diff --git a/docs/release-notes/8.6.asciidoc b/docs/release-notes/8.6.asciidoc index 0861a96d1e..b2fb9e4e80 100644 --- a/docs/release-notes/8.6.asciidoc +++ b/docs/release-notes/8.6.asciidoc @@ -5,6 +5,11 @@ [[release-notes-8.6.2]] === 8.6.2 +[discrete] +[[known-issue-8.6.2]] +==== Known issues +* After upgrading Elastic prebuilt rules, some rules are erroneously duplicated as custom rules. To remove them, go to the Rules page (**Manage** -> **Rules**), click the **Custom rules** filter next to the search bar, then select and delete the duplicate rules. + [discrete] [[bug-fixes-8.6.2]] ==== Bug fixes and enhancements @@ -15,6 +20,11 @@ [[release-notes-8.6.1]] === 8.6.1 +[discrete] +[[known-issue-8.6.1]] +==== Known issues +* After upgrading Elastic prebuilt rules, some rules are erroneously duplicated as custom rules. To remove them, go to the Rules page (**Manage** -> **Rules**), click the **Custom rules** filter next to the search bar, then select and delete the duplicate rules. + [discrete] [[bug-fixes-8.6.1]] ==== Bug fixes and enhancements @@ -29,6 +39,7 @@ [discrete] [[known-issue-8.6.0]] ==== Known issues +* After upgrading Elastic prebuilt rules, some rules are erroneously duplicated as custom rules. To remove them, go to the Rules page (**Manage** -> **Rules**), click the **Custom rules** filter next to the search bar, then select and delete the duplicate rules. * When using the Osquery Manager integration with {agent}, Osquery results aren't properly written to {es} and, therefore, cannot be viewed in Kibana (https://github.com/elastic/beats/issues/34250)[#34250]). We recommend that Osquery users skip {stack} version 8.6.0 and upgrade to {stack} version 8.6.1 or later when available. * Investigation guides for some prebuilt rules may not render correctly if they include an escaped character (such as `\"`). To resolve this, update your prebuilt rules once you receive a rule update prompt on the Rules page (https://github.com/elastic/detection-rules/pull/2447[#2447]). diff --git a/docs/release-notes/8.7.asciidoc b/docs/release-notes/8.7.asciidoc index 9e4991a72b..d3c7fcf264 100644 --- a/docs/release-notes/8.7.asciidoc +++ b/docs/release-notes/8.7.asciidoc @@ -8,7 +8,7 @@ [discrete] [[known-issue-8.7.1]] ==== Known issues - +* After upgrading Elastic prebuilt rules, some rules are erroneously duplicated as custom rules. To remove them, go to the Rules page (**Manage** -> **Rules**), click the **Custom rules** filter next to the search bar, then select and delete the duplicate rules. * Index aliases and some data streams are not properly retrieved by the {elastic-sec} default data view. * The **Add exceptions flyout** loads indefinitely and an out of memory error displays when a rule has a large number of unmapped fields in multiple indices. To avoid this issue, use the <> to manage exceptions. * If you modify an exception item using the <> API and _only_ specify its `item_id`, the exception item is erroneously duplicated. To avoid this issue, you can either: @@ -137,6 +137,7 @@ To find the affected endpoint policy artifacts: [discrete] [[known-issue-8.7.0]] ==== Known issues +* After upgrading Elastic prebuilt rules, some rules are erroneously duplicated as custom rules. To remove them, go to the Rules page (**Manage** -> **Rules**), click the **Custom rules** filter next to the search bar, then select and delete the duplicate rules. * After alerts are generated for the first time, you may have to refresh your browser before your alert data appears on pages that use data views (for example, Timeline). Navigating between pages will not work (https://github.com/elastic/security-docs/issues/3046[#3046]).