What's New in February 2025

Learn about what we released in February 2025. These capabilities are now available across the Command Platform:

• Attack surface
  • Broaden your attack surface visibility with On-Prem API Integrations
  • Protect your asset space with Surface Command Integrations
• Risk
  • Automate your workflow with custom query filters for infrastructure as code
  • Prioritize critical data risks with Data-Centric Risk Management
  • Boost remediation efficiency with Vulnerability Proof in Remediation Hub
  • Streamline security remediation with exportable solution reports
  • Improve asset prioritization with Security Context in Remediation Hub
• Threat
  • Accelerate investigations with Chronological Search
  • Streamline security workflows with alert triage for MDR & IDR
• Administration
  • Customize alert timing for leaked credentials
  • Simplify security budgeting with the new Credits Management UI
  • Simplify multi-app authentication with automated MFA and ALF

Attack surface

Your attack surface is comprised of all of the potential entry points that attackers could exploit across your systems, applications, and networks. Developing knowledge of your attack surface is a key goal in improving your company's security posture.

Broaden your attack surface visibility with On-Prem API Integrations

Security teams need complete visibility across both external and internal assets to manage risk effectively. Surface Command now supports on-premise API integrations, allowing organizations to ingest asset, identity, vulnerability, and exposure data from private IT and security systems, such as Active Directory servers.

With this update, you can:

• Expand asset visibility–Surface Command now ingests security data from on-premise IT systems.
• Enhance risk context–gain multi-source intelligence from internal and external data sources.
• Streamline attack surface management–consolidate public and private data for improved security workflows.

Impacted Offerings:

• Exposure Command
• Surface Command

Where:
Surface Command > Orchestrator

Protect your asset space with Surface Command Integrations

Surface Command now integrates with new, third-party tools to provide broader insights across your entire attack surface. These new connectors are available in the Rapid7 Extension Library and provide the flexibility and control needed to streamline your workflows and strengthen your security posture.

New connectors include:

• Action1 Vulnerability Management
• ESET PROTECT Platform
• Cloudflare
• JumpCloud
• Red Hat Insights
• SOTI MobiControl

With this capability, you can:

• Achieve Full-Spectrum Visibility–understand your entire attack surface, including assets, networks, business applications, data storage, and user identities.
• Gain Multi-Source Context–correlate vulnerabilities and exposures from different security tools for deeper insights into risks and threats.
• Automate Security Workflows–leverage integrated, action-oriented APIs to trigger remediation processes and streamline security operations.

Impacted Offerings:

• Surface Command
• Exposure Command (All Tiers)

Where:
Surface Command > Connectors

Risk

Risk is the potential for loss or damage to your assets, operations, or reputation, due to vulnerabilities being exploited by a bad actor. Security teams must assess the risk level by evaluating the likelihood of a threat occurring and the impact that it would have if realized.

Automate your workflow with custom query filters for infrastructure as code

Understanding and mitigating risk requires the ability to refine data efficiently. Customizable query filters enable security teams to tailor search results, streamline workflows, and automate actions for greater efficiency. This initial release includes ~ 250 filters for cloud formation. Future releases will expand this enhancement with at least 10 new query filters, added monthly.

With this capability, you can:

• Refine and prioritize–use advanced filters to focus on high-priority resources and critical security concerns.
• Enhance threat protection–maximize visibility into attack surface threats with precise filtering.
• Automate for efficiency–enable frictionless assessments and automated security actions based on refined query results.

Impacted Offerings:

• Exposure Command (All Tiers)
• InsightCloudSec

Where:
InsightCloudSec > Security > Query Filters

Prioritize critical data risks with Data-Centric Risk Management

Managing sensitive data risks across distributed cloud environments is more complex than ever. This update enhances risk prioritization by integrating insights from AWS Macie, Google DLP, Microsoft Defender, and IaC tags.

With this update, you can:

• Gain deeper visibility–track sensitive data across cloud environments more effectively.
• Reduce compliance risk–identify and address high-priority data exposure risks.
• Strengthen proactive threat prevention–visualize attack paths to sensitive data to mitigate security gaps before exploitation.

Impacted Offerings:

• InsightCloudSec
• Exposure Command

Where:
Risk > Data Security

Boost remediation efficiency with Vulnerability Proof in Remediation Hub

Security teams need clear evidence to justify remediation efforts. The addition of vulnerability proof to Remediation Hub allows security teams to view concrete vulnerability evidence before assigning fixes.

With this update, you can:

• See clear vulnerability evidence–quickly confirm issues before assigning remediation.
• Improve efficiency–reduce the need to navigate between tools to validate vulnerabilities.
• Accelerate remediation–help asset owners act faster with actionable insights.

