[8.2] Manual prebuilt rule updates support notice (backport #4934) (#…

…4965) * Manual prebuilt rule updates support notice (#4934) * Add statement to relevant pages - Upgrade Elastic Security - Install and manage Elastic prebuilt rules * Update docs/detections/prebuilt-rules-management.asciidoc Co-authored-by: Benjamin Ironside Goldstein <[email protected]> * Update docs/upgrade/upgrade-security.asciidoc Co-authored-by: Nastasha Solomon <[email protected]> * Update docs/upgrade/upgrade-security.asciidoc --------- Co-authored-by: Benjamin Ironside Goldstein <[email protected]> Co-authored-by: Nastasha Solomon <[email protected]> (cherry picked from commit 9ad5d70) # Conflicts: # docs/detections/prebuilt-rules-management.asciidoc # docs/upgrade/upgrade-security.asciidoc * Fix merge conflict --------- Co-authored-by: Joe Peeples <[email protected]>
elastic · Mar 22, 2024 · 208edbf · 208edbf
1 parent 9d67ba5
commit 208edbf
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 2 deletions.
diff --git a/docs/detections/rules-ui-manage.asciidoc b/docs/detections/rules-ui-manage.asciidoc
@@ -44,10 +44,12 @@ You can then activate whichever rules you want. If you delete any prebuilt rules
 
 [NOTE]
 ==============
-Apart from the Elastic Endpoint rule, prebuilt rules are not activated by
+* Apart from the Elastic Endpoint rule, prebuilt rules are not activated by
 default. If you want to modify a prebuilt rule, you must first duplicate it, then make your changes to the duplicated rule. All Elastic prebuilt rules are tagged with the word `Elastic`.
-
++
 To learn how to enable detection rules in Elastic Security, watch the <<enable-detection-rules, tutorial>> at the end of this topic.
+
+* Automatic updates of Elastic prebuilt rules are supported for the current {elastic-sec} version and the latest three previous minor releases. For example, if you’re on {elastic-sec} 8.10, you’ll be able to use the Rules UI to update your prebuilt rules until {elastic-sec} 8.14 is released. After that point, you can still manually download and install updated prebuilt rules, but you must upgrade to the latest {elastic-sec} version to receive automatic updates.
 ==============
 
 [float]

diff --git a/docs/upgrade/upgrade-security.asciidoc b/docs/upgrade/upgrade-security.asciidoc
@@ -25,6 +25,7 @@ IMPORTANT: There is a known issue that significantly impacts UI responsiveness.
 
 Upgrade your {stack} and {agent}s to 7.17 first (refer to {fleet-guide}/upgrade-elastic-agent.html[Upgrade Fleet-managed Elastic Agents]). Afterwards, you can {stack-ref}/upgrading-elastic-stack.html[upgrade the {stack}] to 8.x. Initially, {agent}s will be version 7.17; this is fine because {elastic-sec} 8.x supports the last minor release in 7.x (7.17) and any subsequent {elastic-endpoint} versions in 8.x. After the {stack} upgrade, you can decide whether to upgrade {agent}s to 8.0, which is recommended to ensure you get the latest features.
 
+
 NOTE: You do not need to shut down your {agent}s or endpoints to upgrade the {stack}.
 
 [float]
@@ -104,3 +105,8 @@ Changes to the indicator match rule's <<rule-ui-advanced-params, default threat
 * If an indicator match rule's default threat indicator path was not defined before the upgrade, it will default to `threatintel.indicator` after the upgrade. This allows the rule to continue using indicator data ingested by {filebeat} version 7.x. If a custom value was defined before the upgrade, the value will not change.
 * If an existing indicator match rule was configured to use threat indicator indices generated from {filebeat} version 7.x, updating the default threat indicator path to `threat.indicator` after you upgrade to {stack} version 8.0 and {agent} or {filebeat} version 8.0 configures the rule to use threat indicator indices generated by those later versions.
 * You must create separate rules to query threat intelligence indices created by {filebeat} version 7.x and version 8.0 because each version requires a different default threat indicator path value. Review the recommendations for <<query-alert-indices, querying alert indices>>.
+
+[float]
+[[prebuilt-rule-updates]]
+=== Support for Elastic prebuilt detection rule automatic updates
+<<load-prebuilt-rules,Automatic updates of Elastic prebuilt detection rules>> are supported for the current {elastic-sec} version and the latest three previous minor releases. For example, if you’re upgrading to {elastic-sec} 8.10, you’ll be able to use the Rules UI to update your prebuilt rules until {elastic-sec} 8.14 is released. After that point, you can still manually download and install updated prebuilt rules, but you must upgrade to the latest {elastic-sec} version to receive automatic updates.