceptions” with settings impacting both Insight Exceptions and IaC Exceptions.
- ServerlessFunction Environment Variables: Added new field
environment_variables_configuredforServerlessFunctionsresources as the source of truth for AWS and GCP Serverless Functions environment variable configuration.- Handles edge cases where AWS Lambda
environment_variablescannot be decrypted but ICS can still infer configuration status - Addresses
AccessDeniedExceptionscenarios in AWSListFunctionscalls - When access is denied,
environment_variables,environment_variable_count, andcontains_secretsfields are set toNone
- Handles edge cases where AWS Lambda
- AWS Region Updates:
AppStreamFleetHarvesterandAppStreamImageHarvesternow harvest all supported regions correctly. Regionca-west-1was removed due to being unsupported. - GuardDuty Region Support:
ServiceDetectorHarvestermanually added all regions supporting GuardDuty. - API Gateway Policy Enhancement: Added new dispatcher to
RestApiHarvesterto retrieve active policies from each AWS API Gateway v1 stage, ensuring accurate policy information at the stage level. - Naming Consistency: Updated all references from “Exemptions” to “Exceptions” throughout Cloud Security for consistency with IaC Exceptions release.
New AWS Services and Harvesters
- AWS Amplify Apps: Added
AmplifyAppHarvesterfor AWS Amplify Apps with ICS resource typeamplifyapp.- New permission required:
amplify:ListApps
- New permission required:
- AWS CodePipeline: Added
CodePipelineHarvesterfor AWS and AWS_GOV accounts.- New permissions required:
codepipeline:ListPipelinescodepipeline:GetPipeline
- New permissions required:
- AWS Rekognition Media Analysis: Added
MediaAnalysisJobHarvesterfor AWS Rekognition Media Analysis Job support.- New permission required:
rekognition:ListMediaAnalysisJobs
- New permission required:
- AWS AppFlow: Added
AppflowHarvesterfor AWS AppFlow services.- New permission required:
appflow:ListFlows
- New permission required:
New Azure Services and Harvesters
- Azure Maps: Added
MapHarvesterfor Azure Maps accounts.- New permission required:
Microsoft.Maps/accounts/read - Available actions: delete and add tags
- New permission required:
- Microsoft Fabric Support: ICS now supports harvesting of Microsoft Fabric “Capacity” resources for commercial Azure accounts.
New Query Filters
- Amplify App Without Web Application Firewall
- Amplify App Using Basic Auth
- Local Authentication Turned Off On Map Account
- Rekognition Media Analysis Job Status
- Rekognition Media Analysis Job data is Publicly Exposed
Updated Query Filters
- Network Endpoint With/Without Public Access (AWS) has been renamed to Network Endpoint Policy Allows All Principals
- Updated Serverless Function With Environment Variables and Serverless Function Without Environment Variables to use the new
environment_variables_configuredfield. - Instance or Autoscaling Group Without a Vulnerability Assessment Extension Installed: Updated to reflect Microsoft’s deprecation of Qualys scanner extensions:
- Removed extensions:
LinuxAgent.AzureSecurityCenterWindowsAgent.AzureSecurityCenter
- Added extensions:
MDE.LinuxMDE.Windows
- Removed extensions:
New Insights
- Rekognition Media Analysis Job Has Publicly Exposed Data
Updated Insights
- Instance Without Vulnerability Assessment Extension: No longer checks for deprecated Azure Security Center extensions and now includes new MDE extensions.
Fixed
- Fixed issue where read-only admins were unable to view subscriptions.
- Resolved occasional exception that caused Azure Database Instance harvester to fail while listing backup retention policies for SQL instances.
- Updated exemption report emails to use “Exception” terminology instead of “Exemption”.
- Updated email footer in Exception reports from “Divvy Cloud corp” to “Rapid7”.
Version 25.10.7
Software release date: October 7, 2025 | Release notes published: October 6, 2025
Improved
- Misconfigurations page is now in Phase 2 (Modern UI is default, revert option is available).
- Added support for AWS GovCloud in
ServiceEventBusHarvesterandServiceEventRuleHarvester. - Enhanced secret detection with new regex pattern for identifying AWS API Keys within Environment Variables when searching for Secrets in Plaintext.
- Added support for the new AWS resource CodeDeploy Application with
CodeDeployApplicationHarvester.- New permissions required:
codedeploy:ListApplicationscodedeploy:GetApplication
- New permissions required:
- Enhanced
WebAppHarvestharvester to properly handleAuthorizationFailederrors by settinghttp20_enabledvalue tonullinstead of defaulting toTrue. - Updated User Management interface text from “Lock/Unlock” to “Suspend/Activate” for improved clarity.
- Updated Recommended Remediation steps for insights:
- Instance Containing Sensitive Information In User Data (AWS)
- Instance Containing Sensitive Information In User Data Outside of Autoscaling Group (AWS)
- Revised AWS onboarding script with enhanced features and additional configuration options.
Fixed
- Fixed Tag Explorer UI scoping issues that were affecting resource filtering.
- Hidden Actions and Reconfigure buttons on BotFactory page (Modern UI) for users with Read Only permissions.
- Resolved Layered Context click handler issues on Applications that were causing broken view states.
- Restored Badges Dropdown functionality in the Clouds tab within Resource Scope panel.
- Fixed Tag Explorer interaction issues with the Scopes panel that were preventing proper filtering operations.
BotFactory UI
Starting in October 2025, we will begin a gradual removal of the ‘Switch to Legacy UI’ toggle on the BotFactory page. For our self-hosted customers, this update is currently planned for the middle of November.
