October 2025 Release Notes

The Command Platform release notes include information about what’s new, which are updated monthly, and improvements and fixes, which are updated weekly.

What’s New

Learn about new features across the Command Platform. These features were released over the past month and are available now:

• Risk: Exposure Command, Vulnerability Management (InsightVM), Cloud Security (InsightCloudSec)

• Threat: SIEM (InsightIDR)

• Administration: MDR, Managed Threat Complete (MTC)

• Risk

  • Simplify compliance with risk-aware visibility (InsightCloudSec).
  • Accelerate risk reduction with Remediation Hub (InsightVM, Exposure Command).
  • Smarter filters and deeper insights in Remediation Hub (InsightVM).

• Threat

  • Enhance threat coverage with migrated detection rules (InsightIDR).

Risk

Risk is the potential for loss or damage to your assets, operations, or reputation, due to vulnerabilities being exploited by a bad actor. Security teams must assess the risk level by evaluating the likelihood of a threat occurring and the impact that it would have if realized.

• Risk
  • Simplify compliance with risk-aware visibility (Cloud Security (InsightCloudSec)).
  • Accelerate risk reduction with Remediation Hub (Vulnerability Management (InsightVM), Exposure Command).
  • Smarter filters and deeper insights in Remediation Hub (Vulnerability Management (InsightVM)).
• Threat
  • Enhance threat coverage with migrated detection rules (SIEM (InsightIDR)).

Simplify compliance with risk-aware visibility

Cloud Security (InsightCloudSec) now offers a modernized Risk-Aware Compliance experience that makes it easier to identify and remediate misconfigurations in the cloud. This new interface provides a consistent, user-friendly view across compliance features, helping you quickly assess compliance posture and adopt new capabilities more effectively.

With this capability in Findings > Misconfigurations, you can:

• Benefit from significantly improved performance for faster risk analysis and compliance assessments.
• Easily detect misconfigured assets in relation to the compliance standards that matter most to your organization.
• Visualize exemption status to optimize workflows and reduce manual overhead.
• Leverage enhanced tag visibility to manage and organize cloud infrastructure more effectively.

Accelerate risk reduction with Remediation Hub

Starting in August 2025, all Vulnerability Management (InsightVM) customers gained access to Remediation Hub, a centralized workspace that delivers a prioritized list of high-impact remediation actions. Powered by our threat-aware Active Risk Score, Remediation Hub helps security teams focus on the changes that drive the greatest risk reduction.

With this capability in Response & Remediation > Remediation Hub, you can:

• Resolve large volumes of vulnerabilities at once by focusing on remediation solutions that address them in bulk.
• Rely on intelligent logic to identify the most effective fix and reduce duplicated effort.
• Direct remediation teams to the actions with the greatest security impact.

Smarter filters and deeper insights in Remediation Hub

Security teams often need to cut through noise, meet SLAs, and streamline patching across complex environments. With enhanced filtering and richer context in Remediation Hub, you can focus on the vulnerabilities that matter most, align remediation efforts with business priorities, and plan patches with greater confidence.

With this update in Response & Remediation > Remediation Hub, you can:

• Filter by CVSS score to see only remediations that address vulnerabilities meeting or exceeding your selected severity threshold.
• Filter by Active Risk score to quickly identify and prioritize vulnerabilities that present the most risk to your environment.

Top of page

Threat

A threat is any potential event or action that could exploit vulnerabilities in a system, causing harm to assets, data, or operations. Threats can originate from various sources, including malicious actors, natural disasters, or unintentional human errors.

• Enhance threat coverage with migrated detection rules (InsightIDR).

Enhance threat coverage with migrated detection rules

The SIEM (InsightIDR) Detection Library continues to expand, delivering faster and broader threat detection capabilities. This month, we’ve migrated 4 legacy rules as part of our ongoing effort to unify and strengthen your detection experience.

With these updates available in Detection Rules > Detection Rule Library, you can:

• Stay ahead of emerging threats – detect high-risk activities such as watched or admin-led password resets with new rules.
• Streamline rule management – view migrated User Behavior Analytics (UBA) rules in a unified Detection Library.
• Improve response efficiency – gain faster insight into potential threats with consistent rule access.

Migrated Legacy Rules:

• Account Visits Suspicious Link.
• Ingress from Community Threat.
• Network Access for Threat.
• Suspicious Process Hash Discovered.

