Here at Rapid7, we’re pretty proud of the work that goes into keeping InsightVM a leader in the vulnerability risk management space. We’re constantly investing in and improving InsightVM capabilities so our customers have no trouble seeing and proving value. That said, here’s our roundup of the new and improved features we’ve updated in Q4.
[NEW] Fewer false alarms and faster reporting with InsightVM’s new false positive investigation tool
You can now investigate vulnerability findings as potential false positives directly from your Security Console. If your investigation determines that the finding could indeed be a false positive, you can send the results to Rapid7 for analysis with just one click. For more details, see our help documentation and blog post.
[NEW] Improvements made to the Goals and SLAs wizard
We’re excited to announce that creating a goal or SLA in InsightVM just became a lot simpler. Instead of following a four-step process, we’ve gotten it down to three: use, sort, and define your data, establish the conditions you want to meet, and save your goal using our three-step wizard. This new context-sensitive workflow allows you to create meaningful goals faster and with fewer steps. For more details, see our help documentation and blog post.
[NEW] Creation of Insight Platform accounts for non-admin users
The Rapid7 Insight platform provides data collection, visibility, analytics, and automation to establish a shared point of view between security, IT operations, and DevOps teams. Insight platform accounts are now available for non-admin users of InsightVM. This allows access to InsightVM through insight.rapid7.com. To complete the activation process, check out our help documentation. At the conclusion of this activation process, your Insight account will be used to authenticate your access to InsightVM’s cloud capabilities.
[IMPROVED] More dashboard controls for admins
Administrators now have full visibility on all user-created dashboards in their organization and can delete them if necessary. Simply navigate to the Dashboard Library to see a list of InsightVM dashboards created by other users. The ability for Admins to now delete user-created dashboards eases the pain of managing dashboards across the organization. This is especially beneficial for if an employee leaves - you’ll now have an easy way to manage/remove orphaned dashboards. For more information on managing dashboards in InsightVM, see our help documentation.
[NEW] New Snyk vulnerability content for container assessment
We know many development teams these days are taking advantage of containerized software applications that may contain all of the necessary code, runtime, system tools, and libraries needed to run an application. Despite the benefits of efficiency from a development standpoint, containers may present risks that are often difficult for security teams to identify. This can be attributed to multiple factors, including how fast things change in containerized environments and the types of packages found within these environments.
InsightVM now integrates with Snyk, a leading provider of software composition analysis (SCA) in containerized applications. Snyk provides deep visibility into Open Source Software (OSS) vulnerabilities. With this new integration, InsightVM can consume Java vulnerability content from Snyk Intel Vulnerability DB. No customer action is needed to leverage this integration. Behind the scenes, InsightVM is consuming content from Snyk, building vulnerability checks around this content, and delivering it as checks within the Container Security feature in InsightVM. For more details, see our blog post.
[NEW] Scope and schedule reports with the new report creation wizard
We’ve made it easier to collect, analyze, and report InsightVM data all in one place. Using our Report Creation Wizard powered by Query Builder, you can create customized reports and opt to run recurring reports on a schedule. You can share directly with stakeholders to help you communicate about your work and gain insight into your organization’s vulnerability management program. For more information, see our help documentation.
[NEW] Audit logging for Custom Policy Builder
As organizations continue to harden their policies through customizations, it becomes extremely important to keep track of all these changes, because these customizations may significantly impact an organization’s overall compliance. You can now configure Custom Policy Builder to send audit logs that capture every policy update implemented by your users. These audit logs record which changes were made to a policy, when those changes were applied, and who was responsible for them. Use this new functionality to allow another user or an auditor to view the change history of any policy when needed. For more details, see our help documentation and blog post.