May 2026 Release Notes
Copy link

The Command Platform release notes include information about what’s new, which are updated monthly, and improvements and fixes, which are updated weekly.

ℹ️

Last updated: May 4, 2026

What’s New
Copy link

Learn about new features across the Command Platform. These features were released over the past month and are available now:

Risk
Copy link

Risk is the potential for loss or damage to your assets, operations, or reputation due to vulnerabilities being exploited by a bad actor. Security teams must assess risk by understanding likelihood, impact, and real-world threat context.

Gain Clearer Asset Visibility with Expanded Patch and Endpoint Protection Data
Copy link

Remediation Hub now provides expanded asset-level visibility for patch management and endpoint protection coverage. You can see which solutions provide coverage for each asset, identify the source of that data, and determine whether a reboot is still required after patching. This information is available in remediation details, filters, exports, and Automation (InsightConnect) workflows.

With this update in Risk > Remediation Hub, you can:

  • See the source of endpoint protection and patch management coverage for each asset.
  • Identify assets that still require a reboot after patching.
  • Filter and export data to quickly find and share assets that need follow-up action.

Top of page

Remediate Faster with Targeted Filtering in Remediation Hub
Copy link

Remediation Hub now includes enhanced filtering with resource type and categorized filters. Categorized filters help you distinguish between those that apply to all assets and those specific to Vulnerability Management (InsightVM) or Cloud Security (InsightCloudSec), making it easier to find and apply the right filters.

With this capability in Risk > Remediation Hub, you can:

  • Prioritize newly disclosed vulnerabilities using CVE publish date filters.
  • Quickly identify relevant filters with category-based organization.
  • Focus on the most relevant assets by filtering by resource type.
  • Navigate filters more efficiently with improved structure.

Top of page

Threat
Copy link

A threat is any potential event or action that could exploit vulnerabilities in a system, causing harm to assets, data, or operations. Threats can originate from malicious actors, compromised identities, or misconfigurations.

Accelerate Threat Hunting with Integrated Log Search
Copy link

You can now move directly from Threat Intelligence (Intelligence Hub) to Log Search without manually building queries. From Campaign and Threat Actor profiles, SIEM (InsightIDR) automatically generates and opens pre-filled queries with the relevant indicators of compromise (IOCs), mapped log sources, and time ranges.

With this capability in Command Platform > Intelligence > Campaigns and Command Platform > Intelligence > Threat Actors, you can:

  • Launch ready-to-run log searches with automatically generated queries based on selected IOCs.
  • Improve hunt accuracy using standardized queries grouped by IOC type, such as IP addresses, domains, and file hashes.
  • Reduce manual effort and errors by eliminating the need to copy, map, and format indicators across log sources.
  • Move from intelligence to investigation in seconds, improving analyst efficiency and response time.

Top of page

Prioritize CVEs Faster with Rapid7 Labs Technical Assessments
Copy link

Rapid7 Labs technical assessments are now embedded directly in CVE Library, giving your team clear, analyst-backed insight into how vulnerabilities are exploited and why they matter. Instead of piecing together external research, you can now evaluate exploitability, attacker value, and real-world risk in one place.

With this capability in Command Platform > Intelligence > CVE Library, you can:

  • Access Rapid7 Labs technical assessments for notable CVEs directly within each CVE record.
  • Understand why a vulnerability matters using structured signals like exploitability, attacker value, and exposure conditions.
  • Prioritize remediation faster with analyst narrative, affected product details, and real-world risk context.

Top of page

Eliminate Context Switching with Native IOC Management
Copy link

IOC Sources are now integrated directly into the Command Platform, providing a centralized interface to manage public, private, and custom Threat Intelligence (Intelligence Hub) feeds. This enhancement streamlines workflows by reducing the need to switch between tools and improves performance when working with large volumes of IOCs.

With this update in Command Platform > Data Connectors > Sources, you can:

  • Manage all indicators and IOC sources directly within the core platform.
  • Experience drastically improved load times and a modernized UI for searching millions of IOCs.

Top of page

Improve Data Reliability with Platform-Native Vulnerability Management (InsightVM) Integration
Copy link

Vulnerability Management (InsightVM) data now flows into SIEM (InsightIDR) through a platform-native integration powered by the Rapid7 data mesh. This update removes the need for manual configuration, improves reliability, and ensures consistent vulnerability context across SIEM (InsightIDR), MDR/MTC, and Incident Command without impacting existing functionality.