Top of page

Improvements and Fixes

Keep track of improvements and fixes to core technology.

Application Security (InsightAppSec) and AppSpider

No updates released at this time.

Top of page

Cloud Security (InsightCloudSec)

• Version 25.10.21
• Version 25.10.7

Version 25.10.21

Software release date: October 21, 2025 | Release notes published: October 20, 2025

Important Notes

• Impact of Vulnerability Assessment Extension Changes: These changes may potentially affect the results of existing bots that rely on the Instance Without Vulnerability Assessment Extension insight or related Query Filters.
• Reason for Extension Changes: Microsoft has deprecated “Enable vulnerability scanning with the integrated Qualys scanner”, making the previous extensions obsolete.
• BotFactory UI Updates: We have begun gradually removing the ‘Switch to Legacy UI’ toggle on the BotFactory page. For our self-hosted customers, this update is currently planned for mid-November.

Improved

• New UI for the Resources page is now the default and only option for rendering resources content. The toggle to switch back to the old UI has been permanently removed.
• Access Explorer page UI toggle is set to Modern UI by default. Users can still switch to the old UI.
• Enhanced Column Sorting in Layered Context: Updated sorting behavior for risk-focused columns to display the most critical items first by default:
  • Sensitive Data: Riskiest resources now appear at the top
  • Public Access: Resources with public exposure are prioritized
  • Insights: Critical insights displayed first
  • Vulnerabilities: High-severity vulnerabilities shown first
  • Threat Findings: Most severe threats prioritized
  • This change makes it easier for users to identify and prioritize high-risk items for remediation.
• AWS GuardDuty Support: Added support for AWS GuardDuty findings that don’t have specific ICS supported resource type mappings.
• IaC Exceptions Enhancement: Enhanced IaC Exceptions with new settings capabilities:
  • Maximum age configuration
  • Required approver settings
  • Required approver email configuration
  • Note: “Exemptions” has been renamed to “Exceptions” with settings impacting both Insight Exceptions and IaC Exceptions.
• ServerlessFunction Environment Variables: Added new field environment_variables_configured for ServerlessFunctions resources as the source of truth for AWS and GCP Serverless Functions environment variable configuration.
  • Handles edge cases where AWS Lambda environment_variables cannot be decrypted but ICS can still infer configuration status
  • Addresses AccessDeniedException scenarios in AWS ListFunctions calls
  • When access is denied, environment_variables, environment_variable_count, and contains_secrets fields are set to None
• AWS Region Updates: AppStreamFleetHarvester and AppStreamImageHarvester now harvest all supported regions correctly. Region ca-west-1 was removed due to being unsupported.
• GuardDuty Region Support: ServiceDetectorHarvester manually added all regions supporting GuardDuty.
• API Gateway Policy Enhancement: Added new dispatcher to RestApiHarvester to retrieve active policies from each AWS API Gateway v1 stage, ensuring accurate policy information at the stage level.
• Naming Consistency: Updated all references from “Exemptions” to “Exceptions” throughout Cloud Security for consistency with IaC Exceptions release.

New AWS Services and Harvesters

• AWS Amplify Apps: Added AmplifyAppHarvester for AWS Amplify Apps with ICS resource type amplifyapp.
  • New permission required: amplify:ListApps
• AWS CodePipeline: Added CodePipelineHarvester for AWS and AWS_GOV accounts.
  • New permissions required:
    • codepipeline:ListPipelines
    • codepipeline:GetPipeline
• AWS Rekognition Media Analysis: Added MediaAnalysisJobHarvester for AWS Rekognition Media Analysis Job support.
  • New permission required: rekognition:ListMediaAnalysisJobs
• AWS AppFlow: Added AppflowHarvester for AWS AppFlow services.
  • New permission required: appflow:ListFlows

New Azure Services and Harvesters

• Azure Maps: Added MapHarvester for Azure Maps accounts.
  • New permission required: Microsoft.Maps/accounts/read
  • Available actions: delete and add tags
• Microsoft Fabric Support: ICS now supports harvesting of Microsoft Fabric “Capacity” resources for commercial Azure accounts.

