What's new in March 2025

This article was published on April 8, 2025.

Learn about what we released in March 2025. These capabilities are now available across the Command Platform:

Attack surface

Your attack surface is comprised of all of the potential entry points that attackers could exploit across your systems, applications, and networks. Developing knowledge of your attack surface is a key goal in improving your company's security posture.

Protect your asset space with Surface Command integrations

Surface Command now integrates with new third-party tools to expand attack surface visibility and automation.

With this capability, you can:

  • Achieve full-spectrum visibility across assets and identities.
  • Correlate vulnerabilities across multiple tools.
  • Automate security workflows using integrated APIs.

Impacted Offerings:

  • Exposure Command
  • Surface Command

Where:
Surface Command > Integrations > Connectors

Configure multiple copies of the same connector with ease

Surface Command now supports deploying multiple instances of the same connector, improving flexibility for distributed infrastructures.

With this capability, you can:

  • Avoid manual workarounds for duplicate data sources.
  • Configure connectors without custom packages.
  • Ensure consistent visibility across locations.

Impacted Offerings:

  • Exposure Command
  • Surface Command

Where:
Surface Command > Connectors

Gain broader context with upcoming Surface Command integrations

Coming soon to Surface Command, new connectors for AttackerKB and KACE Asset Management will enrich contextual data.

With this capability, you can:

  • Import curated vulnerability and asset data.
  • Enrich security context across tools.
  • Automate actions using connected API workflows.

Impacted Offerings:

  • Exposure Command
  • Surface Command

Where:
Surface Command > Connectors

Risk

Risk is the potential for loss or damage to your assets, operations, or reputation, due to vulnerabilities being exploited by a bad actor. Security teams must assess the risk level by evaluating the likelihood of a threat occurring and the impact that it would have if realized.

Ingest cloud log data faster with expanded event sources

Cloud event data can now be ingested directly into Rapid7’s detection products without additional software.

With this capability, you can:

  • Receive logs from cloud platforms using webhooks and S3.
  • Integrate sources like Mimecast 2.0 with Next-Gen SIEM formats.
  • Reduce deployment time and simplify log expansion.

Impacted Offerings:

  • InsightIDR
  • Managed Threat Complete
  • MDR

Where:
Command Platform > Event Sources

Centralize reporting with unified Executive Risk View reports

Executive Risk View reports are now available in the Command Platform, consolidating reporting across Rapid7 products.

With this capability, you can:

  • Consolidate risk reports into a centralized platform.
  • Access cross-product reports on demand.
  • Streamline visibility into your security posture.

Impacted Offerings:

  • Exposure Command
  • InsightCloudSec
  • InsightVM

Where:
Command Platform > Reports

Threat

A threat is any potential event or action that could exploit vulnerabilities in a system, causing harm to assets, data, or operations. Threats can originate from various sources, including malicious actors, natural disasters, or unintentional human errors.

Detect brand impersonation with expanded mobile app monitoring

Threat Command now includes enhanced alerting for apps hosted on mirror sites and new app stores. These updates help detect and respond to unauthorized mobile apps impersonating your brand.

With this capability, you can:

  • Monitor additional app stores for brand impersonation.
  • Receive alerts on suspicious apps hosted on mirror sites.
  • Broaden mobile threat coverage to protect your customers.

Impacted Offerings:

  • MDRP
  • Threat Command

Where:
Threat Command > Alerts

Threat Command now provides broader monitoring across key social platforms to help identify and respond to impersonation threats faster. New capabilities proactively identify suspicious profiles and activity across LinkedIn, Roblox, and Facebook Ads.

With this capability, you can:

  • Detect impersonation threats targeting executive and sector-specific roles on LinkedIn.
  • Monitor Roblox for malicious activity targeting younger audiences.
  • Detect and address brand abuse in fraudulent Facebook ad campaigns.

Impacted Offerings:

  • MDRP
  • Threat Command

Where:
Threat Command > Alerts

Improve investigation with normalized Windows event parsing

Windows Event Code parsing has been standardized across Rapid7 log sources, making it easier for analysts to search, filter, and visualize security-relevant activity.

With this capability, you can:

  • Search event fields like username and activity type with consistent field names.
  • Detect common signals such as privilege escalation or local service creation.
  • Accelerate triage by reducing manual effort in interpreting raw event logs.

Impacted Offerings:

  • InsightIDR
  • Managed Threat Complete
  • MDR

Where:
Command Platform > Log Search

Investigate faster with principal API activity timeline (AWS)

Cloud Detection & Response now includes a graph-based timeline that shows user and role activity across your environment to speed up investigations.

With this capability, you can:

  • View time-based API activity by principal across AWS. environments.
  • Correlate actions across systems to detect suspicious behavior.
  • Gain visibility into account behavior using cloud audit logs.

Impacted Offerings:

  • MDR
  • Managed Threat Complete

Where:
Cloud D&R > Principal Activity

Administration

Administration focuses on refining platform controls, improving navigation, and enhancing user management. Updates streamline permissions, configurations, and logging, creating a more intuitive and efficient experience for administrators.

Prioritize and investigate alerts at scale with Alert Triage

Our enhanced alert management capabilities streamline workflows and improve efficiency for InsightIDR and MDR users.

With this capability, you can:

  • Perform faster, more focused alert investigations.
  • Apply bulk actions and saved filters to triage efficiently.
  • Group alerts for improved organization and response.

Impacted Offerings:

  • InsightIDR
  • Managed Threat Complete

Where:
InsightIDR > Alerts
MDR > Alert Management

Triage AI-dispositioned alerts faster with improved visibility

InsightIDR now includes a redesigned alert interface to make AI-driven triage decisions more transparent and actionable.

With this update, you can:

  • See data inputs used in AI Alert Triage decisions.
  • Filter alerts based on AI Suggested Disposition for easier review.
  • Validate AI results directly from the Alert Triage.

Impacted Offerings:

  • Managed Threat Complete
  • MDR

Where:
InsightIDR > Alerts

Streamline alert management at scale with new triage workflows

A new alert management experience in InsightIDR and MDR streamlines workflows in complex environments.

With these enhancements, you can:

  • Perform bulk actions and custom queries.
  • Save and reuse advanced filter scopes.
  • Track alert handling for better accountability.

Impacted Offerings:

  • InsightIDR
  • Managed Threat Complete
  • MDR

Where:
InsightIDR > Alerts

Access real-time service data with the Detection and Response Dashboard

A new dashboard enables customers to monitor alert trends, SLOs, and service performance in real time.

With this dashboard, you can:

  • View real-time metrics across alert sources and platforms.
  • Compare service level performance against key thresholds.
  • Generate snapshots to share operational insights.

Impacted Offerings:

  • Managed Threat Complete
  • MDR

Where:
InsightIDR > Dashboards