Remediate Risk Across Cloud and On-Prem Environments
Remediation Hub offers a list of prioritized updates called remediations that are focused on reducing vulnerability risk. This list makes the Remediation Hub the first place you should check to drive risk reduction across your hybrid environments.
Access Remediation Hub
Remediation Hub is accessible from the Command Platform. To view the Remediation Hub, you must have Command Platform Administrator (Shared) permissions and at least one of the following:
- Vulnerability Management (InsightVM) - Global Administrator
- Cloud Security (InsightCloudSec) - Domain Admin, Domain Viewer, or Organization Admin
- Attack Surface Management (Surface Command) - Surface Command Admin
Vulnerabilities data sources
Vulnerability data comes from Vulnerability Management (InsightVM), Cloud Security (InsightCloudSec), and relevant Surface Command Connectors. For setup instructions, see:
Explore Remediation Hub
Remediation Hub contains three main sections:
- Emergent Threats (if available)
- Key Metrics
- Remediations
Emergent threats
Rapid7’s security research team actively monitors and researches emergent threats. Emergent Threat Response delivers fast expert analysis and first-rate security content for the highest priority security threats to help you understand your exposures and act quickly to protect your assets from exploitation. When there is an active emergent threat, Remediation Hub notifies users with a callout banner at the top of the page that Rapid7 teams are responding. This callout initially provides a link to a blog post that is constantly being updated. As more becomes known about the vulnerability and content is created in various Rapid7 solutions, the Remediation Hub shows customers the CVE numbers and the impact on assets across their environment. Emergent threats are shown for 14 days. If there is no current emergent threat, the banner will not be displayed.
Key metrics
The following key metrics are displayed at the top of the Remediation Hub:
| Metric | Description |
|---|---|
| Total Risk | Normalized, aggregate score (from 0 to 1000) representing the risk across your cloud and on-prem environments. |
| Vulnerabilities Remediated | The percentage of vulnerabilities that will be remediated when implementing the top 25 remediations. |
| Assets Update | The number of assets that will be updated if the top 25 remediations are implemented. |
Remediations
All risks are paired with a remediation (previously known as a solution). Each remediation in the table includes the following:
- Type (on-prem or cloud)
- A short description of the remediation
- A risk score calculated from the active risk score on the vulnerabilities and total number of assets impacted
- For more information on how risk is calculated, visit How is Risk Calculated?
- The number of assets, images, CVEs, and findings that are associated with the risk
- Note that due to the time it takes to sync data for Remediation Hub, the count of assets affected by a given remediation may vary between Remediation Hub, Cloud Security (InsightCloudSec), and InsightVM.
- The source of the remediation. Learn more about third-party vulnerabilities and remediations.
You can apply filters to reduce the scope of remediations and assets returned from the Remediation Hub. Click Export to export the top 25 remediations in the current view.
Have endpoint protection or patch management software connected to Attack Surface Management (Surface Command)?
If you have endpoint protection or patch management software connected to Attack Surface Management (Surface Command) , you can filter on either of these to quickly find remediations that rely on your existing mitigation controls. Review Assess endpoint protection and patch management coverage for more information.
Click a remediation from the table to open a panel containing an AI overview of the remediation, details on the total number of impacted assets and vulnerabilities, and a description of the remediation.
Concerns about AI?
Rapid7 does not use any customer data for training or fine-tuning our large language models (LLMs), nor do we share your data with any third-party LLMs for their training purposes. For more details about the feature and how it works, see AI Overview. If you would prefer to opt out of AI usage, contact your CSA or Support.
Depending on the type of asset, available details may differ but can include:
- Asset Name
- Resource ID and type
- Physical site
- Cloud account
- Owner
- Vulnerability proof
- Vulnerability name, severity, and risk
If the asset is available in Vulnerability Management (InsightVM) or Attack Surface Management (Surface Command), you can click Actions (…) > View Asset or Actions (…) > View Attack Surface to view the asset in Vulnerability Management (InsightVM) or Attack Surface Management (Surface Command), respectively.
AI Overview
Rapid7 offers AI-generated summaries of a remediation that help you understand the criticality, exploitability, and potential impact of the CVEs detected in the environment, highlighting the risks of not applying a remediation. Business context, such as asset tags and affected systems, is also included with the analysis to help your security teams understand the operational complexity involved. Additionally, the AI Overview enhances remediation insights with clear, actionable recommendations and next steps for effective implementation.
The summaries are generated from data already visible in Remediation Hub and Rapid7’s own vulnerability intelligence. The model is never trained on your data, never sends information outside Rapid7’s secure, access-restricted infrastructure, and outputs are isolated per organization.
You can use icons at the bottom of the AI Overview panel to send Rapid7 feedback about the feature. This helps Rapid7 monitor quality and improve the feature over time.
Third-party vulnerabilities and remediations
Remediation Hub can report vulnerabilities and remediations from third-party sources if the matching Attack Surface Management (Surface Command) connector is installed. Remediation Hub supports this functionality for the following connectors:
- Amazon Inspector
- Claroty xDome
- Dragos Vulnerability
- ManageEngine Endpoint
- Orca
- Qualys Vulnerability Management Detection & Response (VMDR)
- Red Hat Insights
- SentinelOne
- Tenable (Tenable.io)
- Tenable Security Center (SC)
- Wiz
Assess endpoint protection and patch management coverage
On the Impacted Assets tab, there are two columns that provide the status of mitigating controls for a given asset: Endpoint Protection and Patch Management. There are three statuses for these columns:
| Status | Description |
|---|---|
| Available |
|
| None |
|
| Unknown | Asset could not be correlated in Attack Surface Management (Surface Command), meaning you may not have Attack Surface Management (Surface Command) or the asset is not available in Attack Surface Management (Surface Command) yet. |
Trigger workflows for assets
You can trigger Automation (InsightConnect) workflows directly from the remediation details panel. Click Send to Workflow to open a panel containing Automation (InsightConnect) workflows. Automation (InsightConnect) workflows appear on the panel if they have the Remediation Hub trigger. You can also click Create Workflow to open the Automation (InsightConnect) Workflows page. To learn more about creating and managing workflows, see the Automation (InsightConnect) documentation .
Asset limit for workflow
The Send to Remediation Hub workflow currently supports up to 10,000 assets. If the selected remediation contains more than 10,000 assets, you need to add filters.