Cloud Configuration Assessment, Container Security, and Built-in Automation Workflows change in feature availability announcement
Transitioning from Built-in Workflow Automation to Scalable, Integrated Solutions
As part of our continued commitment to evolving the InsightVM platform, the legacy built-in workflow automation feature was removed on Monday, June 30, 2025. This change paves the way for customers to adopt more flexible, powerful, and integrated automation through Exposure Command and InsightConnect—enabling you to orchestrate intelligent response actions across your security ecosystem.
Unlock Next-Level Automation with Supported Alternatives
To maintain and enhance your automation workflows, we recommend exploring the following supported extensions from the Rapid7 Extension Library :
-
Sensor Isolation
Automatically contain exposed or compromised assets.
Explore Sensor Isolation Extension › -
Cisco ISE Integration
Automate network access control actions via Cisco Identity Services Engine.
Explore Cisco ISE Extension › -
Palo Alto PAN-OS Integration
Dynamically enforce firewall rules in response to real-time risk signals.
Explore Palo Alto Extension ›
Why This Matters
This transition isn’t just about replacing functionality—it’s about expanding what’s possible. By leveraging InsightConnect and Exposure Command, you gain the ability to:
- Build scalable, cross-platform workflows
- Trigger actions based on real-time exposure data
- Orchestrate containment and remediation with greater precision
We encourage all customers to evaluate these supported options to continue driving security automation in a more modular, extensible way.
For questions or migration support, please reach out to your Customer Success Manager or visit Rapid7 Extensions .
Starting March 13, 2023, Rapid7 will make a change to the following features:
- Cloud Configuration Assessment (CCA)
- Container Security
- Built-in Automation Workflows - Automated Containment (Carbon Black, Cisco ISE, Palo Alto PAN-OS) and Automation-Assisted Patching (IBM BigFix, Microsoft SCCM)
These features will no longer be offered and will be unavailable for existing users if you do not utilize these features before March 13, 2023. If you meet the criteria of an active user, disregard this announcement as you will not be impacted.
If you are interested in these features but haven’t had the chance to implement them within your environment, you’ll have the opportunity to do so through our Exposure Command offering.
Schedule of Events
Date | Event |
---|---|
February 13, 2023 | Rapid7 announces that CCA, Container Security, and Built-in Automation Workflows will no longer be supported by InsightVM. |
March 13, 2023 | Rapid7 no longer offers CCA, Container Security, and Built-in Automation Workflows for prospective InsightVM customers, and ends support for non-active users of these features. Note: Support will continue for active users of these features. Additionally, these features are available in our Exposure Command offering. |
February 15, 2024 | Rapid7 announces that CCA is End-of-Life and will be removed from InsightVM. |
August 19, 2024 | Rapid7 announces that Container Security is End-of-Life and will be removed from InsightVM. |
March 5, 2025 | CCA is no longer available in InsightVM. |
March 5, 2025 | Container Security is no longer available in InsightVM. |
June 30, 2025 | Workflow automation is no longer available in InsightVM. |
FAQ
What if I am actively using these features?
If you are actively using these features, support and sustaining updates will continue as normal.
How will I be identified as an active user?
To be identified as an active user, you must use these features before March 13, 2023 and meet the following criteria:
- CCA - an ICS instance has been provisioned and has one or more cloud connections configured
- Container Security - images have been assessed through manual assessment, a container in your environment has been correlated, a supported registry connection has been added, a Kubernetes monitor has been deployed, or you have a CI/CD plugin
- Built-in Automation Workflows - an orchestrator has been deployed, triggering an in-product workflow
What is Exposure Command?
Exposure Command is a Rapid7 offering that combines the power of complete attack surface visibility with high-fidelity risk context and insight into your organization’s security posture. Findings are aggregated from our native exposure detection capabilities for cloud and on-prem (including containers and Kubernetes) in addition to any third-party exposure and enrichment sources you already have in place.
For more information about Exposure Command, review our solution breakdown and overview doc .
Who should I contact if I have more questions?
Reach out to your CSA with any additional questions.