March 2026 Release Notes
Copy link

The Command Platform release notes include information about what’s new, which are updated monthly, and improvements and fixes, which are updated weekly.

ℹ️

Last updated: March 2nd, 2026

What’s New
Copy link

Learn about new features across the Command Platform. These features were released over the past month and are available now:

Administration
Copy link

Administration focuses on refining platform controls, improving governance, and enhancing operational visibility across environments.

Add threshold controls for destructive bots
Copy link

In Cloud Security, you can now configure threshold controls for Bots to reduce operational risk and improve governance across your cloud service provider (CSP) environments.

Previously, limited bot controls and a lack of centralized performance data made it difficult to prevent unintended disruptions. Without granular stop or pause rules, organizations were exposed to potential CSP outages or destructive bot behavior.

With this capability in Cloud Security > Bot Factory, you can:

  • Configure user-defined rules to automatically stop Bot runs when thresholds are met.
  • Receive notifications when Bots exceed defined thresholds.
  • View event and threshold details directly on the new Bot Runs page for improved visibility.
  • Gain greater control over your environment and protect it from CSP outages.

Top of page

Threat
Copy link

A threat is any potential event or action that could exploit vulnerabilities in a system, causing harm to assets, data, or operations.

Correlate endpoint authentication events with a unique asset identifier
Copy link

Asset authentication logs from the Rapid7 Agent now include a unique asset identifier, r7_hostid. This enhancement allows you to correlate asset authentication events with related endpoint activity (such as process start, Sysmon, and other logs within the endpoint_activity log set). This improves alert triage and accelerates investigations.

With this update in Log Search, you can:

  • Correlate asset authentication events with endpoint activity using the r7_hostid key.
  • Trace user authentication activity across process execution and system events.
  • Streamline investigations by linking authentication data with broader endpoint telemetry.
  • Improve alert triage with more complete asset context.

Top of page

Gain instant context with AI Log Entry Summary
Copy link

AI Log Entry Summary uses AI to interpret and condense individual log lines into a clear summary of who, what, when, where, and why. This helps you quickly understand search results without decoding complex log syntax. With AI Log Entry Summary, you can focus on analysis instead of manual interpretation of raw logs.

With this capability in Log Search, you can:

  • Summarize verbose log lines in seconds.
  • Identify potential threats faster across any vendor source.
  • Accelerate triage and investigations.
  • Make faster, more informed security decisions.

Top of page

Risk
Copy link

Risk is the potential for loss or damage to your assets, operations, or reputation, due to vulnerabilities being exploited by a bad actor.

Access Remediation Data with the Bulk Export API
Copy link

Analyze remediation progress and SLA compliance by exporting remediation metadata through the Bulk Data Export API. This feature allows you to centralize security reporting in your Business Intelligence tools, supporting you to make data-driven decisions.

With this feature in Vulnerability Management (InsightVM), you can:

  • Export up to 3 months of remediation data to support operational and compliance reporting.
  • Access full resolution logic per vulnerability instance for accurate tracking and validation.
  • Analyze historical remediation trends for up to 13 months to measure long-term progress.
  • Track remediation progress and SLA adherence using data in your own analytics environment.

Top of page

Improvements and Fixes
Copy link

Keep track of improvements and fixes to core technology.

Application Security (InsightAppSec) and AppSpider
Copy link

No updates released at this time.

Top of page

Cloud Security (InsightCloudSec)
Copy link

Release availability for self-hosted users

Self-hosted users are able to download the latest version usually 4 business days after SaaS users are upgraded from the following locations:

  • Terraform deployments: Public S3 bucket . Modules can be updated with the terraform get -update command.
  • Amazon Elastic Container Repository (ECR) deployments: You can obtain the ECR build images for this version from the InsightCloudSec ECR Gallery 

Version 26.3.3
Copy link

Software release date: March 3, 2026 | Release notes published: March 2, 2026

Important

  • Upcoming change – GCP org-managed account name synchronization: Starting with release 26.3.31 GCP org-managed account names will automatically stay in sync with their corresponding Google Cloud Platform. Previously, GCP account names only updated when credentials changed. This update aligns GCP behavior with AWS and Azure org-managed accounts.

Improved

  • Bots Enhancements: The Bot Execution Threshold and Bot Runs features are now enabled for all customers running version 26.3.3 and later.
  • Oracle (OCI) Onboarding: Updated onboarding experience to include an Onboarding script option for Oracle (OCI) within the Add Cloud flow.
  • EDH Deployment: Added pre-flight checks to the EDH deployment and undeployment endpoints to ensure cloud credentials are validated and can interact with the Azure Subscription.

