August 2025 Release Notes

The Command Platform release notes include information about what’s new, which are updated monthly, and improvements and fixes, which are updated weekly.

What’s New

Learn about new features across the Command Platform. These features were released over the past month and are available now:

• Attack surface: Surface Command, Exposure Command
  • Integrate with Surface Command Using the New Attack Surface API
  • Filter Assets Using Source-Specific Properties for Targeted Coverage Analysis
• Risk: Cloud Security (InsightCloudSec), Exposure Command, Vulnerability Management (InsightVM)
  • Improve Network Path Transparency with Enhanced Network Path Processor for AWS
  • Detect Container Public Exposure with Full Orchestration Context
  • Validate Exposures in Real Time with External Scanner Integration
  • Streamline Reporting with Enhanced Bulk Export API for Vulnerability Management
  • Accelerate Fixes with In-Product Remediation Steps for Vulnerability Findings
• Threat: SIEM (InsightIDR), Managed Detection and Response, Managed Threat Complete
  • Clarify Alert Response with Dynamic Third-party Alert Prioritization
  • Expanded SOC-Monitored Coverage for Okta Identity and Palo Alto Cortex XDR
  • Enhance Threat Coverage with Migrated Detection Rules Expanded SOC monitored coverage for Okta identity and Palo Alto Cortex
• Administration: All offerings
  • Accelerate Your Workflow with Unified Navigation (Feature Preview)
  • Meet Internal Standards with Automatic Allowlisting Settings

Attack surface

Your attack surface is comprised of all of the potential entry points that attackers could exploit across your systems, applications, and networks. Developing knowledge of your attack surface is a key goal in improving your company’s security posture.

• Integrate with Surface Command Using the New Attack Surface API
• Filter Assets Using Source-Specific Properties for Targeted Coverage Analysis

Integrate with Surface Command Using the New Attack Surface API

In Surface Command and Exposure Command, the new Attack Surface Management (ASM) API supports customer and partner integrations, allowing you to programmatically access your attack surface data. With this API, developers can make Cypher-based queries across assets, identities, and related ASM data types directly from their own tools and platforms.

With this capability from Attack Surface Management (Surface Command), you can:

• Query attack surface data using arbitrary Cypher queries.
• Integrate Surface Command insights into your existing analytics, dashboards, or reporting systems.

Filter Assets Using Source-Specific Properties for Targeted Coverage Analysis

In Surface Command and Exposure Command, you can now build Asset and Identity filters using source-specific properties, like Microsoft Active Directory or Crowdstrike, without writing custom Cypher queries. This update simplifies how you scope asset views for reporting on control coverage gaps and environment-specific needs.

With this capability from Attack Surface Management (Surface Command) > Assets, Identities, you can:

• Create and save filters using third-party properties.
• Combine unified asset data with source-specific fields for precision filtering.

Top of page

Risk

Risk is the potential for loss or damage to your assets, operations, or reputation, due to vulnerabilities being exploited by a bad actor. Security teams must assess the risk level by evaluating the likelihood of a threat occurring and the impact that it would have if realized.

• Improve Network Path Transparency with Enhanced Network Path Processor for AWS
• Detect Container Public Exposure with Full Orchestration Context
• Validate Exposures in Real Time with External Scanner Integration
• Streamline Reporting with Enhanced Bulk Export API for Vulnerability Management
• Accelerate Fixes with In-Product Remediation Steps for Vulnerability Findings

Improve Network Path Transparency with Enhanced Network Path Processor for AWS

In Cloud Security (InsightCloudSec) and Exposure Command, the enhanced network path processor for public exposure introduces comprehensive visibility into your AWS network topology. This capability extends analysis beyond surface-level exposure to include critical infrastructure components such as WAFs, firewalls, load balancers, and security groups.

With this capability from Cloud Security (InsightCloudSec) > Attack Paths, you can:

• Gain full-context analysis of exposure pathways from the internet to your cloud assets.
• Identify how layered controls (like WAFs or security groups) mitigate public exposure risks.
• Set a new standard for CNAPP visibility with actionable insights into the true security posture of public-facing services.

Top of page

Detect Container Public Exposure with Full Orchestration Context

In Cloud Security (InsightCloudSec) and Exposure Command, the new container public exposure support enhances your ability to detect and assess intentionally exposed container services within cloud-based Kubernetes environments. This feature delivers native classification of exposed containers and maps potential attack paths with full orchestration context, including service meshes, ingress controllers, and node roles.

