July 2025 Release Notes
The Command Platform release notes include information about what’s new, which are updated monthly, and improvements and fixes, which are updated weekly.
Last updated: July 28, 2025
What’s New
Learn about new features across the Command Platform. These features were released over the past month and are available now:
- Attack surface: Exposure Command, Cloud Security (InsightCloudSec), InsightVM, Automation (InsightConnect)
- Risk: Cloud Security (InsightCloudSec)
- Administration: Managed Detection and Response, SIEM (InsightIDR), Network Sensor
- Manage third-party remediations from a single location
- Accelerate investigations with AI-assisted workflows for MDR
- Eliminate alert ambiguity with dynamic third-party alert prioritization
- Enhance threat coverage with new and migrated detection rules
- Boost protocol accuracy and visibility with Network Sensor enhancements
Attack surface
Your attack surface is comprised of all of the potential entry points that attackers could exploit across your systems, applications, and networks. Developing knowledge of your attack surface is a key goal in improving your company’s security posture.
- Accelerate remediation with workflow automation in Remediation Hub
- Protect your asset space with Attack Surface Management (Surface Command) integrations
Accelerate remediation with workflow automation in Remediation Hub
Security teams can now streamline their remediation processes directly from the Remediation Hub by triggering automation workflows. This feature helps reduce mean time to respond (MTTR) by eliminating manual steps and ensuring faster communication with asset owners.
With this capability, you can:
- Launch prebuilt workflows for common remediation scenarios with just a few clicks.
- Build and deploy custom workflows tailored to your environment and operational needs.
- Automatically notify asset owners about required remediations to improve accountability.
- Reduce time spent on repetitive tasks, enabling your team to focus on higher-priority issues.
Impacted offerings:
- Exposure Command
- Cloud Security (InsightCloudSec)
- InsightVM
- Automation (InsightConnect)
Protect your asset space with Attack Surface Management (Surface Command) integrations
Attack Surface Management (Surface Command) now integrates with additional third-party tools to further enhance your visibility across the attack surface. The newest connectors enable streamlined insights, automation, and contextual analysis across diverse asset types:
- Cisco Identity Services Engine (ISE)
- CyberArk Privileged Access Manager
- Nucleus Security
- PingOne
- Deep Instinct
With this capability from Attack Surface Management (Surface Command) > Connectors, you can:
- Achieve full-spectrum visibility–understand your entire attack surface, including assets, networks, business applications, data storage, and user identities.
- Gain multi-source context–correlate vulnerabilities and exposures from different security tools for deeper insights into risks and threats.
- Automate security workflows–leverage integrated, action-oriented APIs to trigger remediation processes and streamline security operations.
Impacted offerings: **Attack Surface Management (Surface Command)
- Exposure Command
Risk
Risk is the potential for loss or damage to your assets, operations, or reputation, due to vulnerabilities being exploited by a bad actor. Security teams must assess the risk level by evaluating the likelihood of a threat occurring and the impact that it would have if realized.
- Improve risk prioritization with enhanced AWS public accessibility accuracy
- Improve container risk visibility with local vulnerability assessments
Improve risk prioritization with enhanced AWS public accessibility accuracy
- Cloud Security (InsightCloudSec)** now provides more accurate and comprehensive tracking of AWS public accessibility, enabling better risk prioritization for cloud security teams. These enhancements refine how public exposure is identified, reducing false positives and offering clearer visibility into network exposure paths.
With this capability from Cloud Security (InsightCloudSec) > Attack Paths, you can:
- Gain better visibility into cloud exposure with new node types for Web Application Firewalls and Network Firewalls added to Attack Paths.
- Understand true exposure with end-to-end tracking of open ports, such as tracing from a load balancer’s listener to backend target group ports.
- Leverage improved data from Harvesters for key resources like Load Balancers, Network Firewalls, and NACL/Security Groups.