New Query Filters

• Amplify App Without Web Application Firewall
• Amplify App Using Basic Auth
• Local Authentication Turned Off On Map Account
• Rekognition Media Analysis Job Status
• Rekognition Media Analysis Job data is Publicly Exposed

Updated Query Filters

• Network Endpoint With/Without Public Access (AWS) has been renamed to Network Endpoint Policy Allows All Principals
• Updated Serverless Function With Environment Variables and Serverless Function Without Environment Variables to use the new environment_variables_configured field.
• Instance or Autoscaling Group Without a Vulnerability Assessment Extension Installed: Updated to reflect Microsoft’s deprecation of Qualys scanner extensions:
  • Removed extensions:
    • LinuxAgent.AzureSecurityCenter
    • WindowsAgent.AzureSecurityCenter
  • Added extensions:
    • MDE.Linux
    • MDE.Windows

New Insights

• Rekognition Media Analysis Job Has Publicly Exposed Data

Updated Insights

• Instance Without Vulnerability Assessment Extension: No longer checks for deprecated Azure Security Center extensions and now includes new MDE extensions.

Fixed

• Fixed issue where read-only admins were unable to view subscriptions.
• Resolved occasional exception that caused Azure Database Instance harvester to fail while listing backup retention policies for SQL instances.
• Updated exemption report emails to use “Exception” terminology instead of “Exemption”.
• Updated email footer in Exception reports from “Divvy Cloud corp” to “Rapid7”.

Version 25.10.7

Software release date: October 7, 2025 | Release notes published: October 6, 2025

Improved

• Misconfigurations page is now in Phase 2 (Modern UI is default, revert option is available).
• Added support for AWS GovCloud in ServiceEventBusHarvester and ServiceEventRuleHarvester.
• Enhanced secret detection with new regex pattern for identifying AWS API Keys within Environment Variables when searching for Secrets in Plaintext.
• Added support for the new AWS resource CodeDeploy Application with CodeDeployApplicationHarvester.
  • New permissions required:
    • codedeploy:ListApplications
    • codedeploy:GetApplication
• Enhanced WebAppHarvest harvester to properly handle AuthorizationFailed errors by setting http20_enabled value to null instead of defaulting to True.
• Updated User Management interface text from “Lock/Unlock” to “Suspend/Activate” for improved clarity.
• Updated Recommended Remediation steps for insights:
  • Instance Containing Sensitive Information In User Data (AWS)
  • Instance Containing Sensitive Information In User Data Outside of Autoscaling Group (AWS)
• Revised AWS onboarding script with enhanced features and additional configuration options.

Fixed

• Fixed Tag Explorer UI scoping issues that were affecting resource filtering.
• Hidden Actions and Reconfigure buttons on BotFactory page (Modern UI) for users with Read Only permissions.
• Resolved Layered Context click handler issues on Applications that were causing broken view states.
• Restored Badges Dropdown functionality in the Clouds tab within Resource Scope panel.
• Fixed Tag Explorer interaction issues with the Scopes panel that were preventing proper filtering operations.

BotFactory UI

Starting in October 2025, we will begin a gradual removal of the ‘Switch to Legacy UI’ toggle on the BotFactory page. For our self-hosted customers, this update is currently planned for the middle of November.

Attention: There will be no release during the week of October 13. The next release will be on October 21, 2025.

Upcoming changes for 25.10.21

The following extensions will be removed from QF “Instance or Autoscaling Group Without a Vulnerability Assessment Extension Installed”:

• LinuxAgent.AzureSecurityCenter
• WindowsAgent.AzureSecurityCenter

The following extensions will be added:

• MDE.Linux
• MDE.Windows

Impact: As a result, the “Instance Without Vulnerability Assessment Extension” insight will no longer check for the deprecated extensions and will include the new MDE extensions. These changes may potentially affect the results of existing bots that rely on this Insight or Query Filter.

Reason for this change: Microsoft has deprecated “Enable vulnerability scanning with the integrated Qualys scanner”, making these extensions obsolete.

Top of page

SIEM (InsightIDR)

No updates released at this time.

Top of page

InsightVM

Vulnerability Management (InsightVM)

• 8.25.0
• 8.24.0
• 8.23.0

Version 8.25.0

Software release date: Oct 22, 2025 | Release notes published: Oct 22, 2025

Improved:

• Added support for IP exclusions within both Shared Scan Credential restrictions and Site Configuration credential settings, allowing for more granular control over where credentials are applied during scans.
• Enhanced fingerprinting logic for Spring Cloud Function Core to improve version detection reliability across diverse environments.

