March 2026 Release Notes
Copy link

The Command Platform release notes include information about what’s new, which are updated monthly, and improvements and fixes, which are updated weekly.

ℹ️

Last updated: March 16th, 2026

What’s New
Copy link

Learn about new features across the Command Platform. These features were released over the past month and are available now:

Administration
Copy link

Administration focuses on refining platform controls, improving governance, and enhancing operational visibility across environments.

Add threshold controls for destructive bots
Copy link

In Cloud Security, you can now configure threshold controls for Bots to reduce operational risk and improve governance across your cloud service provider (CSP) environments.

Previously, limited bot controls and a lack of centralized performance data made it difficult to prevent unintended disruptions. Without granular stop or pause rules, organizations were exposed to potential CSP outages or destructive bot behavior.

With this capability in Cloud Security > Bot Factory, you can:

  • Configure user-defined rules to automatically stop Bot runs when thresholds are met.
  • Receive notifications when Bots exceed defined thresholds.
  • View event and threshold details directly on the new Bot Runs page for improved visibility.
  • Gain greater control over your environment and protect it from CSP outages.

Top of page

Threat
Copy link

A threat is any potential event or action that could exploit vulnerabilities in a system, causing harm to assets, data, or operations.

Correlate endpoint authentication events with a unique asset identifier
Copy link

Asset authentication logs from the Rapid7 Agent now include a unique asset identifier, r7_hostid. This enhancement allows you to correlate asset authentication events with related endpoint activity (such as process start, Sysmon, and other logs within the endpoint_activity log set). This improves alert triage and accelerates investigations.

With this update in Log Search, you can:

  • Correlate asset authentication events with endpoint activity using the r7_hostid key.
  • Trace user authentication activity across process execution and system events.
  • Streamline investigations by linking authentication data with broader endpoint telemetry.
  • Improve alert triage with more complete asset context.

Top of page

Gain instant context with AI Log Entry Summary
Copy link

AI Log Entry Summary uses AI to interpret and condense individual log lines into a clear summary of who, what, when, where, and why. This helps you quickly understand search results without decoding complex log syntax. With AI Log Entry Summary, you can focus on analysis instead of manual interpretation of raw logs.

With this capability in Log Search, you can:

  • Summarize verbose log lines in seconds.
  • Identify potential threats faster across any vendor source.
  • Accelerate triage and investigations.
  • Make faster, more informed security decisions.

Top of page

Risk
Copy link

Risk is the potential for loss or damage to your assets, operations, or reputation, due to vulnerabilities being exploited by a bad actor.

Access Remediation Data with the Bulk Export API
Copy link

Analyze remediation progress and SLA compliance by exporting remediation metadata through the Bulk Data Export API. This feature allows you to centralize security reporting in your Business Intelligence tools, supporting you to make data-driven decisions.

With this feature in Vulnerability Management (InsightVM), you can:

  • Export up to 3 months of remediation data to support operational and compliance reporting.
  • Access full resolution logic per vulnerability instance for accurate tracking and validation.
  • Analyze historical remediation trends for up to 13 months to measure long-term progress.
  • Track remediation progress and SLA adherence using data in your own analytics environment.

Top of page

Improvements and Fixes
Copy link

Keep track of improvements and fixes to core technology.

Application Security (InsightAppSec) and AppSpider
Copy link

No updates released at this time.

Top of page

Attack Surface Management (Surface Command)
Copy link

No updates released at this time.

Top of page

Cloud Security (InsightCloudSec)
Copy link

Release availability for self-hosted users

Release version 26.3.17 will be available for self-hosted customers on March 26th. Users will be able to download that version from the following locations:

  • Terraform deployments: Public S3 bucket . Modules can be updated with the terraform get -update command.
  • Amazon Elastic Container Repository (ECR) deployments: You can obtain the ECR build images for this version from the InsightCloudSec ECR Gallery 

Version 26.3.17
Copy link

Software release date: March 17, 2026 | Release notes published: March 16, 2026

Important

  • Release schedule update: There will be no release for version 26.3.24. The next release will be version 26.3.31, scheduled for March 31, 2026.
  • Upcoming change in the next release 26.3.31: Google Cloud Platform (GCP) organization-managed account names will automatically stay synchronized with their corresponding GCP accounts. Previously, GCP account names updated only when credentials changed. This update aligns GCP behavior with AWS and Azure organization-managed accounts.