Improve container risk visibility and prioritization with local vulnerability assessments for private registries
- Cloud Security (InsightCloudSec)** now supports Local Container Vulnerability Assessment (Local CVA), enabling customers to scan images stored in private container registries that reside in restricted or on-premises environments without exposing their network or allowing inbound access from Cloud Security (InsightCloudSec).
With this capability from Cloud Security (InsightCloudSec) > Vulnerabilities, you can:
- Perform local vulnerability assessments in network-partitioned environments via outbound-only connections.
- Gain coverage for OCI-compliant private registries.
- Securely store registry credentials and manage registry configuration through a dedicated administrative interface.
Administration
- Manage third-party vulnerabilities in Remediation Hub
- Accelerate investigations with AI-assisted workflows for MDR
- Eliminate alert ambiguity with dynamic third-party alert prioritization
- Enhance threat coverage with new and migrated detection rules
- Boost protocol accuracy and visibility with Network Sensor enhancements
Manage third-party remediations from a single location
In Exposure Command, Cloud Security (InsightCloudSec), InsightVM, Automation (InsightConnect), you can now view and manage vulnerabilities and remediations from third-party tools directly in Remediation Hub. This feature expands Rapid7’s remediation capabilities beyond Rapid7 sources to help unify vulnerability management across your environment. Remediation Hub currently supports third-party data from the following connectors:
- Amazon Inspector
- Claroty xDome
- ManageEngine Endpoint
- Qualys VMDR
- Red Hat Insights
- Tenable.io
- Tenable Security Center
- Wiz
With this capability from Command Platform > Risk > Remediation Hub, you can:
- View third-party vulnerability and remediation data in Remediation Hub.
- Leverage existing remediation workflows to manage findings from Attack Surface Management (Surface Command).
- Align remediation efforts across multiple tools from a centralized location..
Accelerate investigations with AI-assisted workflows for MDR
Rapid7’s MDR service now leverages agentic AI-assisted workflows to streamline investigations, reduce manual effort, and deliver consistent outcomes at scale. This new capability enhances triage precision and boosts SOC efficiency across your environment.
With this capability in Alerts, you can:
-
Automatically triage benign alerts with 99.93% accuracy to reduce false positives and sharpen focus on high-risk threats.
-
Accelerate investigations through AI-driven enrichment, correlation, and evaluation of alerts.
-
Ensure consistent, high-quality outcomes with standardized evidence gathering and contextual insight delivery.
-
Managed Detection and Response (MDR) users will receive access as part of a phased rollout
Eliminate alert ambiguity with dynamic third-party alert prioritization
SIEM (InsightIDR) now dynamically maps third-party alert priorities to ensure ownership is clearly defined between your team and the Rapid7 SOC. This enhancement eliminates confusion, enables faster response, and boosts confidence in how alerts are triaged.
With this capability in Alerts, you can:
- Clearly identify whether your team or Rapid7 is responsible for triaging each third-party alert.
- Minimize delays caused by priority mismatches or ambiguous ownership.
- Strengthen SOC coordination and ensure every alert gets the right response at the right time.
Impacted offering:
- Managed Detection and Response (MDR)
Enhance threat coverage with new and migrated detection rules
The SIEM (InsightIDR) Detection Library continues to evolve, delivering faster, broader threat detection. This month six legacy rules have been migrated—part of our ongoing effort to unify and strengthen your detection experience.
With these updates in Detection Rules > Detection Rule Library, you can:
- Stay ahead of emerging threats – leverage newly released rules to detect high-risk activity like watched or admin-led password resets.
- Streamline rule management – benefit from the migration of legacy User Behavior Analytics (UBA) rules into the Detection Library, offering a single, comprehensive view of your detection landscape.
- Improve response efficiency – with consistent rule access and faster insight into potential threats.