With this capability, you can:

  • Automatically access Vulnerability Management (InsightVM) data in SIEM (InsightIDR) without additional setup.
  • Reduce configuration issues and ongoing maintenance.
  • Ensure vulnerability context in SIEM (InsightIDR) aligns with Vulnerability Management (InsightVM) data.
  • Continue using existing features and customizations without changes.

Top of page

Improve Triage for Multi-Vector and Thresholded Detections with Full Alert Context
Copy link

SIEM (InsightIDR) now preserves and displays additional contributing payloads for multi-vector and thresholded detections, instead of showing only the final triggering event. This gives SOC analysts full visibility into the activity behind complex detections.

With this update in Alert Details > View in Log Search, you can:

  • See additional evidence that contributed to a multi-vector or thresholded detection.
  • Triage complex alerts faster with clearer context.
  • Reduce ambiguity, false positives, and investigation time.

This enhancement improves analyst confidence and trust by ensuring detection context is complete from detection through response.

Top of page

Create and Deploy Detections as Code in SIEM (InsightIDR)
Copy link

You can now create, validate, and deploy detections as code in SIEM (InsightIDR) using Terraform. This capability enables security teams to define detection logic in a version-controlled workflow, validate detections before deployment, and promote them across environments. By treating detections as software, you can improve consistency across tenants, reduce configuration drift, and accelerate time to detection.

With this capability, you can:

  • Define and manage detections using Terraform in your existing CI/CD workflows.
  • Deploy and manage custom detections without relying on manual UI configuration.
  • Promote detections consistently across single- and multi-tenant environments.
  • Maintain auditability and version control for detection changes.
  • Create up to 200 custom detection rules, up from the previous default of 50.

Top of page

Administration
Copy link

Administration focuses on refining platform controls, improving integrations, and streamlining configuration to support efficient security operations.

Streamline User Management with Unified User Resources and Settings
Copy link

Manage user preferences and access from a single, centralized location across the Command Platform. This update simplifies how users configure settings, access resources, and maintain their profile, providing a unified experience for managing user-level settings and resources while reducing friction and eliminating the need to navigate across multiple areas of the platform.

With this update in Command Platform > Profile > User Settings, you can:

  • Manage profile preferences, including theme, time zone, and default landing page.
  • View and update communication and notification preferences.
  • Configure access and security settings.
  • Access customer support and educational resources.

Top of page

Reduce False Positives with AI-Enhanced Attack Modules
Copy link

Use AI to deliver more accurate vulnerability results in your scan outputs. This feature helps your team focus on true web app vulnerabilities, streamlining remediation workflows and reducing manual triage efforts.

With this feature in Application Security > Settings > Scan Options, you can:

  • Automatically assess scan output using LLM-based vulnerability pre-triage.
  • Focus on real risk, with false positives removed from your environment.
  • Reduce manual review processes, helping prioritize remediation efforts with greater confidence in your findings.

Due to specific model infrastructure requirements, this feature is currently not available in APS2 and ME regions. The CA region may experience varied results due to these limitations.

Top of page

Improvements and Fixes
Copy link

Keep track of improvements and fixes to core technology.

Application Security (InsightAppSec) and AppSpider
Copy link

No updates released at this time.

Top of page

Attack Surface Management (Surface Command)
Copy link

Version 1.0.908
Copy link

Software release date: April 28, 2026 | Release notes published: May 4, 2026

Improved:

  • Expand correlation exclusion rules for serial numbers to ignore additional placeholder values, including “n/a,” “n.a.,” “-,” “1234,” and “not specified.” These values are now excluded from correlation while the property remains on the asset.
  • Filter View widgets now support drill-in operations, enabling interactive exploration.
  • Graphical Query Builder filters now display selectable enum values in a dropdown, matching Data Insights filter behavior for improved usability.

Connectors

The following connectors were updated in the Extension Library  since the previous release. Connector updates are published independently and may have been available before this release date.

New Connectors

  • JFrog Artifactory: JFrog Artifactory is a universal artifact repository manager that stores, manages, and distributes software packages and binaries across the development pipeline. This connector synchronizes user, group, project, and repository data from JFrog Artifactory into the Rapid7 Platform.

Updated Connectors

  • Dragos: Fixed data validation for x and y labels in DragosAsset.
  • Freshservice: Added unmatched asset counts logging.
  • Microsoft Graph Security: Added connector settings for minimum severity and lookback days for alerts and incidents.
  • Microsoft Intune: Fixed a date parsing error when devices have never synced and the Last Sync filter is enabled.
  • NetBox: Improved name-based correlation for NetBoxDevice.
  • SentinelOne Singularity:
    • Filtered vulnerabilities by status to exclude resolved and suppressed findings.
    • Improved paging log to show running totals across pages.
  • SolarWinds Orion: Increased timeout and decreased limit for Node SWQL queries.
  • VMware vCenter:
    • Fixed tag retrieval by switching to the REST API.
    • Added vCenterTagAssociation type to link objects to tags.
    • Added vCenterAssociatedTag type to host REST-sourced tag data.

