Customers have told us that the Rapid7 platform is a “basket of products” also distracted by “word salad” and not the unified security platform they expect. Product unification will provide the backbone to a unified platform experience.

Agent groups is a project that became part of this unification effort through adapting the new Object Oriented UX (OOUX) model and establishing patterns for group creation and how users apply and manage default / custom policies.

Agents are small pieces of software installed on computers, servers, or devices to help monitor and protect them.

Customers need the following to manage agents, but initially didn't have them:
‍
- Deployment and installation: Clear, guided workflows for installing agents across environments
- Visibility into Agent Status: Centralised table showing all agent with visible statuses
- Organisation & Grouping: Bulk actions, filtering and tagging
- Policy & Control Assignment: Clear UI for assigning policies at both group and agent levels
- Reporting & Alerting: Visual dashboards for agent coverage and health trends

I carried out the full end to end design process.

To better understand what users need, I created user journeys so that I could identify gaps and opportunities. As agents are a data collector, it was important to investigate how agents differed from other data collectors, and identify the best approach to unifying them.

Competitors were providing more flexibility through the UI, for example:

CrowdStrike
- Dynamic sensor groups auto-update based on tags, OS, or attributes.
- Hierarchical policies with inheritance and overrides.
- Tag-based organisation (business unit, location, function).
- Real-time updates- agent state changes re-evaluate group membership.
- Rich visibility into duplicates, status, and conflicts.

SentinelOne
- Dynamic groups formed by filters (e.g., OS, region, environment).
- Auto-assignment- new agents join groups automatically.
- Policy-by-group flexibility; each group can have unique configurations.
- API and extension support for external integrations.
- Tagging and metadata simplify organisation and targeting.

Tenable
- Asset groups can be static or dynamic (rule-based by IP, tag, plugin results).
- Tag-based organisation across environments (cloud, on-prem).
- Dynamic tagging engine: assets auto-update group membership via metadata (e.g., OS, hostname, vulnerability).
- Role-based targeting- policies by asset type, business unit, or risk score.
- APIs allow integration-driven group updates and automation.

Consolidating the use cases and user stories helped define the clear role agents play as part of data collection, and helped me to better understand the personas I needed to cater to.

I conducted sessions with 7 of our top customers to better understand their needs in agent management, as well as get their thoughts on new patterns we are testing as part of the new, unified platform strategy.

1. Navigation & Information Architecture
- Discoverability: Users often lose track of existing data or assets and expect a single, unified view of collectors, agents, and groups.
- Mental model: KPI cards are seen as filters, not summaries- users expect dynamic updates when clicking.
- Efficiency: Desire to take multiple actions (filter, group, apply settings) from one consolidated table instead of separate modals/pages.
-Data richness: Requests for more KPIs (e.g., errors, installation status) highlight a need for real-time, high-level awareness.
‍UX Insight: Create a single “source of truth” page with contextual filters tied to KPIs, ensuring dashboards show live, actionable system states.

2. Agents & Identity
- Duplicate/conflicting identities: Cause confusion; unclear how they’re created or resolved.
- Idle agents: Users expect clear guidance or recommended fixes.
- Identifiers: Host name and OS are more intuitive than agent ID.
- Filtering: OS filtering is tedious — users want broader, smarter categories (e.g., Windows, macOS, Linux).
‍UX Insight: Clarify identity logic, flag duplicates or stale agents, and add intelligent filters with automated idle-agent detection and suggested actions.

‍3. Error Handling & Support Workflow
- Unclear ownership: Users can’t tell which component (e.g., IDR, IVM, network) an error belongs to.
- Context missing: Error messages lack clarity and relevance; users want to understand what it means and what to do next.
- Inefficient support loop: Manually downloading and sending logs slows resolution; logs often disappear once the issue clears.
- Desired behaviour: Automatic log collection, persistent error history, clear severity/status (active, resolved, network-related), and AI-assisted summaries to speed triage.
‍UX Insight: Redesign error messages with contextual clarity (component + cause + next step). Enable auto log collection and classification, with filters for source type and resolution state.

‍4. Groups & Tagging
- Groups = functional organization, not just technical grouping.Users want agents to belong to multiple groups (e.g., OS, department, geography) and still maintain predictable policy inheritance.
- Default group is valued:  users want a safe baseline, not agents floating unassigned.
- Tagging is seen as a complementary layer: lightweight, flexible, cross-platform. Tags should be properties, not objects, and propagate across products (shared taxonomy).
‍UX Insight: Support multi-group membership with clear visual inheritance hierarchy (org → group → agent). Combine tags and groups: groups for control, tags for filtering and reporting.

‍5. Policies / Controls
- Terminology: “Controls” feels misaligned as users expect “Policies,” consistent with industry terms.
- Visibility: Hidden or overridden policies frustrate users; they need clarity on precedence and impact.
- Scalability: Large orgs want policy application by business unit, role, or region.
- Unified view: Prefer managing all policies within the Agents area, not separate screens.
‍UX Insight: Rename “Controls” to “Policies” and create a transparent, hierarchical policy system with clear inheritance and business-level views.

‍6. Installation & Deployment
- Users encounter fragmented deployment paths (Armor360, EP, etc.) and want a single installer per platform with selectable features.
- Expect deployment and update visibility in one place.
- Need ability to pause or throttle agents, not uninstall them, during maintenance.
‍UX Insight: Introduce unified installer workflows with feature toggles, visible install states, and a non-destructive pause function to preserve agent presence.