Get Started

Getting Started

Deploy

Onboard and Manage Accounts

Amazon Web Services (AWS)

Google Cloud Platform (GCP)

Microsoft Azure

Oracle Cloud Infrastructure (OCI)

Additional Providers

Collect and Integrate Data

Harvesting & Event-Driven Harvesting

Integrations

Understand Data

Inventory

Query Filters & Insights

Manage and Act on Data

Bots & Automation

Infrastructure as Code (IaC) Security

Cloud IAM Governance

Vulnerability Management

Workload Security

System Administration

System Settings

Developer Resources

API

Support

Remediate Risk Across Cloud and On-Prem Environments

Remediation Hub offers a list of prioritized updates called remediations that are focused on reducing vulnerability risk. This list makes the Remediation Hub the first place you should check to drive risk reduction across your hybrid environments.

Access Remediation Hub

Remediation Hub is accessible from the Command Platform. To view the Remediation Hub, you must have the following permissions:

Solution	Required Permission
Command Platform	Administrator (Shared)
InsightVM	Global Administrator
InsightCloudSec	Domain Admin, Domain Viewer, or Organization Admin

Vulnerabilities data requires InsightVM and InsightCloudSec

Vulnerability data originates from InsightVM and InsightCloudSec. For setup instructions, visit the InsightVM Quick Start Guide and the InsightCloudSec Cloud Vulnerability Management home page.

Understand Remediation Hub

Remediation Hub contains three main sections:

Emergent Threats (if available)
Key Metrics
Remediations

Emergent threats

Rapid7’s security research team actively monitors and researches emergent threats. Emergent Threat Response delivers fast expert analysis and first-rate security content for the highest priority security threats to help you understand your exposures and act quickly to protect your assets from exploitation. When there is an active emergent threat, Remediation Hub notifies users with a callout banner at the top of the page that Rapid7 teams are responding. This callout initially provides a link to a blog post that is constantly being updated. As more becomes known about the vulnerability and content is created in various Rapid7 solutions, the Remediation Hub shows customers the CVE numbers and the impact on assets across their environment. Emergent threats are shown for 14 days. If there is no current emergent threat, the banner will not be displayed.

Key metrics

The following key metrics are displayed at the top of the Remediation Hub:

Metric	Description
Total Risk	Normalized, aggregate score (from 0 to 1000) representing the risk of all vulnerabilities and assets across your cloud and on-prem environments.
Vulnerabilities Remediated	The percentage of vulnerabilities that will be remediated when implementing the top 25 remediations.
Assets Update	The number of assets that will be updated if the top 25 remediations are implemented.

Remediations

All risks are paired with a remediation (previously known as a solution). Remediations for assets without patch management or endpoint protection software are prioritized in the listing by default. Each remediation in the table includes the following:

Type (on-prem or cloud)
A short description of the remediation
The amount that the risk score is reduced by implementing the provided remediation
- For more information on how risk is calculated, visit How is Risk Calculated?
The number of assets, images, CVEs, and findings that are associated with the risk
- Note that due to the time it takes to sync data for Remediation Hub, the count of assets affected by a given remediation may vary between Remediation Hub, InsightCloudSec, and InsightVM.

You can apply filters to reduce the scope of remediations and assets returned from the Remediation Hub. Click Export to export the top 25 remediations in the current view.

Have endpoint protection or patch management software connected to Surface Command?

If you have endpoint protection or patch management software connected to Surface Command, you can filter on either of these to quickly find remediations that rely on your existing mitigation controls. Review Assess endpoint protection and patch management coverage for more information.

Click a remediation from the table to open a panel containing details on the total number of impacted assets and vulnerabilities as well as a description of the remediation. Depending on the type of asset, available details may differ but can include:

Asset Name
Resource ID and type
Physical site
Cloud account
Owner
Vulnerability proof
Vulnerability name, severity, and risk

Assess endpoint protection and patch management coverage

On the Impacted Assets tab, there are two columns that provide the status of mitigating controls for a given asset: Endpoint Protection and Patch Management. There are three statuses for these columns:

Status	Description
Available	Patch Management: Patch management connector is available for the impacted asset. Endpoint Protection: Endpoint protection connector has a MITRE ATT&CK mitigation of M1040 or M1049 for the impacted asset. You can also hover over the status to see any available MITRE ATT&CK framework mitigation details.
None	Patch Management: Asset exists in Surface Command but does not have an associated connector for patch management. Endpoint Protection: Asset exists in Surface Command but does not have an associated connector for MITRE ATT&CK mitigations M1040 or M1049.
Unknown	Asset could not be correlated in Surface Command, meaning you may not have Surface Command or the asset is not available in Surface Command yet.

Did this page help you?

Visibility & Reporting

Executive Risk View Dashboard Cards

Inventory

Review Resource Inventory