Remediate Risk Across Cloud and On-Prem Environments
Copy link

Remediation Hub offers a list of prioritized updates called remediations that are focused on reducing vulnerability risk. This list makes the Remediation Hub the first place you should check to drive risk reduction across your hybrid environments.

Access Remediation Hub
Copy link

Remediation Hub is accessible from the Command Platform. To view the Remediation Hub, you must have Command Platform Administrator (Shared) permissions and at least one of the following:

  • Vulnerability Management (InsightVM) - Global Administrator
  • Cloud Security (InsightCloudSec) - Domain Admin, Domain Viewer, or Organization Admin
  • Attack Surface Management (Surface Command) - Surface Command Admin
ℹ️

Vulnerabilities data sources

Vulnerability data comes from Vulnerability Management (InsightVM), Cloud Security (InsightCloudSec), and relevant Surface Command Connectors. For setup instructions, see:

Explore Remediation Hub
Copy link

Remediation Hub contains three main sections:

Emergent threats
Copy link

Rapid7’s security research team actively monitors and researches emergent threats. Emergent Threat Response delivers fast expert analysis and first-rate security content for the highest priority security threats to help you understand your exposures and act quickly to protect your assets from exploitation. When there is an active emergent threat, Remediation Hub notifies users with a callout banner at the top of the page that Rapid7 teams are responding. This callout initially provides a link to a blog post that is constantly being updated. As more becomes known about the vulnerability and content is created in various Rapid7 solutions, the Remediation Hub shows customers the CVE numbers and the impact on assets across their environment. Emergent threats are shown for 14 days. If there is no current emergent threat, the banner will not be displayed.

Key metrics
Copy link

The following key metrics are displayed at the top of the Remediation Hub:

MetricDescription
Total RiskNormalized, aggregate score (from 0 to 1000) representing the risk across your cloud and on-prem environments.
Vulnerability Findings RemediatedNumber of vulnerability findings expected to be remediated if the top 25 remediations are implemented.
Assets UpdateNumber of assets that would be updated if the top 25 remediations are implemented.

Remediations
Copy link

All risks are paired with a remediation (previously known as a solution). Each remediation in the table includes the following:

  • Type (on-prem or cloud)
  • A short description of the remediation
  • A risk score calculated from the active risk score on the vulnerabilities and total number of assets impacted
  • The number of assets, images, CVEs, and findings that are associated with the risk
    • Note that due to the time it takes to sync data for Remediation Hub, the count of assets affected by a given remediation may vary between Remediation Hub, Cloud Security (InsightCloudSec), and InsightVM.
  • The source of the remediation. Learn more about third-party vulnerabilities and remediations.

Click Export to export the top 25 remediations in the current view.

You can apply filters to reduce the scope of remediations and assets returned in the Remediation Hub. Some filters, such as Reboot Required or patch management status, are based on asset-level conditions. As a result, the Remediation Hub table may not visibly change, even when a filter is applied.

To confirm how a filter affects results, open a remediation and review the Impacted Assets tab.

ℹ️

Have endpoint protection or patch management software connected to Attack Surface Management (Surface Command)?

If you have endpoint protection or patch management software connected to Attack Surface Management (Surface Command) , you can filter on either of these to quickly find remediations that rely on your existing mitigation controls. Review Assess endpoint protection and patch management coverage for more information.

Details
Copy link

Click a remediation from the table to open a panel containing an AI overview of the remediation, details on the total number of impacted assets and vulnerabilities, and a description of the remediation.

Depending on the type of asset, available details may differ but can include:

  • Asset Name
  • Resource ID and type
  • Physical site
  • Cloud account
  • Owner
  • Vulnerability proof
  • Vulnerability name, severity, and risk

If the asset is available in Vulnerability Management (InsightVM) or Attack Surface Management (Surface Command), you can click Actions (…) > View Asset or Actions (…) > View Attack Surface to view the asset in Vulnerability Management (InsightVM) or Attack Surface Management (Surface Command), respectively.

AI Overview
Copy link

ℹ️

Concerns about AI?

Rapid7 does not use any customer data for training or fine-tuning our large language models (LLMs), nor do we share your data with any third-party LLMs for their training purposes. If you would prefer to opt out of AI usage, contact your CSA or Support.

Rapid7 offers AI-generated summaries of a remediation that help you understand the criticality, exploitability, and potential impact of the CVEs detected in the environment, highlighting the risks of not applying a remediation. Business context, such as asset tags and affected systems, is also included with the analysis to help your security teams understand the operational complexity involved. Additionally, the AI Overview enhances remediation insights with clear, actionable recommendations and next steps for effective implementation.

The summaries are generated from data already visible in Remediation Hub and Rapid7’s own vulnerability intelligence. The model is never trained on your data, never sends information outside Rapid7’s secure, access-restricted infrastructure, and outputs are isolated per organization.

You can use icons at the bottom of the AI Overview panel to send Rapid7 feedback about the feature. This helps Rapid7 monitor quality and improve the feature over time.

Third-party vulnerabilities and remediations
Copy link

Remediation Hub can report vulnerabilities and remediations from third-party sources if the matching Attack Surface Management (Surface Command) connector is installed. Remediation Hub supports this functionality for the following connectors:

  • Amazon Inspector
  • Claroty xDome
  • Dragos Vulnerability
  • ManageEngine Endpoint
  • Orca
  • Qualys Vulnerability Management Detection & Response (VMDR)
  • Red Hat Insights
  • SentinelOne
  • Tenable (Tenable.io)
  • Tenable Security Center (SC)
  • Wiz

Assess endpoint protection and patch management coverage
Copy link

On the Impacted Assets tab, the Endpoint Protection and Patch Management columns show the status of mitigating controls for each asset. These columns use the following statuses to indicate whether the control is detected for the asset:

StatusDescription
AvailableA supported Attack Surface Management (Surface Command) connector confirms the mitigating control for the asset.
  • Patch Management: A patch management connector is available for the asset.
  • Endpoint Protection: An endpoint protection connector reports MITRE ATT&CK mitigation  M1040 or M1049 for the impacted asset. You can also hover over the status to see any available MITRE ATT&CK framework mitigation details.
NoneThe asset exists in Attack Surface Management (Surface Command) but no connector reports the mitigating control.
  • Patch Management: No patch management connector is associated with the asset.
  • Endpoint Protection: No connector reports MITRE ATT&CK mitigations M1040 or M1049 for the asset.
UnknownThe asset was not found in Attack Surface Management (Surface Command), so the Command Platform cannot determine whether patch management or endpoint protection controls are available. This may occur when Attack Surface Management (Surface Command) is not enabled or the asset exists in another source (for example, Vulnerability Management (InsightVM)) but has not been discovered by or synced into Attack Surface Management (Surface Command) yet.
Reboot RequiredPatch Management only. The asset requires a reboot before the Command Platform can retrieve the latest control status.

Trigger workflows for assets
Copy link

You can trigger Automation (InsightConnect) workflows directly from the remediation details panel. Click Send to Workflow to open a panel containing Automation (InsightConnect) workflows. Automation (InsightConnect) workflows appear on the panel if they have the Remediation Hub trigger. You can also click Create Workflow to open the Automation (InsightConnect) Workflows page. To learn more about creating and managing workflows, see the Automation (InsightConnect) documentation .

ℹ️

Asset limit for workflow

The Send to Remediation Hub workflow currently supports up to 10,000 assets. If the selected remediation contains more than 10,000 assets, you need to add filters.