September 2025 Release Notes

The Command Platform release notes include information about what’s new, which are updated monthly, and improvements and fixes, which are updated weekly.

What’s New

Learn about new features across the Command Platform. These features were released over the past month and are available now:

• Attack surface: Attack Surface Management, Exposure Command

• Risk: Vulnerability Management, Continuous Red Teaming

• Prioritize high-impact fixes with Remediation Hub for Vulnerability Management (InsightVM)

• Validate internal segmentation controls with Vector Command Advanced

• Explore Vulnerability Management (InsightVM) with refreshed visuals

• Threat: SIEM, MDR, MTC

  • Empower faster threat detection with AI-Powered Log Search
  • Simplify GCP SCC Alerts with Triage-as-Code
  • Add rich asset context to GCP SCC alerts with ICS enrichment
  • Enhance Threat Coverage with Migrated Detection Rules

• Administration: Application Security, Exposure Command

  • Sync vulnerability updates using ServiceNow’s new Yokohama AI

Attack surface

Your attack surface is comprised of all of the potential entry points that attackers could exploit across your systems, applications, and networks. Developing knowledge of your attack surface is a key goal in improving your company’s security posture.

• Protect your attack surface with Surface Command integrations

Risk

Risk is the potential for loss or damage to your assets, operations, or reputation, due to vulnerabilities being exploited by a bad actor. Security teams must assess the risk level by evaluating the likelihood of a threat occurring and the impact that it would have if realized.

• Prioritize high-impact fixes with Remediation Hub for Vulnerability Management (InsightVM)
• Validate internal segmentation controls with Vector Command Advanced
• Explore Vulnerability Management (InsightVM) with refreshed visuals

Prioritize high-impact fixes with Remediation Hub for Vulnerability Management (InsightVM)

In Vulnerability Management (InsightVM), Remediation Hub is now available to all customers, bringing data-driven remediation guidance to the forefront of your vulnerability management strategy. Powered by the threat-aware Active Risk Score, this feature enables teams to reduce risk faster and more efficiently.

With this capability from Response & Remediation > Remediation Hub, you can:

• Accelerate risk reduction by targeting remediations that eliminate large volumes of vulnerabilities in bulk.
• Minimize rework with intelligent supersedence logic that identifies the most effective fix.
• Maximize team productivity by focusing effort where it has the highest impact.

Top of page

Validate internal segmentation controls with Vector Command Advanced

In Continuous Red Teaming (Vector Command Advanced), this new managed services offering goes beyond visibility by proving exposure and segmentation effectiveness, bridging the gap between alerts and actionable control validation, and delivering compliance-ready evidence for PCI, ISO, NIST, and internal audits.

With this capability from Findings > Red Team Findings, you can:

• Conduct a goal-based internal penetration test and segmentation test each year.
• Generate compliance-ready evidence for frameworks like PCI, ISO, and NIST.
• Receive persistent reconnaissance of your external attack surface to discover internet-facing assets.
• Review expert-vetted findings to drive prioritization and incorporate expert remediation guidance.

Top of page

Explore Vulnerability Management (InsightVM) with refreshed visuals

In Vulnerability Management (InsightVM), the cloud-based experience has been updated to align with other user interfaces on the Command Platform. This refresh modernizes colors, fonts, and styling, bringing consistency across the Command Platform without changing how you use our solutions.

With this update in Vulnerability Management, you can:

• Use a consistent and accessible visual language across the Command Platform.
• Navigate without needing to learn new workflows.
• Benefit from updated styling for 30+ components, including buttons, tables, and tooltips.

Top of page

Threat

A threat is any potential event or action that could exploit vulnerabilities in a system, causing harm to assets, data, or operations. Threats can originate from various sources, including malicious actors, natural disasters, or unintentional human errors.

• Empower faster threat detection with AI-Powered Log Search
• Simplify GCP SCC Alerts with Triage-as-Code
• Add rich asset context to GCP SCC alerts with ICS enrichment
• Enhance Threat Coverage with Migrated Detection Rules
• Visualize detection coverage with MITRE ATT&CK mapping

Empower faster threat detection with AI-Powered Log Search

In SIEM, Managed Detection and Response (MDR), and Managed Threat Complete (MTC), searching logs can be slow and error-prone. Now, you can write queries in plain language to uncover threats more quickly.