New Insights

  • Storage Account Without Geo-Redundant Storage (GRS): Identifies storage accounts that lack geo-redundant storage configuration.
  • Recovery Services Vault Without Soft Delete Enabled: Identifies Recovery Services Vaults that do not have soft delete enabled. The insight is mapped to CIS Azure Storage Services Benchmark v1.0.0 Recommendation 5.2.1.
  • Timestream Database Without Audit Logging: Identifies Amazon Timestream databases without audit logging enabled. The insight is mapped to CIS AWS Database Benchmark v2.0.0 (Section 10.6).
  • App Service Environment Without Internal Encryption Enabled: Identifies App Service Environments that do not have internal encryption enabled.
  • App Service Environment Not Provisioned With ASEV3: Checks if an App Service Environment is provisioned with ASEV3.
  • Function App Deployment Slot Traffic Not Routed Through VNet Integration: Identifies function app deployment slots without vnet routing enabled for all outbound traffic. Function App Deployment Slot resource type is moved from “Web App Without Vnet Routing Enabled” insight to this one.
  • Function App Traffic Not Routed Through VNet Integration: Identifies function apps that don’t route all outbound traffic through VNet integration. Additionally, theFunction App resource type was moved from “Web App Without Vnet Routing Enabled” insight to this one.
  • App Service Deployment Slot Traffic Not Routed Through VNet Integration: Identifies app service deployment slots without vnet routing enabled for all outbound traffic. App Service Deployment Slot was moved from “App Service App Without Vnet Routing Enabled” insight to this one.

Updated Insights

  • Function App Without Virtual Network Integrated: Renamed to Function App Without Virtual Network Integration.
  • Web App Without Vnet Routing Enabled: Renamed to App Service App Traffic Not Routed Through VNet Integration. We also updated the Overview and CIS Recommended Remediation Steps.

New Query Filters

  • Recovery Services Vault Has Soft Delete State: Identifies Recovery Services Vaults based on soft delete state configuration.
  • Recovery Services Vault Has Enhanced Security State: Identifies Recovery Services Vaults with enhanced security state settings.
  • Recovery Services Vault Has Soft Delete Disabled For Any Workload: Identifies Recovery Services Vaults with soft delete disabled for any workload.
  • App Service Environment Without Internal Encryption Enabled: Identifies App Service Environments without internal encryption enabled.
  • App Service Environment Not Provisioned With ASEV3: Checks if an App Service Environment is provisioned with ASEV3.

Updated Query Filters

  • Web App Without Virtual Network Integration: Renamed to App Service Resources Without Virtual Network Integration. You can now also use this filter to find all App Services with VNet integration enabled..

Fixed

  • Fixed an issue where a default date range was applied to the Scheduled Events page when linked from the Bots page. This could hide failures for the selected bot. The page now loads without a default date range.
  • Fixed an issue where badge scoping was not correctly applied to misconfiguration identified by insights.
  • Fixed an issue where updating Azure firewall rules and running the harvester didn’t update the “Network Access” display. Firewall rule changes now update correctly.

Release of Kubernetes Scanner v5.0.0

  • This release introduces a significant architectural update, transitioning the scanner from a CronJob to a persistent Service. This shift enables enhanced capabilities and allows for more real-time scanning and data processing. To find out more refer to our documentation https://docs.rapid7.com/insightcloudsec/kubernetes-local-scanner/  Internal components and their versions are in the chart value file. You can easily view the data using the following command: helm show values <chart name> | grep -E 'Name:|Version:' and update to new version using helm upgrade --install command referenced in Kubernetes Scanner documentation.

Top of page

Mimics Infrastructure as Code (IaC) Scanning Tool
Copy link

No updates released at this time.

Top of page

SIEM (InsightIDR)
Copy link

No updates released at this time.

Fixed:

  • Fixed an issue where Microsoft Sentinel investigations were not automatically attributing actors despite correct user attribution in SIEM (InsightIDR).

Top of page

InsightVM
Copy link

Version 8.37.1
Copy link

Software release date: Mar 2, 2026 | Release notes published: Mar 2, 2026

Improved:

  • Version 8.37.1 addresses an issue identified in 8.37.0 that impacted some customers using the Scan Assistant feature. This release includes a targeted fix to ensure normal Scan Assistant functionality. Customers are advised to upgrade to 8.37.1 if they have not already done so.

Top of page

Nexpose
Copy link

Version 8.37.1
Copy link

Software release date: Mar 2, 2026 | Release notes published: Mar 2, 2026

Improved:

  • Version 8.37.1 addresses an issue identified in 8.37.0 that impacted some customers using the Scan Assistant feature. This release includes a targeted fix to ensure normal Scan Assistant functionality. Customers are advised to upgrade to 8.37.1 if they have not already done so.

Top of page

Digital Risk Protection (Threat Command)
Copy link

No updates released at this time.

Top of page

Rapid7 Agent
Copy link

No updates released at this time.

Top of page

Next-Generation Antivirus
Copy link

No updates released at this time.

Top of page

Ransomware Prevention
Copy link

No updates released at this time.

Top of page

Velociraptor
Copy link

No updates released at this time.

Top of page