Cloud Configuration Assessment, Container Security, and Built-in Automation Workflows change in feature availability announcement

Transitioning from Built-in Workflow Automation to Scalable, Integrated Solutions

As part of our continued commitment to evolving the InsightVM platform, the legacy built-in workflow automation feature was removed on Monday, June 30, 2025. This change paves the way for customers to adopt more flexible, powerful, and integrated automation through Exposure Command and InsightConnect—enabling you to orchestrate intelligent response actions across your security ecosystem.

Unlock Next-Level Automation with Supported Alternatives

To maintain and enhance your automation workflows, we recommend exploring the following supported extensions from the Rapid7 Extension Library :

• Sensor Isolation
  Automatically contain exposed or compromised assets.
  Explore Sensor Isolation Extension › 

• Cisco ISE Integration
  Automate network access control actions via Cisco Identity Services Engine.
  Explore Cisco ISE Extension › 

• Palo Alto PAN-OS Integration
  Dynamically enforce firewall rules in response to real-time risk signals.
  Explore Palo Alto Extension › 

Why This Matters

This transition isn’t just about replacing functionality—it’s about expanding what’s possible. By leveraging InsightConnect and Exposure Command, you gain the ability to:

• Build scalable, cross-platform workflows
• Trigger actions based on real-time exposure data
• Orchestrate containment and remediation with greater precision

We encourage all customers to evaluate these supported options to continue driving security automation in a more modular, extensible way.
For questions or migration support, please reach out to your Customer Success Manager or visit Rapid7 Extensions .

Starting March 13, 2023, Rapid7 will make a change to the following features:

• Cloud Configuration Assessment (CCA)
• Container Security
• Built-in Automation Workflows - Automated Containment (Carbon Black, Cisco ISE, Palo Alto PAN-OS) and Automation-Assisted Patching (IBM BigFix, Microsoft SCCM)

These features will no longer be offered and will be unavailable for existing users if you do not utilize these features before March 13, 2023. If you meet the criteria of an active user, disregard this announcement as you will not be impacted.

If you are interested in these features but haven’t had the chance to implement them within your environment, you’ll have the opportunity to do so through our Exposure Command  offering.

Schedule of Events

FAQ

What if I am actively using these features?

If you are actively using these features, support and sustaining updates will continue as normal.

How will I be identified as an active user?

To be identified as an active user, you must use these features before March 13, 2023 and meet the following criteria:

• CCA - an ICS instance has been provisioned and has one or more cloud connections configured
• Container Security - images have been assessed through manual assessment, a container in your environment has been correlated, a supported registry connection has been added, a Kubernetes monitor has been deployed, or you have a CI/CD plugin
• Built-in Automation Workflows - an orchestrator has been deployed, triggering an in-product workflow

What is Exposure Command?

Exposure Command is a Rapid7 offering that combines the power of complete attack surface visibility with high-fidelity risk context and insight into your organization’s security posture. Findings are aggregated from our native exposure detection capabilities for cloud and on-prem (including containers and Kubernetes) in addition to any third-party exposure and enrichment sources you already have in place.

For more information about Exposure Command, review our solution breakdown  and overview doc .

Who should I contact if I have more questions?

Reach out to your CSA with any additional questions.