New Detection Rules:
- Carbon Black Cloud
Migrated Legacy Rules:
- RESTRICTED ASSET AUTHENTICATION - NEW SOURCE was migrated to User Behavior - Restricted Asset Authentication - New Source
- HONEY USER AUTHENTICATION was migrated to User Behavior - Honey User Authentication
- FIRST TIME ADMIN ACTION was migrated to User Behavior - First Time Admin Action
This month we have migrated detection rules for the following 3 third-party sources of alerts:
- Duo
- Vectra Networks X-Series
- Varonis DatAdvantage
Boost protocol accuracy and visibility with Network Sensor enhancements
This update to Network Sensor improves protocol detection precision and expands support for critical protocols, helping security teams reduce false positives and gain trusted visibility into modern and OT/SCADA environments.
With this capability, you can:
- Reduce false positives and missed detections in SSH, RDP, SMB, and DNS with sharper protocol classification.
- Identify DNP3 protocol natively, closing a major visibility gap in OT and SCADA networks.
- Improve fidelity of LDAP and Kerberos authentication traffic for stronger Active Directory analytics and fewer “unknown” flows.
- Analyze encapsulated traffic with greater depth through enhanced inspection of VLAN and VXLAN traffic.
Improvements and Fixes
Improvements and fixes are posted each Monday, and include a roundup of infrastructure improvements and fixes across the Rapid7 products and offerings:
- Application Security (InsightAppSec) and AppSpider
- Cloud Security (InsightCloudSec)
- SIEM (InsightIDR)
- InsightVM
- Threat Intelligence (Intelligence Hub)
- Nexpose
- Attack Surface Management (Surface Command)
- Digital Risk Protection (Threat Command)
Application Security (InsightAppSec) and AppSpider
No updates released at this time.
Cloud Security (InsightCloudSec)
Release availability for self-hosted users
Self-hosted users are able to download the latest version usually six business days after SaaS users are upgraded from the following locations:
- Terraform deployments: Public S3 bucket . Modules can be updated with the
terraform get -update
command. - Amazon Elastic Container Repository (ECR) deployments - You can obtain the ECR build images for this version from the InsightCloudSec ECR Gallery
Delayed self-hosted release for 25.7.29
The self-hosted release for version 25.7.29 is delayed. It is expected to be available by August 7, 2025.
No self-hosted release for 25.7.15
There will be no self-hosted release for version 25.7.15. The next self-hosted release is planned for version 25.7.22.
Version 25.7.29
Software release date: July 29, 2025 | Release notes published: July 28, 2025
No version 25.8.5
There will be no release for version 25.8.5. Regular updates will resume with 25.8.12.
Reminder: Change to OCI Compartments and Impact on Bot Configurations
All users will receive enhanced support for OCI Compartments as part of the 25.7.29 release. This update promotes OCI Compartments to the Organization Services level, improves resource harvesting accuracy, and introduces a dedicated Compartments tab to the Cloud Accounts view.
Action required for users with OCI automation:
- Bots interacting with Compartment resources will trigger alerts if they reference outdated organization service IDs.
- Bots must reference the new organization service ID associated with the updated Compartment structure.
Depending on how your bots are configured:
- If they reference specific service IDs, you’ll need to manually update them.
- If they use broader cloud or badge filters, they may continue to function as expected without changes.
To minimize disruption, review your OCI automation configurations ahead of the release.
