July 2025 Release Notes

The Command Platform release notes include information about what’s new, which are updated monthly, and improvements and fixes, which are updated weekly.

ℹ️

Last updated: July 7, 2025

What’s New

Learn about new features across the Command Platform. These features were released over the past month and are available now:

Attack surface

Your attack surface is comprised of all of the potential entry points that attackers could exploit across your systems, applications, and networks. Developing knowledge of your attack surface is a key goal in improving your company’s security posture.

Accelerate remediation with workflow automation in Remediation Hub

Security teams can now streamline their remediation processes directly from the Remediation Hub by triggering automation workflows. This feature helps reduce mean time to respond (MTTR) by eliminating manual steps and ensuring faster communication with asset owners.

With this capability, you can:

  • Launch prebuilt workflows for common remediation scenarios with just a few clicks.
  • Build and deploy custom workflows tailored to your environment and operational needs.
  • Automatically notify asset owners about required remediations to improve accountability.
  • Reduce time spent on repetitive tasks, enabling your team to focus on higher-priority issues.

Impacted offerings:

  • Exposure Command
  • InsightCloudSec
  • InsightVM
  • InsightConnect

Top of page

Protect your asset space with Surface Command integrations

Surface Command now integrates with additional third-party tools to further enhance your visibility across the attack surface. The newest connectors enable streamlined insights, automation, and contextual analysis across diverse asset types:

  • Cisco Identity Services Engine (ISE)
  • CyberArk Privileged Access Manager
  • Nucleus Security
  • PingOne
  • Deep Instinct

With this capability from Surface Command > Connectors, you can:

  • Achieve full-spectrum visibility–understand your entire attack surface, including assets, networks, business applications, data storage, and user identities.
  • Gain multi-source context–correlate vulnerabilities and exposures from different security tools for deeper insights into risks and threats.
  • Automate security workflows–leverage integrated, action-oriented APIs to trigger remediation processes and streamline security operations.

Impacted offerings:

  • Surface Command
  • Exposure Command

Top of page

Risk

Risk is the potential for loss or damage to your assets, operations, or reputation, due to vulnerabilities being exploited by a bad actor. Security teams must assess the risk level by evaluating the likelihood of a threat occurring and the impact that it would have if realized.

Improve risk prioritization with enhanced AWS public accessibility accuracy

InsightCloudSec now provides more accurate and comprehensive tracking of AWS public accessibility, enabling better risk prioritization for cloud security teams. These enhancements refine how public exposure is identified, reducing false positives and offering clearer visibility into network exposure paths.

With this capability from InsightCloudSec > Attack Paths, you can:

  • Gain better visibility into cloud exposure with new node types for Web Application Firewalls and Network Firewalls added to Attack Paths.
  • Understand true exposure with end-to-end tracking of open ports, such as tracing from a load balancer’s listener to backend target group ports.
  • Leverage improved data from Harvesters for key resources like Load Balancers, Network Firewalls, and NACL/Security Groups.

Top of page

Improve container risk visibility and prioritization with local vulnerability assessments for private registries

InsightCloudSec now supports Local Container Vulnerability Assessment (Local CVA), enabling customers to scan images stored in private container registries that reside in restricted or on-premises environments without exposing their network or allowing inbound access from InsightCloudSec.

With this capability from InsightCloudSec > Vulnerabilities, you can:

  • Perform local vulnerability assessments in network-partitioned environments via outbound-only connections.
  • Gain coverage for OCI-compliant private registries.
  • Securely store registry credentials and manage registry configuration through a dedicated administrative interface.

Top of page

Administration

Manage third-party remediations from a single location

In Exposure Command, InsightCloudSec, InsightVM, InsightConnect, you can now view and manage vulnerabilities and remediations from third-party tools directly in Remediation Hub. This feature expands Rapid7’s remediation capabilities beyond Rapid7 sources to help unify vulnerability management across your environment. Remediation Hub currently supports third-party data from the following connectors:

  • Amazon Inspector
  • Claroty xDome
  • ManageEngine Endpoint
  • Microsoft Defender
  • Qualys VMDR
  • Red Hat Insights
  • Tenable.io
  • Tenable Security Center
  • Wiz

With this capability from Command Platform > Risk > Remediation Hub, you can:

  • View third-party vulnerability and remediation data in Remediation Hub.
  • Leverage existing remediation workflows to manage findings from Surface Command.
  • Align remediation efforts across multiple tools from a centralized location..