With this capability from Cloud Security (InsightCloudSec) > Attack Paths, you can:

• Identify public-facing container services and their role within the broader Kubernetes architecture.
• Trace exploitable paths that combine misconfigurations and vulnerabilities across infrastructure layers.
• Prioritize risk reduction in environments where traditional tools generate noise without clarity.

Top of page

Validate Exposures in Real Time with External Scanner Integration

In Cloud Security (InsightCloudSec) and Exposure Command, the external scanner functionality delivers comprehensive security risk assessment by actively validating exposures and translating technical findings into business impact scenarios. When it detects issues like open database ports or misconfigured services, it automatically assesses potential consequences such as data exfiltration risk, mapping attack vectors, and determining what sensitive data could be compromised. This scanner-backed evidence with detailed risk context enables security teams to prioritize remediation based on genuine exploitability and real business impact rather than theoretical vulnerability scores.

With this capability from Cloud Security (InsightCloudSec) > Public Accessibility, you can:

• Enrich static detection data with dynamic scanner validation to confirm true exposures.
• View concrete evidence tied to exploitable conditions, reducing uncertainty and false positives.
• Accelerate prioritization and remediation by linking validated risks to specific assets and controls.

Top of page

Streamline Reporting with Enhanced Bulk Export API for Vulnerability Management

In Vulnerability Management (InsightVM) and Exposure Command, the enhanced Bulk Export API enables Vulnerability Management (InsightVM) customers to programmatically retrieve complete asset and vulnerability data, including asset tags and groups, using a single, high-performance GraphQL API call. Designed for scale and automation, this update supports seamless integration with third-party BI tools.

With this capability from Vulnerability Management (InsightVM), you can:

• Export comprehensive asset and vulnerability data, enriched with asset tags and group context.
• Retrieve daily-refreshed data in Parquet format for fast processing in PowerBI, Snowflake, and other tools.
• Eliminate the need for manual export operations and reduce load on on-prem Vulnerability Management (InsightVM) consoles.

Top of page

Accelerate Fixes with In-Product Remediation Steps for Vulnerability Findings

In Cloud Security (InsightCloudSec) and Exposure Command, prescriptive remediation steps are included directly within vulnerability findings, helping you fix issues faster without context switching. This update turns detection into direction by guiding remediation teams with clear, actionable steps for resolving each finding.

With this capability from Cloud Security (InsightCloudSec) > Vulnerabilities, you can:

• View step-by-step remediation guidance embedded in each vulnerability finding.
• Streamline collaboration between detection and remediation teams by reducing guesswork.
• Accelerate issue resolution with concise, prioritized instructions built into the remediation workflow.

Top of page

Threat

A threat is any potential event or action that could exploit vulnerabilities in a system, causing harm to assets, data, or operations. Threats can originate from various sources, including malicious actors, natural disasters, or unintentional human errors.

• Clarify Alert Response with Dynamic Third-Party Alert Prioritization
• Expanded SOC-Monitored Coverage for Okta Identity and Palo Alto Cortex XDR
• Enhance Threat Coverage with Migrated Detection Rules

Clarify Alert Response with Dynamic Third-party Alert Prioritization

In Managed Detection and Response (MDR) and Managed Threat Complete, InsightIDR can now reflect the most current severity level of third-party alerts, eliminating ambiguity around alert response.

With this update from alerts, you can:

• Clearly identify alert ownership based on dynamic priority mapping.
• Eliminate confusion around response to an alert.
• Improve response times by reducing ambiguity and ensuring the right team is engaged.

Top of page

Expanded SOC-Monitored Coverage for Okta Identity and Palo Alto Cortex XDR

In Managed Detection and Response (MDR) and Managed Threat Complete, Rapid7’s SOC can now monitor third-party telemetry from Okta Identity and Palo Alto Cortex XDR, delivering enhanced visibility and faster response across cloud and endpoint data sources. This update strengthens managed threat detection and response capabilities across our Managed Detection and Response and Managed Threat Complete services.

Each new event sources from Data Connectors > Data Collectors provides unique coverage capabilities:

• Okta Identity: Native ingestion of identity events with support for both first- and third-party detections. Gain high-confidence alerts and ensure consistent SOC-led response to identity-based threats.
• PAN Cortex XDR: Integrated telemetry and SOC-managed response accelerate mean time to respond (MTTR) and reduce attacker dwell time on the endpoint.