Improved:
- Replaced references to InsightCloudSec with Cloud Security
- Updated InsightCloudSec logo to Cloud Security logo
- New CVA Local Scanner release (v. 25.7.21), which includes:
- Support for custom network configurations with new environment variables:
HTTPS_PROXY
for proxy-based network communicationSSL_CERT_FILE
andSSL_CERT_DIR
for custom SSL certificate paths
- Performance and stability improvements
- Support for custom network configurations with new environment variables:
- Improved performance for Clouds Listing UI
- Added external scanner validation to publicly accessible resources
- Added Query Filters:
- Cloud Account With Root Compartment Creation (maps to CIS OSI 3.0.0 Recommendation 6.2)
- Cache Instance with System Assigned Identity Disabled (maps to CIS Azure Database Services 1.0.0 Recommendation 2.5)
- Cloud User Has Invalid Email Address
- Instance Not In An Availability Zone
- Instance Not In A Scale Set
- Instance Not In Availability Zone Or Scale Set
- Web Application Firewall With Disabled Managed Rules
- Web Application Firewall With Disabled Custom Rules
- Web Application Firewall With Disabled Rules
- Load Balancer Using WAF Policy With Disabled Rules
- Database Instance With No Databases
- Azure Database Instance TDE Auto Key Rotation Enabled/Disabled
- Compute Instance Without In Transit Encryption Enabled (Oracle Cloud)
- Storage Account With Specified Redundancy
- Added Insights:
- Cloud Account With Root Compartment Creation (maps to CIS OSI 3.0.0 Recommendation 6.2)
- Cache Instance with System Assigned Managed Identity Disabled (maps to CIS Azure Database Services 1.0.0 Recommendation 2.5)
- Network Security Group Flow Log Retention Less Than 90 Days
- Cloud User Has Invalid Email Address
- Compute Instance Without In-transit Encryption Enabled
- Updated Insights:
- Cloud Users With Multiple Active API Keys
- Cloud Account Without Microsoft Defender External Attack Surface Monitoring > Cloud Account Without Microsoft Defender External Attack Surface Monitoring (EASM) Enabled
- Cloud Account With Microsoft Defender Disabled for Containers
- Storage Account with Blob Soft Delete Disabled
- Storage Account with File Share Soft Delete Disabled
- Cache Instance With Microsoft Entra Authentication Disabled
- Added compliance packs:
- CIS Azure 3.0
- CIS Azure 4.0
- CIS Azure Database Services 1.0
- Deprecated compliance pack: CIS Azure 2.1 (removal scheduled for February 2026)
- Added
me-central-1
region support to the following harvesters:AwsWebAppHarvester
AirflowEnvironmentHarvester
AppStreamFleetHarvester
BackupVaultHarvester
BatchEnvironmentHarvester
BigDataServerlessNamespaceHarvester
BigDataServerlessWorkgroupHarvester
BuildProjectHarvester
- Added
ap-south-2
region support to the following harvesters:AirflowEnvironmentHarvester
BackupVaultHarvester
BatchEnvironmentHarvester
BigDataServerlessNamespaceHarvester
BigDataServerlessWorkgroupHarvester
- Expanded Instance resource to store Azure availability zone and scale set membership.
- Updated Azure label for Database resource to display SQL Pool Database.
- Updated Azure Storage Account Harvester to include SMB settings.
- Added redundancy type visibility for Azure storage accounts.
- Added harvesting of TDE automatic key rotation setting for Azure SQL Managed Instances.
- Added support for new OCI Instance property: In Transit Encryption.
- Added support for AWS RDS clusters to the Terraform converter.
- Updated the description text in the Insight severity update modal to improve user understanding.
Fixed:
- Detaching an instance no longer deletes its network interface in Cloud Security.
- Fixed an issue where
GoogleInstanceInterfaceIpHarvester
failed when the instance was deleted mid-harvest or before Cloud Asset Inventory registered the removal. - Fixed inconsistent behavior in Alibaba Cloud where instances were not correctly associated with subnets.
- Resolved failures in
TimeseriesDatabaseHarvester
caused by deprecation of the Timeseries Database resource in AWS for new accounts. - Updated
DatabaseInstanceHarvester
to account for AWS VPC Sharing and correctly associate database instances with networks across organization services. - Fixed
BackupVault
converter for AWS infrastructure as code (Terraform).
Version 25.7.22
Update on release 25.7.22
We’ve decided not to move forward with the 25.7.22 release. During final checks, we identified a few issues in our release pipeline and front-end systems that could impact delivery. Rather than risk disrupting your current experience, we’re holding this release to ensure everything meets our quality standards.
The main features planned for 25.7.22 are important, especially for our larger customers, and we’re committed to delivering them in a stable and reliable update. Several smaller improvements originally included in this release will now be part of the upcoming 25.7.29 release.