Top of page

Accelerate investigations with AI-assisted workflows for MDR

Rapid7’s MDR service now leverages agentic AI-assisted workflows to streamline investigations, reduce manual effort, and deliver consistent outcomes at scale. This new capability enhances triage precision and boosts SOC efficiency across your environment.

With this capability in Alerts, you can:

  • Automatically triage benign alerts with 99.93% accuracy to reduce false positives and sharpen focus on high-risk threats.

  • Accelerate investigations through AI-driven enrichment, correlation, and evaluation of alerts.

  • Ensure consistent, high-quality outcomes with standardized evidence gathering and contextual insight delivery.

  • Managed Detection and Response (MDR) users will receive access as part of a phased rollout

Top of page

Eliminate alert ambiguity with dynamic third-party alert prioritization

InsightIDR now dynamically maps third-party alert priorities to ensure ownership is clearly defined between your team and the Rapid7 SOC. This enhancement eliminates confusion, enables faster response, and boosts confidence in how alerts are triaged.

With this capability in Alerts, you can:

  • Clearly identify whether your team or Rapid7 is responsible for triaging each third-party alert.
  • Minimize delays caused by priority mismatches or ambiguous ownership.
  • Strengthen SOC coordination and ensure every alert gets the right response at the right time.

Impacted offering:

  • Managed Detection and Response (MDR)

Top of page

Enhance threat coverage with new and migrated detection rules

The InsightIDR Detection Library continues to evolve, delivering faster, broader threat detection. This month six legacy rules have been migrated—part of our ongoing effort to unify and strengthen your detection experience.

With these updates in Detection Rules > Detection Rule Library, you can:

  • Stay ahead of emerging threats – leverage newly released rules to detect high-risk activity like watched or admin-led password resets.
  • Streamline rule management – benefit from the migration of legacy User Behavior Analytics (UBA) rules into the Detection Library, offering a single, comprehensive view of your detection landscape.
  • Improve response efficiency – with consistent rule access and faster insight into potential threats.

New Detection Rules:

  • Carbon Black Cloud

Migrated Legacy Rules:

  • RESTRICTED ASSET AUTHENTICATION - NEW SOURCE was migrated to User Behavior - Restricted Asset Authentication - New Source
  • HONEY USER AUTHENTICATION was migrated to User Behavior - Honey User Authentication
  • FIRST TIME ADMIN ACTION was migrated to User Behavior - First Time Admin Action

This month we have migrated detection rules for the following 3 third-party sources of alerts:

  • Duo
  • Vectra Networks X-Series
  • Varonis DatAdvantage

Top of page

Boost protocol accuracy and visibility with Network Sensor enhancements

This update to Network Sensor improves protocol detection precision and expands support for critical protocols, helping security teams reduce false positives and gain trusted visibility into modern and OT/SCADA environments.

With this capability, you can:

  • Reduce false positives and missed detections in SSH, RDP, SMB, and DNS with sharper protocol classification.
  • Identify DNP3 protocol natively, closing a major visibility gap in OT and SCADA networks.
  • Improve fidelity of LDAP and Kerberos authentication traffic for stronger Active Directory analytics and fewer “unknown” flows.
  • Analyze encapsulated traffic with greater depth through enhanced inspection of VLAN and VXLAN traffic.

Top of page

Improvements and Fixes

Improvements and fixes are posted each Monday, and include a roundup of infrastructure improvements and fixes across the Rapid7 products and offerings:

InsightAppSec and AppSpider

No updates released at this time.

InsightCloudSec

Version 25.7.8

Software release date: July 8, 2025 | Release notes published: July 7, 2025

⚠️

New Alibaba Cloud permissions required

These permissions support the ApsaraDB resources. All permissions (and any relevant wildcard equivalents) have been added to the appropriate onboarding user roles.

  • \"rds:DescribeDBInstanceEncryptionKey\"

Details for self-hosted customers

Improved

  • Added Insights:

    • Azure Databricks Not Deployed in a Customer-Managed Vnet (maps to CIS Azure 4.0 Recommendation 3.1.1)
    • Azure Storage Account Blob Versioning Not Enabled (maps to CIS Azure 4.0 Recommendation 10.2.2)
    • Virtual Network Flow Log Retention Less Than 90 Days
    • Virtual Network Flow Log Without Traffic Analytics Enabled

  • Added Query Filters:

    • Storage Account Blob Versioning Status (maps to CIS Azure 4.0 Recommendation 10.2.2)

  • Added validation to the IaC configuration creation API endpoint to ensure all Insight IDs are structured correctly.