Impacted Offerings:

• InsightVM
• Exposure Command
• InsightCloudSec

Where:
Command Platform > Risk > Remediation Hub

Streamline security remediation with exportable solution reports

Security teams require structured reporting to communicate remediation priorities effectively. The new export feature in Remediation Hub allows teams to extract a prioritized list of solutions for streamlined remediation.

With this update, you can:

• Export remediation plans–provide asset owners with clear, prioritized action plans.
• Enhance collaboration–share filtered reports with relevant teams.
• Improve risk management–ensure the highest-impact vulnerabilities are addressed first.

Impacted Offerings:

• InsightVM
• InsightCloudSec
• Exposure Command

Where:
Command Platform > Risk > Remediation Hub

Improve asset prioritization with Security Context in Remediation Hub

Security teams need a holistic view of asset risks to make informed remediation decisions. This update integrates Surface Command with Remediation Hub, providing a comprehensive security context for affected assets.

With this update, you can:

• See complete security data–view all relevant security details for an asset.
• Enhance decision-making–quickly correlate remediation solutions with asset context.
• Optimize risk mitigation–use integrated insights to prioritize security actions effectively.

Impacted Offerings:

• Surface Command
• Exposure Command

Where:
Command Platform > Risk > Remediation Hub

Threat

A threat is any potential event or action that could exploit vulnerabilities in a system, causing harm to assets, data, or operations. Threats can originate from various sources, including malicious actors, natural disasters, or unintentional human errors.

Accelerate investigations with Chronological Search

Understanding the exact sequence of security events is crucial for effective threat response. Chronological Search in InsightIDR allows analysts to analyze logs in time order, ensuring greater accuracy when reconstructing attack timelines.

With this update, you can:

• Improve investigation clarity–view event logs in the order they occurred, not just when they were received.
• Speed up response times–quickly correlate security incidents without manual log parsing.
• Reduce time-to-resolution–enhance forensic investigations with streamlined event sequencing.

Impacted Offerings:

• InsightIDR
• MDR
• Managed Threat Complete

Where:
InsightIDR > Log Search

Streamline security workflows with alert triage for MDR and IDR

Efficiently managing security alerts in dynamic environments is crucial for minimizing response times to potential threats. The new alert triage capabilities for MDR and IDR simplify prioritization, filtering, and investigation while offering customization options to meet unique security needs.

With this update, you can:

• Prioritize critical alerts–quickly respond to high-priority threats.
• Filter and query alerts–use advanced tools to refine search results.
• Customize alert views–save and reuse tailored search scopes.
• Perform bulk actions–manage alerts at scale with ease.
• Group and investigate alerts–gain deeper insights through contextual grouping.
• Track actions–ensure accountability and continuity across investigations.

Impacted Offerings:

• InsightIDR
• Managed Threat Complete
• MDR

Where:
InsightIDR > Alerts

Administration

Administration focuses on refining platform controls, improving navigation, and enhancing user management. Updates streamline permissions, configurations, and logging, creating a more intuitive and efficient experience for administrators.

Customize alert timing for leaked credentials

Organizations need more control over how and when leaked credential alerts are triggered. This update introduces customizable time preferences, ensuring alerts align with operational workflows.

With this update, you can:

• Configure alert time frames–adjust alert timing based on your security policies.
• Improve response efficiency–reduce noise by receiving alerts only when they are most relevant.
• Leverage smart defaults–automatically optimize alert timing for managed and non-managed customers.

Impacted Offerings:

• Threat Command
• MDRP

Where:
Configurations > Customization > Company Credentials Policies > Credential Alert Timeframe

Simplify security budgeting with the new Credits Management UI

Managing service credits for threat intelligence and remediation can be challenging without real-time visibility. The new Credits Management UI provides a centralized view of purchased and available service credits, allowing teams to plan resources more effectively.

With this update, you can:

• Track service usage–gain insights into your Research Reports, Dark Web Purchases, and Remediation Requests.
• Optimize budgeting–monitor balances without manual intervention.
• Streamline service requests–reduce back-and-forth inquiries with clear credit tracking.

Impacted Offerings:

• Threat Command
• MDRP

Where:
Settings > Subscription

Simplify multi-app authentication with automated MFA and ALF

Managing authentication across multiple applications can be complex and time-consuming. The new automated MFA for Macro workflow (Macro and OTP configuration) capabilities streamline authentication workflows, ensuring consistency across your attack surface.

With this update, you can:

• Automate authentication setups–configure MFA across multiple applications effortlessly.
• Reduce administrative burden–eliminate manual authentication configuration.
• Enhance security consistency–ensure uniform authentication policies across environments.

Impacted Offerings:

• InsightAppSec
• Exposure Command

Where:
Security > Application Management