With this capability from Alerts > Log Search, you can:

• Generate queries using natural language instead of LEQL syntax.
• Reduce troubleshooting time with proactive, contextual suggestions.
• Improve accessibility for new or non-technical analysts.

Top of page

Simplify GCP SCC Alerts with Triage-as-Code

In SIEM, MDR, and MTC, alerts from Google Cloud SCC are now automatically translated into plain language using Triage-as-Code (TRaC). This reduces complexity and makes alerts easier to prioritize and act on.

With this capability from Alerts, you can:

• Understand GCP SCC alerts more clearly to speed up triage and response.
• Reduce errors caused by misinterpreting technical alert language.
• Empower less specialized analysts to confidently manage cloud alerts.

Top of page

Add rich asset context to GCP SCC alerts with ICS enrichment

In SIEM, MDR, and MTC (requires an active Cloud Security account), Google Cloud Security Command Center (SCC) alerts now include deeper context through enrichment from Cloud Security (InsightCloudSec). Asset details, vulnerabilities, misconfigurations, and identity data are added directly to SCC alerts, giving analysts immediate visibility.

With this capability from Alerts, you can:

• Understand GCP SCC alerts more clearly to speed up triage and response.
• Reduce errors caused by misinterpreting technical alert language.
• Empower less specialized analysts to confidently manage cloud alerts.

Top of page

Enhance Threat Coverage with Migrated Detection Rules

In SIEM, the Detection Library continues to expand, delivering faster and broader threat coverage. This month, seven legacy rules and five third-party source rules have been migrated into the unified library.

With this capability from Intelligence > Detection Rules, you can:

• Detect high-risk activities such as watched or admin-led password resets with new rules.
• View migrated User Behavior Analytics (UBA) rules in a single library.
• Gain faster insights with consistent access to rules.

Upcoming rule retirements:

• LDAP Admin Added
• Blacklisted Authentication

Top of page

Administration

Administration focuses on refining platform controls, improving navigation, and enhancing user management. Updates streamline permissions, configurations, and logging, creating a more intuitive and efficient experience for administrators.

• Sync vulnerability updates using ServiceNow’s new Yokohama AI

Sync vulnerability updates using ServiceNow’s new Yokohama AI

In Application Security (InsightAppSec) and Exposure Command, Rapid7’s integrations with ServiceNow ITSM and Application Vulnerability Response (AVR) are now certified on ServiceNow’s Yokohama release. This ensures compatibility and access to new ServiceNow features with no configuration changes required for existing users.

With this capability from ServiceNow’s Appstore, you can:

• Sync vulnerability updates directly to ServiceNow without switching platforms.
• Automatically pull newly discovered vulnerabilities into ServiceNow for streamlined triage.
• Reduce manual data entry and duplication, improving DevOps collaboration.

Top of page

Improvements and Fixes

Keep track of improvements and fixes to core technology.

Application Security (InsightAppSec) and AppSpider

No updates released at this time.

Top of page

Cloud Security (InsightCloudSec)

No updates released at this time.

Top of page

SIEM (InsightIDR)

No updates released at this time.

Top of page

Vulnerability Management (InsightVM)

• 8.19.1

Version 8.19.1

Software release date: Sep 01, 2025 | Release notes published: Sep 04, 2025

Fixed:

• Resolved an issue introduced in version 8.19.0 that impacted navigation during platform user creation. Navigation now behaves as expected.

• Fixed an issue affecting the scan duration timeout limit, ensuring that scans do not run beyond acceptable thresholds

Top of page

Nexpose

• 8.19.1

Version 8.19.1

Software release date: Sep 01, 2025 | Release notes published: Sep 04, 2025

Fixed:

• Fixed an issue affecting the scan duration timeout limit, ensuring that scans do not run beyond acceptable thresholds

Top of page

Digital Risk Protection (Threat Command)

No updates released at this time.

Top of page

Rapid7 Agent

No updates released at this time.

Top of page

Next-Generation Antivirus (NGAV)

No updates released at this time.

Top of page

Ransomware Prevention

No updates released at this time.

Top of page

Velociraptor

No updates released at this time.

Top of page