Deprecations

  • Web App Without Vnet Image Pull Enabled: This insight has been deprecated and is scheduled for removal in September 2026. Use App Service App Without Vnet Content Sharing and Image Pull Enabled instead.
  • App Service App Not Enforcing Client Certificate Validation: This insight has been deprecated and is scheduled for removal in September 2026. Use App Service App Does Not Require Client Certificate Authentication instead.

Improved

  • SQLAlchemy errors now include a correlation ID to help Support teams troubleshoot issues more efficiently.
  • Updated the width of Microsoft Teams cards for supported bot actions to improve user experience.

New Insights

  • Storage Account with Blob Soft Delete Insufficient Retention Period: Identifies storage accounts with blob soft delete retention periods that do not meet recommended security standards. Coverage Level: Full. Insight ID: 2522.

Updated Insights

  • Web App Allowing a Configuration State of All Allowed: Renamed to App Service App Allowing a Configuration State of All Allowed.
  • Web App Without Vnet Content Sharing Enabled: Renamed to App Service Deployment Slot Not Routed Through VNet Integration. The supported resource types have been updated to only support app service apps to align with recent changes in Azure App Service resource display.

Fixed

  • Fixed a minor bug surrounding data deletion for IaC scan configurations.
  • Fixed an issue where filtering instance resources on agent types produced a 500 error.
  • Fixed a bug where misconfiguration report generation sometimes failed when selecting two insight packs.

Version 26.3.10
Copy link

Software release date: March 10, 2026 | Release notes published: March 9, 2026

Improved

  • Compliance Summary Charts: Updated color mapping in time series charts on the Compliance Summary page for improved visual clarity.
  • GCP Recommendations:
    • Now expose new attribute Recommender Type for enhanced categorization.
    • Added direct link support for easier navigation to specific recommendations.
  • EDH Tag Support: Extended EDH tag support for AWS resources from the following services:
    • Sagemaker
    • EMR
    • MQ
  • OCI ServiceUsers: Extended support for OCI ServiceUsers in both IAM and Identity Domain configurations.

New Insights

  • Recovery Services Vault Without Cross Region Restore Enabled: Identifies Recovery Services Vaults that do not have cross-region restore enabled. This insight is mapped to CIS Azure Storage Services Benchmark v1.0.0 Recommendation 5.2.6.
  • Recovery Services Vault Without CMK Encryption: Identifies Recovery Services Vaults that do not use Customer Managed Key (CMK) encryption. This insight is mapped to CIS Azure Storage Services Benchmark v1.0.0 Recommendation 5.2.3.
  • Recovery Services Vault Without Immutability Enabled: Identifies Recovery Services Vaults that do not have immutability enabled. This insight is mapped to CIS Azure Storage Services Benchmark v1.0.0 Recommendation 5.2.2.
  • Azure Backup Vaults Without Soft Delete Enabled: Identifies Azure Backup Vaults that do not have soft delete protection enabled.

New Query Filters

  • Recovery Services Vault Without Cross Region Restore Enabled: Identifies Recovery Services Vaults based on cross-region restore configuration.
  • Recovery Services Vault Without CMK Encryption: Identifies Recovery Services Vaults without Customer Managed Key encryption.
  • Recovery Services Vault Has Immutability State: Identifies Recovery Services Vaults based on immutability state configuration.
  • Azure Backup Vault Without Soft Delete Enabled: Identifies Azure Backup Vaults without soft delete protection.

Updated Query Filters

  • Resource Encrypted With Cloud Managed Key: Added support for MemoryDB resources to enhance encryption coverage.

Fixed

  • Fixed an issue in bot error handling when bots encounter problems filtering resources, improving bot reliability and error reporting.
  • Fixed an issue where the bot action Set Load Balancer SSL Policy Of Listener (AWS) failed to apply user-defined input ports to ALB resources and instead defaulted to port 443. The action now correctly applies specified ports.
  • Fixed an issue where icons were broken in Monaco Editor. Updated CSP to allow data: sources for loading fonts, improving page loading performance.

Version 26.3.3
Copy link

Software release date: March 3, 2026 | Release notes published: March 2, 2026

Important

  • Upcoming change – GCP org-managed account name synchronization: Starting with release 26.3.31 GCP org-managed account names will automatically stay in sync with their corresponding Google Cloud Platform. Previously, GCP account names only updated when credentials changed. This update aligns GCP behavior with AWS and Azure org-managed accounts.