  • Added support for creating tags on GCP DNS Domain resources.

  • Updated the following Insight details based on CIS Azure 3.0 benchmarks and recommendations:

    • Database Instance without Log Auditing Enabled (MySQL)
    • Database Instance without Connection Log Auditing Events (MySQL)
    • Encryption Key not Supporting Key Rotation
    • Storage Account Storing Activity Logs Encrypted using Customer Managed Key (formerly …using Cloud Managed Key)
    • Web App With Remote Debugging Enabled
    • Database Instance without Transparent Data Encryption (SQL)
    • Storage Container Soft Delete Disabled
    • Storage Account Allows Access from the Public
    • Storage Account without Microsoft Azure Services Bypass Enabled

  • Updated the System Profile Settings page and API documentation to display your base URL for API calls.

  • Added Azure support for the following Insights:

    • Encryption Key Without 90 Day Rotation Period Enforced
    • Compute Instance Recently Backed Up
    • Compute Instance Backup Age Exceeds

  • Added new harvesters for CloudWatch Deliveries, Delivery Sources, and Delivery Destinations.

Fixed

  • Creation timestamp is now correctly populated on AWS SSH Key Pair resources in Infrastructure as Code (IaC) scans.
  • Resolved issue where Azure ResourceLocks were not being linked with private endpoints.
  • Insight CloudFront Not Logging detection now considers v2 Standard Logging configurations.
  • Resolved an issue where database flags without values caused the Google DatabaseInstanceHarvester to fail.
  • Fixed a pagination issue with the SnapshotHarvester that occurred when a large number of snapshots existed in one region.
  • The Limit Folder by Parent IDs feature in the Manage Organization interface for Azure cloud accounts now checks for exact parent ID matches rather than prefix matches.

Version 25.7.1

Software release date: July 1, 2025 | Release notes published: June 30, 2025

Details for self-hosted customers

Improved

  • We made several improvements to our user interface to ensure a cleaner and more consistent experience for the System Settings pages. Additionally, the option to Switch to Legacy UI has been removed.
  • Deprecated Insights and Compliance Packs will now remain visible in the UI until their specified removal version, allowing more time for transition and minimizing workflow disruptions.
  • Expanded Azure Container Registry fields to include local admin and managed identity information.
  • Added Insights:
    • Encryption Key Vault With Public Network Access Enabled When Using Private Endpoint
    • Databricks Workspace Enable Customer Managed Keys (CMK)
  • Removed the option to automatically deploy Azure LPA outside of a Virtual Network because it is less secure.
  • The filenames for downloaded reports in Settings > Diagnostics > General > System Diagnostics Reports have been updated for clarity:
    • Bots and Their Configuration
      • Before: CloudSec-InsightCloudSec-<today_date_time>
      • Now: CloudSec-bots-<today_date_time>
    • Processor Jobs and Queue Health
      • Before: CloudSec-InsightCloudSec-<today_date_time>
      • Now: CloudSec-processors-<today_date_time>

Fixed

  • Orphaned Kubernetes findings are now correctly removed by the OrphanedResourceCleanup job.
  • The Resource Encrypted With Cloud Managed Key Query Filter now fails as expected when the KmsKeyId property is omitted.
  • Fixed a sync issue between vulnerability fix versions and remediation summaries.
  • Resolved an issue where the total vulnerability count did not update correctly when filtering by Cloud Account ID on the Vulnerabilities page.

InsightIDR

No updates released at this time.

InsightVM

Version 8.14.0

Software release date: July 9, 2025 | Release notes published: July 7, 2025

Fixed

  • Fixed an issue impacting successful backup and restore operations under specific conditions.
  • Fixed an issue that affected trend graphs and reporting accuracy following asset deletions
  • Fixed a data synchronization issue that could occur during certain console restart scenarios.
  • Added a fix to improve the accuracy of Fingerprint Certainty reporting.

Top of page

Intelligence Hub

No updates released at this time.

Nexpose

Version 8.14.0

Software release date: July 9, 2025 | Release notes published: July 7, 2025

Fixed

  • Fixed an issue impacting successful backup and restore operations under specific conditions.
  • Fixed an issue that affected trend graphs and reporting accuracy following asset deletions
  • Fixed a data synchronization issue that could occur during certain console restart scenarios.
  • Added a fix to improve the accuracy of Fingerprint Certainty reporting.

Surface Command

No updates released at this time.

Top of page

Threat Command

No updates released at this time.