Version 25.7.15
Software release date: July 15, 2025 | Release notes published: July 14, 2025
Version 25.7.15 availability
The 25.7.15 release will include three major new features: a new Bot Factory interface, container attack paths and public accessibility, and enhanced Oracle Cloud Infrastructure (OCI) Compartments support. To help ensure stability, customers with larger, more complex environments will not receive this release. All customers are expected to receive version 25.7.22, which includes these features in addition to standard weekly improvements and fixes.
New Azure permissions required
These permissions support the Azure Capacity Reservation and Azure Capacity Reservation Group resources. All permissions (and any relevant wildcard equivalents) have been added to the appropriate onboarding user roles.
\"Microsoft.Compute/capacityReservations/read\"
\"Microsoft.Compute/capacityReservationGroups/read\"
Improved:
- Added a new interface for the Bot Factory page. You can access the new interface by using the Switch to Modern UI button.
- Added support for AWS-based containers to Attack Paths and public accessibility checks.
- Enhanced support for Oracle Cloud Infrastructure (OCI) Compartments:
- Promoted Compartments to the Organization Services level
- Improved resource harvesting accuracy
- Added a dedicated Compartments tab to OCI Cloud Account Details.
- Deprecated the following Insights:
- Access List Exposes High Risk Port to the Public
- Access List Exposes High Risk UDP Ports to the Public
- Access List Exposes SSH to the Public (SG)
- Access List Exposes Windows RDP to the Public (SG)
- Added the following Insights to replace deprecated ones:
- Resource Access List Exposes Critical Ports to the Public
- Resource Access List Exposes High-Risk UDP Ports to the Public
- Resource Access Lists Expose SSH Ports to the Public
- Resource Access Lists Expose Windows RDP Ports to the Public
- Expanded the Database Instance resource harvester to include geo-redundant backup information.
- Added harvester support for Azure Capacity Reservation Groups and Reservations.
- Added Query Filters:
- Database Instance With Geo-Redundant Backup Disabled
- Capacity Reservation Group Without Reservations
- Capacity Reservations By Capacity
- Capacity Reservations By Fault Domain Count
- Cloud Group Without Users and Managed Identities
- Added Insights:
- Cloud Group Without Users and Managed Identities
- Added
finding_id
column to theKubernetesFindings
table, set asprovider_id
. - Renamed Data Collections to Data Groups. This is a visual change only and does not affect functionality. The new name appears in buttons, navigation, and entitlement labels.
- Renamed Query Filter Cloud Group Orphaned to Cloud Group Without Users.
Fixed:
- Fixed support for Terraform Infrastructure as Code scans involving AWS AppSync API resources.
- Fixed a UI issue where refreshing the tag overview page in Tag Explorer would display an error.
- The following resource types are now fully removed when running the
OrphanedResourceCleanup
job:- AI Service Deployment
- Bedrock Agent
- Bedrock Guardrail
- Bedrock Model
- Bedrock Training Job
- Comprehend Job
- Connect Instance
- Data Lake Source`
- Elasticsearch Ingest Pipeline`
- Kubernetes Finding
- Polly Synthesis Task
- Vertex Job
- Fixed an issue where threat findings could not be harvested from newly created GCP projects due to use of the deprecated v1 Security Command Center API. ICS now uses the v2 API.
Version 25.7.8
Software release date: July 8, 2025 | Release notes published: July 7, 2025
New Alibaba Cloud permissions required
These permissions support the ApsaraDB resources. All permissions (and any relevant wildcard equivalents) have been added to the appropriate onboarding user roles.
\"rds:DescribeDBInstanceEncryptionKey\"
Improved
-
Added Insights:
- Azure Databricks Not Deployed in a Customer-Managed Vnet (maps to CIS Azure 4.0 Recommendation 3.1.1)
- Azure Storage Account Blob Versioning Not Enabled (maps to CIS Azure 4.0 Recommendation 10.2.2)
- Virtual Network Flow Log Retention Less Than 90 Days
- Virtual Network Flow Log Without Traffic Analytics Enabled
-
Added Query Filters:
- Storage Account Blob Versioning Status (maps to CIS Azure 4.0 Recommendation 10.2.2)
-
Added validation to the IaC configuration creation API endpoint to ensure all Insight IDs are structured correctly.