Improved

  • Bots Enhancements: The Bot Execution Threshold and Bot Runs features are now enabled for all customers running version 26.3.3 and later.
  • Oracle (OCI) Onboarding: Updated onboarding experience to include an Onboarding script option for Oracle (OCI) within the Add Cloud flow.
  • EDH Deployment: Added pre-flight checks to the EDH deployment and undeployment endpoints to ensure cloud credentials are validated and can interact with the Azure Subscription.

New Insights

  • Storage Account Without Geo-Redundant Storage (GRS): Identifies storage accounts that lack geo-redundant storage configuration.
  • Recovery Services Vault Without Soft Delete Enabled: Identifies Recovery Services Vaults that do not have soft delete enabled. The insight is mapped to CIS Azure Storage Services Benchmark v1.0.0 Recommendation 5.2.1.
  • Timestream Database Without Audit Logging: Identifies Amazon Timestream databases without audit logging enabled. The insight is mapped to CIS AWS Database Benchmark v2.0.0 (Section 10.6).
  • App Service Environment Without Internal Encryption Enabled: Identifies App Service Environments that do not have internal encryption enabled.
  • App Service Environment Not Provisioned With ASEV3: Checks if an App Service Environment is provisioned with ASEV3.
  • Function App Deployment Slot Traffic Not Routed Through VNet Integration: Identifies function app deployment slots without vnet routing enabled for all outbound traffic. Function App Deployment Slot resource type is moved from “Web App Without Vnet Routing Enabled” insight to this one.
  • Function App Traffic Not Routed Through VNet Integration: Identifies function apps that don’t route all outbound traffic through VNet integration. Additionally, theFunction App resource type was moved from “Web App Without Vnet Routing Enabled” insight to this one.
  • App Service Deployment Slot Traffic Not Routed Through VNet Integration: Identifies app service deployment slots without vnet routing enabled for all outbound traffic. App Service Deployment Slot was moved from “App Service App Without Vnet Routing Enabled” insight to this one.

Updated Insights

  • Function App Without Virtual Network Integrated: Renamed to Function App Without Virtual Network Integration.
  • Web App Without Vnet Routing Enabled: Renamed to App Service App Traffic Not Routed Through VNet Integration. We also updated the Overview and CIS Recommended Remediation Steps.

New Query Filters

  • Recovery Services Vault Has Soft Delete State: Identifies Recovery Services Vaults based on soft delete state configuration.
  • Recovery Services Vault Has Enhanced Security State: Identifies Recovery Services Vaults with enhanced security state settings.
  • Recovery Services Vault Has Soft Delete Disabled For Any Workload: Identifies Recovery Services Vaults with soft delete disabled for any workload.
  • App Service Environment Without Internal Encryption Enabled: Identifies App Service Environments without internal encryption enabled.
  • App Service Environment Not Provisioned With ASEV3: Checks if an App Service Environment is provisioned with ASEV3.

Updated Query Filters

  • Web App Without Virtual Network Integration: Renamed to App Service Resources Without Virtual Network Integration. You can now also use this filter to find all App Services with VNet integration enabled..

Fixed

  • Fixed an issue where a default date range was applied to the Scheduled Events page when linked from the Bots page. This could hide failures for the selected bot. The page now loads without a default date range.
  • Fixed an issue where badge scoping was not correctly applied to misconfiguration identified by insights.
  • Fixed an issue where updating Azure firewall rules and running the harvester didn’t update the “Network Access” display. Firewall rule changes now update correctly.

Release of Kubernetes Scanner v5.0.0

  • This release introduces a significant architectural update, transitioning the scanner from a CronJob to a persistent Service. This shift enables enhanced capabilities and allows for more real-time scanning and data processing. To find out more refer to our documentation https://docs.rapid7.com/insightcloudsec/kubernetes-local-scanner/  Internal components and their versions are in the chart value file. You can easily view the data using the following command: helm show values <chart name> | grep -E 'Name:|Version:' and update to new version using helm upgrade --install command referenced in Kubernetes Scanner documentation.

Top of page

Mimics Infrastructure as Code (IaC) Scanning Tool
Copy link

No updates released at this time.