Attention: There will be no release during the week of October 13. The next release will be on October 21, 2025.
Upcoming changes for 25.10.21
The following extensions will be removed from QF “Instance or Autoscaling Group Without a Vulnerability Assessment Extension Installed”:
- LinuxAgent.AzureSecurityCenter
- WindowsAgent.AzureSecurityCenter
The following extensions will be added:
- MDE.Linux
- MDE.Windows
Impact: As a result, the “Instance Without Vulnerability Assessment Extension” insight will no longer check for the deprecated extensions and will include the new MDE extensions. These changes may potentially affect the results of existing bots that rely on this Insight or Query Filter.
Reason for this change: Microsoft has deprecated “Enable vulnerability scanning with the integrated Qualys scanner”, making these extensions obsolete.
SIEM (InsightIDR)
No updates released at this time.
InsightVM
Vulnerability Management (InsightVM)
Version 8.25.0
Software release date: Oct 22, 2025 | Release notes published: Oct 22, 2025
Improved:
- Added support for IP exclusions within both Shared Scan Credential restrictions and Site Configuration credential settings, allowing for more granular control over where credentials are applied during scans.
- Enhanced fingerprinting logic for Spring Cloud Function Core to improve version detection reliability across diverse environments.
Fixed:
- Fixed an issue that prevented accurate detection of JetBrains installations on Linux systems, ensuring these assets are now properly evaluated during scans.
- Fixed issues in fingerprinting logic for Adobe Creative Cloud and Adobe Acrobat Reader DC Font Pack that previously resulted in false positives. These products are now more accurately detected during scans.
Version 8.24.0
Software release date: Oct 15, 2025 | Release notes published: Oct 14, 2025
Improved:
- Added support for Certificate-Based SSH Authentication as a credential option for authenticated scans of Linux/Unix systems. This enhancement enables more secure, scalable access using OpenSSH certificates, helping customers reduce credential sprawl, simplify key management, and align with modern security and compliance practices.
- Added built-in policy support for CIS Microsoft Windows 11 Benchmark v4.0.0, expanding secure configuration assessment capabilities.
- Enhanced device fingerprinting for Cisco ISE by incorporating patch-level details, reducing false positives during asset identification.
Fixed:
- Resolved an issue where export formats were unavailable for reports when configured via Silo Management in the Security Console.
- Fixed an issue impacting the application of password expiration when passwords were changed via the API.
Version 8.23.0
Software release date: Oct 6, 2025 | Release notes published: Oct 3, 2025
Improved:
- Custom CSV reports now include a new data field for the Fully Qualified Domain Name (FQDN) of assets, providing enhanced clarity and traceability in exported asset data.
- A new column has been added to the Scan Engine section, allowing users to view and sort by Scan Engine ID for easier engine identification and management.
- Web application fingerprinting has been optimized to pause after 5 consecutive failed attempts, reducing scan duration for problematic assets. This behavior can be configured via a custom property.
- Updated API endpoints to further bolster stringent authentication protocols, enhancing overall security posture.
Fixed:
- Fixed an issue that impacted the reporting of adjusted Risk Scores, particularly where scores were modified based on criticality. Risk scores now reflect accurately across both UI and reports.
Nexpose
Version 8.25.0
Software release date: Oct 22, 2025 | Release notes published: Oct 22, 2025
Improved:
- Added support for IP exclusions within both Shared Scan Credential restrictions and Site Configuration credential settings, allowing for more granular control over where credentials are applied during scans.
- Enhanced fingerprinting logic for Spring Cloud Function Core to improve version detection reliability across diverse environments.
Fixed:
- Fixed an issue that prevented accurate detection of JetBrains installations on Linux systems, ensuring these assets are now properly evaluated during scans.
- Fixed issues in fingerprinting logic for Adobe Creative Cloud and Adobe Acrobat Reader DC Font Pack that previously resulted in false positives. These products are now more accurately detected during scans.
Version 8.24.0
Software release date: Oct 15, 2025 | Release notes published: Oct 14, 2025
Improved:
- Added support for Certificate-Based SSH Authentication as a credential option for authenticated scans of Linux/Unix systems. This enhancement enables more secure, scalable access using OpenSSH certificates, helping customers reduce credential sprawl, simplify key management, and align with modern security and compliance practices.
- Added built-in policy support for CIS Microsoft Windows 11 Benchmark v4.0.0, expanding secure configuration assessment capabilities.
- Enhanced device fingerprinting for Cisco ISE by incorporating patch-level details, reducing false positives during asset identification.
Fixed:
- Resolved an issue where export formats were unavailable for reports when configured via Silo Management in the Security Console.
- Fixed an issue impacting the application of password expiration when passwords were changed via the API.
Version 8.23.0
Software release date: Oct 6, 2025 | Release notes published: Oct 3, 2025
Improved:
- Custom CSV reports now include a new data field for the Fully Qualified Domain Name (FQDN) of assets, providing enhanced clarity and traceability in exported asset data.
- A new column has been added to the Scan Engine section, allowing users to view and sort by Scan Engine ID for easier engine identification and management.
- Web application fingerprinting has been optimized to pause after 5 consecutive failed attempts, reducing scan duration for problematic assets. This behavior can be configured via a custom property.
- Updated API endpoints to further bolster stringent authentication protocols, enhancing overall security posture.
Fixed:
- Fixed an issue that impacted the reporting of adjusted Risk Scores, particularly where scores were modified based on criticality. Risk scores now reflect accurately across both UI and reports.
Digital Risk Protection (Threat Command)
No updates released at this time.