Top of page

Cloud Security (InsightCloudSec)
Copy link

Release availability for self-hosted users

Self-hosted users are able to download the latest version usually 4 business days after SaaS users are upgraded from the following locations:

  • Terraform deployments: Public S3 bucket . Modules can be updated with the terraform get -update command.
  • Amazon Elastic Container Repository (ECR) deployments: You can obtain the ECR build images for this version from the InsightCloudSec ECR Gallery 

Version 26.5.5
Copy link

Software release date: May 5, 2026 | Release notes published: May 4, 2026

Upcoming changes in the release version 26.5.12

OCI Vault and Secret Resource Identification: We will update the resource_id generation for the Vault and Secret resource types in Oracle Cloud Infrastructure (OCI) environments. This change will ensure global uniqueness and correct parent-child relationships by incorporating the Vault OCID into the ID format.

  • Impact:
    • Existing Vaults and Secrets will be re-identified as new resources on the first harvest after this update.
    • Bots, alerts, or integrations may be triggered if configured to act on newly discovered resource types.

Current Release 26.5.5

Improved

  • Updated the Threat Findings experience to align with an industry-standard Detection Findings view. This update introduces an improved layout, enhanced organization, and additional functionality to help you investigate and prioritize findings more efficiently.
    • Improved
      • Mapped all findings to the MITRE ATT&CK framework.
      • Added remediation guidance for findings generated by cloud service providers.
      • Improved visualization of severity and event source counts.
    • Impact
      • Detection Findings is now the default experience for all users.
      • The underlying findings data remains unchanged. However, the interface has been redesigned to provide improved functionality and navigation.
      • This experience is not available for self-hosted customers.
      • Saved filters are scoped to each experience. Detection Findings does not include filters previously saved in Threat Findings.
      • You can continue to access the previous Threat Findings experience and switch between views using a toggle.
  • Added the ability to create bots directly from JSON configuration. Users can now select “Create Bot From JSON” from the bot creation dropdown menu, eliminating the previous requirement to first create a template from JSON before creating a bot. This streamlines the bot creation workflow for users who prefer working with JSON configurations.
  • Extended the existing container SBOM download feature to support downloading vulnerability assessment data for individual host instances, enabling users to export detailed software package inventories for compliance and security analysis.

New Resources

  • Added support for Lustre File System resource type with new harvester LustreFileSystemHarvester:
    • New permissions required: Microsoft.StorageCache/amlFilesystems/read

New Insights

  • Lustre File System Without CMK Encryption: Identifies Lustre File Systems that are not encrypted with a customer-managed key (CMK).

New Query Filters

  • Container Instance is Kubernetes Node: Identifies Container Instances that are Kubernetes Nodes.
  • Lustre File System Without CMK Encryption: Identifies Lustre File Systems that are not encrypted with a customer-managed key (CMK).

Fixed

  • Fixed an issue where AlloyDB Cluster Snapshots would not link correctly to parent cluster if stored in a different region than the cluster.
  • Fixed handling of missing locationType for GCE rapid storage class buckets in StorageContainerHarvester.

Top of page

Mimics Infrastructure as Code (IaC) Scanning Tool
Copy link

No updates released at this time.

Top of page

SIEM (InsightIDR)
Copy link

No updates released at this time.

Top of page

Vulnerability Management (InsightVM)
Copy link

No updates released at this time.

Top of page

Nexpose
Copy link

No updates released at this time.

Top of page

Digital Risk Protection (Threat Command)
Copy link

No updates released at this time.

Top of page

Remediation Hub
Copy link

  • 2.21.0

    • Resource Type filter: We’ve introduced a new Resource Type filter in the Remediation Hub main table. This allows customers to filter remediation data by categories such as Instance, Container, and Host. This filter applies to Cloud Security (InsightCloudSec) assets.
    • Improved loading experience for the Emergent Threats section.
    • Improved performance and reliability.

Top of page

Rapid7 Agent (Insight Agent)
Copy link

No updates released at this time.

Top of page

Next-Generation Antivirus
Copy link

No updates released at this time.

Top of page

Ransomware Prevention
Copy link

No updates released at this time.

Top of page

Velociraptor
Copy link

No updates released at this time.

Top of page