-
Added support for creating tags on GCP DNS Domain resources.
-
Updated the following Insight details based on CIS Azure 3.0 benchmarks and recommendations:
- Database Instance without Log Auditing Enabled (MySQL)
- Database Instance without Connection Log Auditing Events (MySQL)
- Encryption Key not Supporting Key Rotation
- Storage Account Storing Activity Logs Encrypted using Customer Managed Key (formerly …using Cloud Managed Key)
- Web App With Remote Debugging Enabled
- Database Instance without Transparent Data Encryption (SQL)
- Storage Container Soft Delete Disabled
- Storage Account Allows Access from the Public
- Storage Account without Microsoft Azure Services Bypass Enabled
-
Updated the System Profile Settings page and API documentation to display your base URL for API calls.
-
Added Azure support for the following Insights:
- Encryption Key Without 90 Day Rotation Period Enforced
- Compute Instance Recently Backed Up
- Compute Instance Backup Age Exceeds
-
Added new harvesters for CloudWatch Deliveries, Delivery Sources, and Delivery Destinations.
Fixed
- Creation timestamp is now correctly populated on AWS SSH Key Pair resources in Infrastructure as Code (IaC) scans.
- Resolved issue where Azure ResourceLocks were not being linked with private endpoints.
- Insight CloudFront Not Logging detection now considers v2 Standard Logging configurations.
- Resolved an issue where database flags without values caused the Google DatabaseInstanceHarvester to fail.
- Fixed a pagination issue with the
SnapshotHarvester
that occurred when a large number of snapshots existed in one region. - The Limit Folder by Parent IDs feature in the Manage Organization interface for Azure cloud accounts now checks for exact parent ID matches rather than prefix matches.
Version 25.7.1
Software release date: July 1, 2025 | Release notes published: June 30, 2025
Improved
- We made several improvements to our user interface to ensure a cleaner and more consistent experience for the System Settings pages. Additionally, the option to Switch to Legacy UI has been removed.
- Deprecated Insights and Compliance Packs will now remain visible in the UI until their specified removal version, allowing more time for transition and minimizing workflow disruptions.
- Expanded Azure Container Registry fields to include local admin and managed identity information.
- Added Insights:
- Encryption Key Vault With Public Network Access Enabled When Using Private Endpoint
- Databricks Workspace Enable Customer Managed Keys (CMK)
- Removed the option to automatically deploy Azure LPA outside of a Virtual Network because it is less secure.
- The filenames for downloaded reports in Settings > Diagnostics > General > System Diagnostics Reports have been updated for clarity:
- Bots and Their Configuration
- Before:
CloudSec-InsightCloudSec-<today_date_time>
- Now:
CloudSec-bots-<today_date_time>
- Before:
- Processor Jobs and Queue Health
- Before:
CloudSec-InsightCloudSec-<today_date_time>
- Now:
CloudSec-processors-<today_date_time>
- Before:
- Bots and Their Configuration
Fixed
- Orphaned Kubernetes findings are now correctly removed by the
OrphanedResourceCleanup
job. - The Resource Encrypted With Cloud Managed Key Query Filter now fails as expected when the
KmsKeyId
property is omitted. - Fixed a sync issue between vulnerability fix versions and remediation summaries.
- Resolved an issue where the total vulnerability count did not update correctly when filtering by Cloud Account ID on the Vulnerabilities page.
SIEM (InsightIDR)
Release notes published: July 21, 2025
Improved:
- On the event source form:
- Optional “Description” field added to Custom Logs event sources for elaborating on the data that should be ingested.
- Cisco IOS event source form updated with more organized field structure.
- Concise copy introduced in the Data Settings section of the event source form.
- Additional field descriptions added for improved usage clarity.
Fixed:
- Unexpected appearance of asset update error banner on Asset Details page resolved.
- Event sources can now be added on outdated versions of Chrome.
- Honey Files table now automatically refreshes after adding or deleting entries.
