What's New in December 2024

This article was published on January 7, 2025.

Learn about what we released in December 2024. These capabilities are now available across the Command Platform:

Attack surface
- Broaden attack surface visibility with new Surface Command connectors
Risk
Compliance
- Address complex requirements with expanded custom compliance packs
Threat

Attack surface

Your attack surface is comprised of all of the potential entry points that attackers could exploit across your systems, applications, and networks. Developing knowledge of your attack surface is a key goal in improving your company's security posture.

Broaden attack surface visibility with new Surface Command connectors

Surface Command now integrates with new, third-party tools to provide broader insights across your entire attack surface. These new connectors are available in the Rapid7 Extension Library and provide the flexibility and control needed to streamline your workflows and strengthen your security posture.

You can configure these new connectors in Surface Command:

With these connectors, you can:

Gain visibility into your entire attack surface, including assets, networks, applications, and identities.
Leverage multi-source context to better understand vulnerabilities and exposures.
Automate workflows using action-oriented APIs for faster remediation.

Risk

Risk is the potential for loss or damage to your assets, operations, or reputation, due to vulnerabilities being exploited by a bad actor. Security teams must assess the risk level by evaluating the likelihood of a threat occurring and the impact that it would have if realized.

Optimize risk reduction with Remediation Hub

The new Remediation Hub provides full visibility into the top actions that will reduce risk across your attack surface. It helps your security team address the high-impact remediation actions, therefore improving efficiency and driving better security outcomes.

With this capability, you can:

Visualize the top 25 remediation solutions and their potential impact on risk reduction.
Focus on remediations with the highest security benefit to streamline your efforts.
Track metrics that show a direct correlation between risk reduction and your team’s remediation efforts.

Monitor unauthorized mobile apps on apkgk.com and apkcomco.com

Rapid7 understands that attackers can often build apps that impersonate your company to distribute malware or steal credentials. Now, in Threat Command, you can monitor unauthorized apps on new Android app sharing platforms, helping you protect your brand and safeguard your customers from potential threats.

With this expanded coverage, you can detect unauthorized apps on:

apkgk.com, a top alternative app store featuring discounted and paid apps.
apkcomco.com, a platform that offers apps from the Google Play Store and other sources.

Triage scan results faster with vulnerability groupings

In InsightAppSec, you can now group vulnerabilities by application and attack type, allowing you to visualize attacks both within a single application as well as across your entire attack surface. Vulnerability groupings allow you to triage scan results more efficiently, expediting risk prioritization and remediation, and safeguarding your attack surface.

With this capability, you can:

Visualize vulnerabilities across applications to identify and assess potential risks.
Focus on key areas of exposure or large threat groups to streamline remediation.
Update statuses or add comments to entire groups of vulnerabilities for efficient management.

Impacted offerings:

InsightAppSec

Where:

InsightAppSec > Vulnerabilities

Manage vulnerabilities with InsightAppSec integrated with ServiceNow Xanadu

InsightAppSec now integrates with ServiceNow Xanadu, allowing you to more efficiently manage vulnerabilities and streamline your team’s workflows. You can now automatically sync data bidirectionally between InsightAppSec and ServiceNow Xanadu, allowing you to update data in a single place, without switching interfaces.

With this integration, you can:

Automate the discovery of new vulnerabilities, pulling them directly from InsightAppSec into ServiceNow.
View and update vulnerability details in one place for improved tracking and visibility.
Ensure critical vulnerability activity is captured and accessible across your team.

Impacted offerings:

InsightAppSec

Where:

InsightAppSec

Streamline security operations with InsightCloudSec integrated with GitLab CI/CD

You can now use GitLab CI/CD pipelines with InsightCloudSec to efficiently scan repositories, enhancing your team’s workflows. With this integration, you gain quick insights that enable you to assess and address risks with ease.

With this integration, you can:

Automate repository scans to identify potential threats effortlessly.
Perform risk assessments and remediation steps without interruptions.
Maximize visibility and protection across your attack surface.

Impacted offerings:

Exposure Command (All Tiers)
Managed Threat Complete (All Tiers)
InsightCloudSec

Where:

InsightCloudSec

Compliance

Compliance involves conforming to laws, regulations, standards, and policies designed to protect data and ensure secure operations. Teams must meet specific compliance requirements and demonstrate accountability through regular audits and documentation.

Address complex requirements with expanded custom compliance packs

In InsightCloudSec, you can now combine multiple compliance packs into a single custom compliance pack, giving you greater flexibility and control over your cloud compliance and security workflows. This enhancement enables you to meet your team's specific needs and achieve optimal visibility into your cloud resources.

With this capability, you can:

Combine multiple compliance packs to address unique regulatory and technology requirements.
Customize compliance packs for targeted visibility.
Quickly prioritize critical insights to streamline compliance and security.

Threat

A threat is any potential event or action that could exploit vulnerabilities in a system, causing harm to assets, data, or operations. Threats can originate from various sources, including malicious actors, natural disasters, or unintentional human errors.

Respond to Rapid7 alerts faster with automatic triage

Alerts from Rapid7 products are now handled more efficiently by automatically identifying benign activity and pinpointing real threats. InsightIDR now uses advanced AI models to automatically identify the disposition of new Rapid7 alerts, keeping focus on responding to malicious activity.

With this capability, you can:

Distinguish between benign alerts and genuine threats with high accuracy.
Reduce manual effort by automating initial alert dispositions.
Manage large alert volumes without increasing analyst workloads.

Respond to CrowdStrike alerts faster with automatic triage

Alerts from CrowdStrike are now handled more efficiently by automatically identifying benign activity and pinpointing real threats. InsightIDR now uses advanced AI models to automatically identify the disposition of new CrowdStrike alerts, keeping focus on responding to malicious activity.

With this capability, you can:

Distinguish between benign alerts and genuine threats with high accuracy.
Reduce manual effort by automating initial alert dispositions.
Manage large alert volumes without increasing analyst workloads.

Expedite investigation with new log line details

In InsightIDR's Log Search, you can now view log entry details faster and more easily, which helps expedite alert and investigation triage. Log lines are now clickable, opening a panel view with detailed information that’s formatted in the log line’s JSON structure.

With the new panel view, you can:

See critical information in a single place (for example, log entry source, log set, and timestamp, along with structured key-value pair information).
Switch between detailed and comparative views for efficient data analysis.
Create new queries more easily based on log entry details.
Avoid excessive scrolling by consolidating information.

Navigate Threat Command easily with a refreshed home page

We've updated the visual design of the Threat Command home page to better align with the design of the Command Platform. This update enhances usability, providing a seamless and cohesive experience as part of our unified Command Platform vision.

These usability updates include:

Consistent layout and navigation that continues from the Command Platform
Enhanced visualizations to provide faster insights
Improved look-and-feel for easy readability

You can expect more visual updates to other Threat Command pages in the coming months.

Impacted offerings:

Managed Threat Complete (Ultimate)
Managed Detection and Response (Managed Digital Risk Protection)
Threat Command

Where:

Threat Command

Did this page help you?