Enhance Threat Coverage with Migrated Detection Rules

In SIEM (InsightIDR), the SIEM (InsightIDR) Detection Library continues to expand, delivering faster and broader threat detection capabilities. This month, we’ve migrated 8 legacy rules and 5 third-party source rules as part of our ongoing effort to unify and strengthen your detection experience.

Migrated Legacy Rules from Intelligence > Detection Rules The following legacy rules are now available in the Detection Rule Library:

• New Local User Account Created
• Detection Evasion - Event Log Deletion
• Detection Evasion - Local Event Log Deletion
• Honeypot Access
• Multiple Organization Authentications
• Wireless Multiple Country Authentications
• Wireless Multiple Organization Authentications

The Multi-Country Authentication legacy rule now has two equivalent ABA detections:

• Suspicious Authentication - Multiple Country Authentication (Non-Wireless)
• Suspicious Authentication - Multiple Country Authentication (ActiveSync)

Migrated Third-Party Source Rules Detection rules have also been migrated for the following third-party sources:

• Carbon Black Response
• Cisco AMP
• Cylance Protect Cloud
• Darktrace
• Cybereason

Upcoming Rule Retirements The following legacy rules will be retired in 30 days:

• LDAP Admin Added
• Blacklisted Authentication

Top of page

Administration

Administration focuses on refining platform controls, improving navigation, and enhancing user management. Updates streamline permissions, configurations, and logging, creating a more intuitive and efficient experience for administrators.

• Administration: All offerings
  • Accelerate Your Workflow with Unified Navigation (Feature Preview)
  • Meet Internal Standards with Automatic Allowlisting Settings

Accelerate Your Workflow with Unified Navigation (Feature Preview)

Quickly access key capabilities and discover new tools with an improved Command Platform navigation. Now available in Feature Preview, opt in to this experience to explore the new navigation at your own pace. With a streamlined workflow and familiar terminology, the new navigation reduces the number of clicks required to reach essential features, improving your ability to protect your security program efficiently.

With Unified Navigation, you can:

• Navigate effortlessly across your Rapid7 solutions using a consistent menu.
• Quickly surface critical data, tools, and insights to accelerate your daily tasks.
• Explore additional Command Platform capabilities as they become available, all from one place.

Top of page

Meet Internal Standards with Automatic Allowlisting Settings

In Threat Intelligence (Intelligence Hub), you can now directly manage all indicator of compromise (IOC) decisions by optionally disabling the Threat Intelligence (Intelligence Hub) automated allowlisting process. This ensures analysts retain full authority over allowlist and blocklist actions, aligning disposition with organizational policy and reducing the risk of unintended traffic.

With this capability from Data Connectors > Threat Intelligence > Sources, you can:

• Disable automatic allowlisting of IOCs that match known domain names, root servers, and customer assets.

Top of page

Improvements and Fixes

Keep track of improvements and fixes to core technology.

Application Security (InsightAppSec) and AppSpider

No updates released at this time.

Cloud Security (InsightCloudSec)

No updates released at this time.

Top of page

SIEM (InsightIDR)

No updates released at this time.

Top of page

Vulnerability Management (InsightVM)

• Version 8.17.0

Version 8.17.0

Software release date: Aug 7, 2025 | Release notes published: Aug 4, 2025

Improved:

• Credential restrictions have been enhanced to support multiple entries. You can now define a list of IP addresses, or IP ranges for site and shared credentials, allowing more flexibility and control over where credentials are applied during authenticated scans.
• Enabled support for Vulnerability Management (InsightVM) customers to enable the re-designed navigation experience in the Rapid7 Command Platform, designed to help security teams move faster, stay focused, and work with less friction.
• Added new policy content for Postgres 15 and Postgres 16 CIS benchmarks, expanding secure configuration coverage for PostgreSQL environments.

Fixed:

• Addressed an issue affecting scheduled Product and Content Auto-Updates to improve reliability and efficiency of the automated update process.

Top of page

Nexpose

• Version 8.17.0

Version 8.17.0

Software release date: Aug 7, 2025 | Release notes published: Aug 4, 2025

Improved:

• Credential restrictions have been enhanced to support multiple entries. You can now define a list of IP addresses, or IP ranges for site and shared credentials, allowing more flexibility and control over where credentials are applied during authenticated scans.
• Added new policy content for Postgres 15 and Postgres 16 CIS benchmarks, expanding secure configuration coverage for PostgreSQL environments.

Fixed:

• Addressed an issue affecting scheduled Product and Content Auto-Updates to improve reliability and efficiency of the automated update process.

Top of page

Digital Risk Protection (Threat Command)

No updates released at this time.

Top of page