Top of page

SIEM (InsightIDR)
Copy link

No updates released at this time.

Fixed:

  • Fixed an issue where Microsoft Sentinel investigations were not automatically attributing actors despite correct user attribution in SIEM (InsightIDR).

Top of page

InsightVM
Copy link

Version 8.39.0
Copy link

Software release date: Mar 16, 2026 | Release notes published: Mar 12, 2026

New:

  • Added fingerprinting support for Huawei Versatile Routing Platform (VRP), improving detection accuracy and asset identification for environments using Huawei VRP.

Improved:

  • Tag-based credential restrictions. The previous limitation restricting tag-based credential scoping to the first 1,000 tags has been removed. All available tags can now be used to scope scan credentials, providing greater flexibility and control.
  • Improved scan performance when using custom scan templates. Newly created templates now default to optimized parameters, ensuring better performance without requiring manual configuration.
  • Resolved an issue that prevented the Spam Relay feature from being successfully disabled within scan templates. The setting now functions as expected.
  • Enhanced overall security posture by upgrading the Security Console’s Spring Framework to a more recent version.
  • Updated the default configuration parameters for custom scan templates:
    • Increased minimum packets-per-second rate from 450 to 2000.
    • Increased maximum assets scanned simultaneously per scan engine from 10 to 100.
    • This change applies only to new templates created in version 8.39.0 or later.

Version 8.38.0
Copy link

Software release date: Mar 9, 2026 | Release notes published: Mar 5, 2026

New:

  • The Scan Assistant communication protocol used with the Nexpose scan engine has been upgraded to TLS 1.3, providing enhanced security and improved encryption standards for engine communication.
  • Added fingerprinting support for Check Point Security Gateways, improving detection accuracy for these devices.
  • Tag-Based Credential Restrictions. Scan credentials can now be restricted using asset tags, in addition to IP addresses and hostnames. Note: Tag-based restrictions are currently limited to the first 1,000 tags. This limitation will be removed in an upcoming release.
  • New Policy Content: Support has been added for the following versions of CIS and DISA STIG benchmarks to enable organizations to adhere to the latest security best practices:

    • Linux:

      • CIS Debian Linux 13 Benchmark v1.0.0
      • CIS Rocky Linux 8 Benchmark v3.0.0
      • CIS Rocky Linux 10 Benchmark v1.0.0
      • DISA STIG Red Hat Enterprise Linux 8 v2R5

    • Microsoft Windows Server:

      • CIS Microsoft Windows Server 2025 Stand-alone v1.0.0
      • CIS Microsoft Windows 10 EMS Gateway Benchmark v3.0.0
      • DISA STIG Microsoft Windows Server 2019 Benchmark Version 3, Release 6

    • Apple macOS:

      • CIS Apple macOS 14.0 Sonoma Cloud Benchmark v1.1.0
      • CIS Apple macOS 12.0 Monterey Cloud-Tailored Benchmark v1.1.0
      • CIS Apple macOS 13.0 Ventura Benchmark v4.0.0
      • CIS Apple macOS 26 Tahoe Benchmark v1.0.0

    • Web Browsers:

      • CIS Microsoft Edge Benchmark v4.0.0

    • Databases:

      • CIS PostgreSQL 17 Benchmark v1.0.0

Improved:

  • Custom Document Report Templates. The Index of Vulnerabilities section is now grouped by status, with Unknown and Error vulnerabilities listed separately to improve report clarity and readability.
  • Resolved an issue affecting the CIS Microsoft Windows Server 2022 Level One – Member Server v3.0.0 benchmark. Policy evaluations now function as expected.
  • Resolved an issue affecting TDS service credential status reporting. Credential status now displays correctly in the UI.
  • Improved fingerprinting accuracy for Microsoft Office 2016.
  • Enhanced reliability of SNMP fingerprinting across various asset configurations.

Version 8.37.1
Copy link

Software release date: Mar 2, 2026 | Release notes published: Mar 2, 2026

Improved:

  • Version 8.37.1 addresses an issue identified in 8.37.0 that impacted some customers using the Scan Assistant feature. This release includes a targeted fix to ensure normal Scan Assistant functionality. Customers are advised to upgrade to 8.37.1 if they have not already done so.

