New

• We added a new component to the Insight Agent called the Endpoint Broker to support the upcoming Policy collection features of the Insight Agent. The Endpoint Broker relays messages between the Rapid7 Platform and various Insight Agent components that run on the endpoint. The Endpoint Broker runs under a separate process called rapid7_endpoint_broker.exe. Not all users will have access to the Endpoint Broker because it is intended to be deployed in phases. Refer to How the Insight Agent Works  for more information.
• We updated the Insight Agent data collection on Windows to support Patch Tuesday vulnerability checks for May 2022 and June 2022.
• We added fingerprinting for VMware Horizon Client for Linux, Windows, and macOS.

Improved

• We improved Events Monitor to make it easier to maintain and to add new features in the future.
• We improved the fingerprinting of the Insight Agent to detect its active version.
• The following file system types are now excluded from Insight Agent assessments:
  • AFS
  • SECFS2
  • PANFS
• The Insight Agent now excludes certain backup directories, as well as the /var/lib/docker directory, from agent assessments. This fixes an issue where agent assessments of some Unix and macOS assets could take longer than expected time.
• Users now receive a job.status.warning alert when no PROCESS_START events are captured within the past collection interval for Linux agents running in auditd compatibility mode.

Fixed

• Remote execution jobs on Windows are no longer prevented from detecting vulnerable Log4j files containing the $ character.
• We uplifted the Cryptography library to address a timing attack vulnerability.
• Files mentioned in logging.json can now be manipulated without the agent restarting.
• An issue where the Insight Agent and other software were unable to be correctly fingerprinted during assessments has been fixed.