- Active Directory Admin Activity button now routes to a valid query in Log Search.
- Multiple IPs inputted in the Event Source form are now correctly parsed.
InsightVM
Version 8.16.0
Software release date: July 30, 2025 | Release notes published: July 28, 2025
Improved
-
Enhanced tag management with more granular user permissions, giving you greater control over who can manage tags in your environment. New permissions include:
- Manage Site Tags – Allows users to add or remove tags from a site.
- Manage Asset Tags – Allows users to add or remove tags from individual assets within a site.
- Manage Group Tags – Allows users to add or remove tags from asset groups.
-
Updated built-in content to support CIS Microsoft Windows Server 2019 STIG Benchmark version 3.0.0, expanding coverage for secure configuration assessments.
Version 8.15.1
Software release date: July 17, 2025 | Release notes published: July 17, 2025
Fixed
- Fixed an issue that was impacting scheduled scans under certain conditions.
Version 8.15.0
Software release date: July 17, 2025 | Release notes published: July 17, 2025
Improved
- Added recurring coverage support for FortiClient for Windows.
- Added recurring coverage support for Ivanti Cloud Services Application.
- Updated the CIS Oracle Database 19c Benchmark to version 1.2.0.
- Enhanced scan schedule configuration: you can now select from all available asset groups when excluding assets, not just those tied to the selected site.
Fixed
- Resolved an issue with asset data retention that affected the Vulnerability Trends Report. Reports now reflect accurate historical data based on the selected time period.
- Fixed an issue in the CIS Microsoft Windows 11 Enterprise Benchmark v4.0.0.
Version 8.14.0
Software release date: July 9, 2025 | Release notes published: July 7, 2025
Fixed
- Fixed an issue impacting successful backup and restore operations under specific conditions.
- Fixed an issue that affected trend graphs and reporting accuracy following asset deletions
- Fixed a data synchronization issue that could occur during certain console restart scenarios.
- Added a fix to improve the accuracy of Fingerprint Certainty reporting.
Threat Intelligence (Intelligence Hub)
No updates released at this time.
Nexpose
Version 8.16.0
Software release date: July 30, 2025 | Release notes published: July 28, 2025
Improved
-
Enhanced tag management with more granular user permissions, giving you greater control over who can manage tags in your environment. New permissions include:
- Manage Site Tags – Allows users to add or remove tags from a site.
- Manage Asset Tags – Allows users to add or remove tags from individual assets within a site.
- Manage Group Tags – Allows users to add or remove tags from asset groups.
-
Updated built-in content to support CIS Microsoft Windows Server 2019 STIG Benchmark version 3.0.0, expanding coverage for secure configuration assessments.
Version 8.15.1
Software release date: July 17, 2025 | Release notes published: July 17, 2025
Fixed
- Fixed an issue that was impacting scheduled scans under certain conditions.
Version 8.15.0
Software release date: July 17, 2025 | Release notes published: July 17, 2025
Improved
- Added recurring coverage support for FortiClient for Windows.
- Added recurring coverage support for Ivanti Cloud Services Application.
- Updated the CIS Oracle Database 19c Benchmark to version 1.2.0.
- Enhanced scan schedule configuration: you can now select from all available asset groups when excluding assets, not just those tied to the selected site.
Fixed
- Resolved an issue with asset data retention that affected the Vulnerability Trends Report. Reports now reflect accurate historical data based on the selected time period.
- Fixed an issue in the CIS Microsoft Windows 11 Enterprise Benchmark v4.0.0.
Version 8.14.0
Software release date: July 9, 2025 | Release notes published: July 7, 2025
Fixed
- Fixed an issue impacting successful backup and restore operations under specific conditions.
- Fixed an issue that affected trend graphs and reporting accuracy following asset deletions
- Fixed a data synchronization issue that could occur during certain console restart scenarios.
- Added a fix to improve the accuracy of Fingerprint Certainty reporting.
Attack Surface Management (Surface Command)
No updates released at this time.
Digital Risk Protection (Threat Command)
No updates released at this time.