Agent-Based CIS Policies Not Being Maintained

matt_8 · October 1, 2024, 4:27pm

Seeing an alarming trend of agent-based CIS policies not being updated in InsightVM and was curious if this feature is planned to be maintained in an ongoing basis.

This is a relatively newer feature and has potential to be great, but Rapid7 has not been maintaining the updates to CIS policies. In fact, I am not sure if any are up to date at least in the Microsoft world.

For example,

Google Chrome’s CIS policies are only version 2.1 in InsightVM - 3.0 was released on Jan 29, 2024.
Microsoft Edge’s latest CIS policies are version 2.0, 3.0 was released on July 19, 2024
Windows 11 CIS Enterprise is 2.0 - 3.0 was released on Feb 22, 2024.
Windows 11 CIS Stand-alone is still on 1.0 (!), 3.0 was released on May 24, 2024 and 2.0 was released on Oct 20, 2023
Windows 11 InTune is on 1.0(!), 3.0.1 was released on March 1 2024, 3.0 on Feb 23, 2024, and 2.0 was released on Oct 20, 2023,
Windows 10 same deal…

Harrison · October 1, 2024, 4:56pm

I have encountered this same problem. We had to stop using InsightVM to do compliance assessments and switch to CIS cat pro.

sgroeneveld · October 7, 2024, 12:07pm

Yes I think I was able to find Debian 10 while we are at Deb12 now

Scared_of_AI · October 14, 2024, 2:14pm

They only update them when enough of their customers put a request for it. I think this module of Insight VM is perhaps not used by many customers, so R7 may have axed the dept last year when they did their 10% workforce reduction

chris_page · October 21, 2024, 10:38am

we had to give up on agent based cis scans, they were reporting on the wrong registry key, and have no intention of fixing it.

not overly impressed