Get Started

Cloud Capabilities

Collectors

Automation

Cloud Configuration Assessment

Sites

Scan Engines

Scan Templates

Scan Credentials

Scan Assistant

Alerts and Schedule

Dynamic Discovery

Other Scanning Resources

Assess

Act

Report

SQL Query Export

Tune

Users and Authentication

Integrations

Resources

Release Notes

Support

End-of-life Announcements

Cloud Configuration Assessment (CCA) End-of-Life announcement

As of February 15, 2024, Rapid7 will start the End-of-Life process for the Cloud Configuration (CCA) feature in InsightVM.

Active users of CCA will continue to have access to CCA until the feature is officially removed. For those interested in retaining the capabilities of CCA, feature equivalents are included in our InsightCloudSec product and Exposure Command offering.

Why is CCA being removed?

Rapid7 knows that the ecosystems of IT are evolving beyond traditional infrastructure to use the scale and speed of the cloud as a strategic business advantage. In response to this, we’ve invested in dedicated products to serve similar use cases as CCA.

Access CCA capabilities with our InsightCloudSec product and Exposure Command offering:

InsightCloudSec provides more comprehensive capabilities and a superior experience compared to InsightVM for overall cloud security. You’ll be able to expand your existing coverage to include cloud risk management, unlimited on-premises vulnerability management, unlimited application security, and more in a single subscription.
Exposure Command goes beyond monitoring and asset inventory mapping, enriching telemetry with compliance and risk findings from Rapid7’s entire set of exposure management capabilities. With combined on-prem vulnerability management, cloud security, and application testing, you can shift from being reactive to proactive.

Schedule of Events

Date	Event
February 13, 2023	Rapid7 announces that CCA will no longer be supported by InsightVM.
March 13, 2023	Rapid7 no longer offers CCA for prospective InsightVM customers and ends support for non-active users of the feature.
February 15, 2024	Rapid7 announces that CCA is End-of-Life and will be removed from InsightVM.
February 15, 2025	CCA is no longer available in InsightVM.

FAQ

What if I am actively using this feature?

If you are actively using this feature, sustaining security support will continue for the next 12 months (until February 15, 2025). Beyond February 15, 2025, you will not be able to use CCA.

Reach out to your Customer Success Manager to discuss migration options.

How will I be identified as an active or inactive user?

You are considered an active user of CCA if you have one or more cloud connections configured and you’ve visited the Cloud Configuration Assessment page in InsightVM at some point during a 3-month period.

You are considered an inactive user of CCA when you have zero cloud connections or have not visited the Cloud Configuration Assessment page in InsightVM for 3 consecutive months. In this scenario, CCA will be removed after those 3 consecutive months of inactivity.

Am I able to export my CCA data?

No, there are no data export or reporting capabilities for CCA data. CCA was designed for users to work with data within InsightVM’s UI, which only ever displayed the most recent assessment results. A historical or trending view of the data was never offered. There was an Experimental Cloud API available at one point, but it was EOL’d on January 20, 2023, and cannot be re-enabled.

What is InsightCloudSec?

InsightCloudSec is a fully-integrated cloud-native security platform solution. With InsightCloudSec you can monitor cloud risk in real time, prioritize risk with layered context, automate cloud compliance any way you need, and more. For more information about InsightCloudSec, see our use cases.

What is Exposure Command?

Exposure Command is a Rapid7 offering that combines the power of complete attack surface visibility with high-fidelity risk context and insight into your organization’s security posture. Findings are aggregated from our native exposure detection capabilities for cloud and on-prem (including containers and Kubernetes) in addition to any third-party exposure and enrichment sources you already have in place.

For more information about Exposure Command, review our solution breakdown and overview doc.

How does the CCA feature compare to what is available in InsightCloudSec?

Simply put, InsightCloudSec offers you the same capabilities that were available in CCA but in a much more robust offering.

InsightCloudSec was built for organizations that have substantial investments in public cloud infrastructure and see the cloud as a significant strategic move or competitive advantage for their business going forward. It includes many cloud security capabilities for more than 150 resource types across AWS, Azure, GCP, Alibaba Cloud, Oracle Cloud, and Kubernetes.

Notable improvements include the ability to:

Customize compliance packs to include exceptions or custom checks tailored to your specific business needs
Configure scheduling
Get real-time visibility into changes made to the most critical cloud resources with Event-Driven Harvesting

For more details, refer to our comparison breakdown.

Who should I contact if I have more questions?

Reach out to your CSM or Account Executive with any additional questions.

Did this page help you?

End-of-life Announcements

Container Security End-of-Life announcement

End-of-life Announcements

Cloud Configuration Assessment, Container Security, and Built-in Automation Workflows change in feature availability announcement