Top of page

Nexpose
Copy link

Version 8.39.0
Copy link

Software release date: Mar 16, 2026 | Release notes published: Mar 12, 2026

New:

  • Added fingerprinting support for Huawei Versatile Routing Platform (VRP), improving detection accuracy and asset identification for environments using Huawei VRP.

Improved:

  • Tag-based credential restrictions. The previous limitation restricting tag-based credential scoping to the first 1,000 tags has been removed. All available tags can now be used to scope scan credentials, providing greater flexibility and control.
  • Improved scan performance when using custom scan templates. Newly created templates now default to optimized parameters, ensuring better performance without requiring manual configuration.
  • Resolved an issue that prevented the Spam Relay feature from being successfully disabled within scan templates. The setting now functions as expected.
  • Enhanced overall security posture by upgrading the Security Console’s Spring Framework to a more recent version.
  • Updated the default configuration parameters for custom scan templates:
    • Increased minimum packets-per-second rate from 450 to 2000.
    • Increased maximum assets scanned simultaneously per scan engine from 10 to 100.
    • This change applies only to new templates created in version 8.39.0 or later.

Version 8.38.0
Copy link

Software release date: Mar 9, 2026 | Release notes published: Mar 5, 2026

New:

  • The Scan Assistant communication protocol used with the Nexpose scan engine has been upgraded to TLS 1.3, providing enhanced security and improved encryption standards for engine communication.
  • Added fingerprinting support for Check Point Security Gateways, improving detection accuracy for these devices.
  • Tag-Based Credential Restrictions. Scan credentials can now be restricted using asset tags, in addition to IP addresses and hostnames. Note: Tag-based restrictions are currently limited to the first 1,000 tags. This limitation will be removed in an upcoming release.
  • New Policy Content: Support has been added for the following versions of CIS and DISA STIG benchmarks to enable organizations to adhere to the latest security best practices:

    • Linux:

      • CIS Debian Linux 13 Benchmark v1.0.0
      • CIS Rocky Linux 8 Benchmark v3.0.0
      • CIS Rocky Linux 10 Benchmark v1.0.0
      • DISA STIG Red Hat Enterprise Linux 8 v2R5

    • Microsoft Windows Server:

      • CIS Microsoft Windows Server 2025 Stand-alone v1.0.0
      • CIS Microsoft Windows 10 EMS Gateway Benchmark v3.0.0
      • DISA STIG Microsoft Windows Server 2019 Benchmark Version 3, Release 6

    • Apple macOS:

      • CIS Apple macOS 14.0 Sonoma Cloud Benchmark v1.1.0
      • CIS Apple macOS 12.0 Monterey Cloud-Tailored Benchmark v1.1.0
      • CIS Apple macOS 13.0 Ventura Benchmark v4.0.0
      • CIS Apple macOS 26 Tahoe Benchmark v1.0.0

    • Web Browsers:

      • CIS Microsoft Edge Benchmark v4.0.0

    • Databases:

      • CIS PostgreSQL 17 Benchmark v1.0.0

Improved:

  • Custom Document Report Templates. The Index of Vulnerabilities section is now grouped by status, with Unknown and Error vulnerabilities listed separately to improve report clarity and readability.
  • Resolved an issue affecting the CIS Microsoft Windows Server 2022 Level One – Member Server v3.0.0 benchmark. Policy evaluations now function as expected.
  • Resolved an issue affecting TDS service credential status reporting. Credential status now displays correctly in the UI.
  • Improved fingerprinting accuracy for Microsoft Office 2016.
  • Enhanced reliability of SNMP fingerprinting across various asset configurations.

Version 8.37.1
Copy link

Software release date: Mar 2, 2026 | Release notes published: Mar 2, 2026

Improved:

  • Version 8.37.1 addresses an issue identified in 8.37.0 that impacted some customers using the Scan Assistant feature. This release includes a targeted fix to ensure normal Scan Assistant functionality. Customers are advised to upgrade to 8.37.1 if they have not already done so.

Top of page

Digital Risk Protection (Threat Command)
Copy link

No updates released at this time.

Top of page

Rapid7 Agent
Copy link

No updates released at this time.

Top of page

Next-Generation Antivirus
Copy link

No updates released at this time.

Top of page

Ransomware Prevention
Copy link

No updates released at this time.

Top of page

Velociraptor
Copy link

No updates released at this time.

Top of page