Fixed:

• Fixed an issue that prevented accurate detection of JetBrains installations on Linux systems, ensuring these assets are now properly evaluated during scans.
• Fixed issues in fingerprinting logic for Adobe Creative Cloud and Adobe Acrobat Reader DC Font Pack that previously resulted in false positives. These products are now more accurately detected during scans.

Version 8.24.0

Software release date: Oct 15, 2025 | Release notes published: Oct 14, 2025

Improved:

• Added support for Certificate-Based SSH Authentication as a credential option for authenticated scans of Linux/Unix systems. This enhancement enables more secure, scalable access using OpenSSH certificates, helping customers reduce credential sprawl, simplify key management, and align with modern security and compliance practices.
• Added built-in policy support for CIS Microsoft Windows 11 Benchmark v4.0.0, expanding secure configuration assessment capabilities.
• Enhanced device fingerprinting for Cisco ISE by incorporating patch-level details, reducing false positives during asset identification.

Fixed:

• Resolved an issue where export formats were unavailable for reports when configured via Silo Management in the Security Console.
• Fixed an issue impacting the application of password expiration when passwords were changed via the API.

Version 8.23.0

Software release date: Oct 6, 2025 | Release notes published: Oct 3, 2025

Improved:

• Custom CSV reports now include a new data field for the Fully Qualified Domain Name (FQDN) of assets, providing enhanced clarity and traceability in exported asset data.
• A new column has been added to the Scan Engine section, allowing users to view and sort by Scan Engine ID for easier engine identification and management.
• Web application fingerprinting has been optimized to pause after 5 consecutive failed attempts, reducing scan duration for problematic assets. This behavior can be configured via a custom property.
• Updated API endpoints to further bolster stringent authentication protocols, enhancing overall security posture.

Fixed:

• Fixed an issue that impacted the reporting of adjusted Risk Scores, particularly where scores were modified based on criticality. Risk scores now reflect accurately across both UI and reports.

Top of page

Nexpose

• 8.25.0
• 8.24.0
• 8.23.0

Version 8.25.0

Software release date: Oct 22, 2025 | Release notes published: Oct 22, 2025

Improved:

• Added support for IP exclusions within both Shared Scan Credential restrictions and Site Configuration credential settings, allowing for more granular control over where credentials are applied during scans.
• Enhanced fingerprinting logic for Spring Cloud Function Core to improve version detection reliability across diverse environments.

Fixed:

• Fixed an issue that prevented accurate detection of JetBrains installations on Linux systems, ensuring these assets are now properly evaluated during scans.
• Fixed issues in fingerprinting logic for Adobe Creative Cloud and Adobe Acrobat Reader DC Font Pack that previously resulted in false positives. These products are now more accurately detected during scans.

Version 8.24.0

Software release date: Oct 15, 2025 | Release notes published: Oct 14, 2025

Improved:

• Added support for Certificate-Based SSH Authentication as a credential option for authenticated scans of Linux/Unix systems. This enhancement enables more secure, scalable access using OpenSSH certificates, helping customers reduce credential sprawl, simplify key management, and align with modern security and compliance practices.
• Added built-in policy support for CIS Microsoft Windows 11 Benchmark v4.0.0, expanding secure configuration assessment capabilities.
• Enhanced device fingerprinting for Cisco ISE by incorporating patch-level details, reducing false positives during asset identification.

Fixed:

• Resolved an issue where export formats were unavailable for reports when configured via Silo Management in the Security Console.
• Fixed an issue impacting the application of password expiration when passwords were changed via the API.

Version 8.23.0

Software release date: Oct 6, 2025 | Release notes published: Oct 3, 2025

Improved:

• Custom CSV reports now include a new data field for the Fully Qualified Domain Name (FQDN) of assets, providing enhanced clarity and traceability in exported asset data.
• A new column has been added to the Scan Engine section, allowing users to view and sort by Scan Engine ID for easier engine identification and management.
• Web application fingerprinting has been optimized to pause after 5 consecutive failed attempts, reducing scan duration for problematic assets. This behavior can be configured via a custom property.
• Updated API endpoints to further bolster stringent authentication protocols, enhancing overall security posture.

Fixed:

• Fixed an issue that impacted the reporting of adjusted Risk Scores, particularly where scores were modified based on criticality. Risk scores now reflect accurately across both UI and reports.

Top of page

Digital Risk Protection (Threat Command)

No updates released at this time.

Top of page