How to request vulnerability coverage
Copy link

Rapid7 endeavors to release vulnerability content on a daily basis and responds to emergent threats as a matter of priority. The latest information about emergent threats is published on the Rapid7 blog at www.rapid7.com/blog/tag/emergent-threat-response/.

If you are concerned that a specific vulnerability is not covered by Rapid7, you can submit a vulnerability coverage request.

ℹ️

Some coverage limitations may apply

All customer requests for vulnerability coverage are managed as feature requests. While Rapid7 does its best to address gaps in coverage, we may not be able to provide coverage for every feature request.

Before you request vulnerability coverage, you must ensure there isn’t coverage already in place. By completing a search in advance of making a request, you can help to reduce the time it takes for Rapid7 Support to process genuine and urgent requests.

To find existing vulnerability coverage:

If the coverage you require is not listed in the above resources, then you can open a case to request coverage.

To request coverage:

  1. From the Command Platform home page, click Help in the top menu.
  2. Select Create a support case or idea.
  3. Log into Salesforce with single sign-on (SSO).
  4. Click Create a Case / Idea.
  5. Complete the required fields:
    • Product: Select InsightVM.
    • Urgency: Select one of the available options.
    • Impact: Select one of the available options.
    • Subject: Enter a summary of the request.
    • Description: Enter a description of the coverage you require, including links to the vendor advisory where available.
    • Timezone: Select your timezone.
  6. Click Submit.

Example of a coverage request
Copy link

Case Information Product: InsightVM Urgency: Medium Impact: Medium

Description Information Subject: Coverage request for CVE-1234-5678 on [product name] Description: Requesting coverage for CVE-1234-5678 on [product name] from [vendor name]. Here are links to the NVD advisory[https://URL1] and the Vendor Specific Advisory[https://URL2].

I have searched for this CVE in the vulnerability checks in the Security Console and I believe this is a gap in coverage that should be addressed.

Additional Information Timezone: (GMT-04:00) Eastern Daylight Time (America/New_York)