From 3d4e8317d9c82908c58333ed854b053833ecb9f9 Mon Sep 17 00:00:00 2001
From: "mergify[bot]" <37929162+mergify[bot]@users.noreply.github.com>
Date: Mon, 24 Jul 2023 22:49:53 -0700
Subject: [PATCH] [8.9] 8.9.0 Release notes  (backport #3536) (#3616)

* 8.9.0 Release notes  (#3536)

* First draft

* Adding include to TOC

* Fixed file name

* Updating anchors and bc tags

* Full rewrite of contents

* Removing extra breaking changes tag

* Removed discrete header

* Re-adding header

* Update docs/release-notes/8.9.asciidoc

* Hopefully fixing bc link

* Update docs/release-notes/8.9.asciidoc

* Incorporates feedback

* edits

* Update docs/release-notes/8.9.asciidoc

Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com>

* Update docs/release-notes/8.9.asciidoc

* Update docs/release-notes/8.9.asciidoc

Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com>

* Update docs/release-notes/8.9.asciidoc

Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com>

* Update docs/release-notes/8.9.asciidoc

* Janeen's input

* More edits from Janeen

* Update docs/release-notes/8.9.asciidoc

* Removing ResponseOps PR

* Adds remaining content

Adds more known issues, deprecations, and enhancements

* EDR team features

* Removing bc tags for 8.8.2 rn

* Update docs/release-notes/8.8.asciidoc

* Update docs/release-notes/8.9.asciidoc

* Re-adding bc tags to 8.8.asciidoc file

* Update docs/release-notes/8.9.asciidoc

Co-authored-by: Joe Peeples <joe.peeples@elastic.co>

* Update docs/release-notes/8.9.asciidoc

Co-authored-by: Joe Peeples <joe.peeples@elastic.co>

* Update docs/release-notes/8.9.asciidoc

Co-authored-by: Joe Peeples <joe.peeples@elastic.co>

* Updating sum for 160574 and 160577

Incorporating Janeen's feedback

* Jatin's feedback

* Update docs/release-notes/8.9.asciidoc

Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>

---------

Co-authored-by: benironside <91905639+benironside@users.noreply.github.com>
Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com>
Co-authored-by: Joe Peeples <joe.peeples@elastic.co>
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
(cherry picked from commit 04ac0fd164f53863ae7dbe5b71d72e285c76ed80)

# Conflicts:
#	docs/release-notes.asciidoc

* Update docs/release-notes.asciidoc

---------

Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com>
Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com>
---
 docs/release-notes.asciidoc     |  3 ++
 docs/release-notes/8.7.asciidoc |  5 ---
 docs/release-notes/8.9.asciidoc | 73 +++++++++++++++++++++++++++++++++
 3 files changed, 76 insertions(+), 5 deletions(-)
 create mode 100644 docs/release-notes/8.9.asciidoc

diff --git a/docs/release-notes.asciidoc b/docs/release-notes.asciidoc
index 47625cf181..89c5074f70 100644
--- a/docs/release-notes.asciidoc
+++ b/docs/release-notes.asciidoc
@@ -3,6 +3,8 @@
 
 This section summarizes the changes in each release.
 
+* <<release-notes-8.9.0, {elastic-sec} version 8.9.0>>
+* <<release-notes-8.8.2, {elastic-sec} version 8.8.2>>
 * <<release-notes-8.8.1, {elastic-sec} version 8.8.1>>
 * <<release-notes-8.8.0, {elastic-sec} version 8.8.0>>
 * <<release-notes-8.7.1, {elastic-sec} version 8.7.1>>
@@ -39,6 +41,7 @@ This section summarizes the changes in each release.
 :issue: https://github.com/elastic/kibana/issues/
 :pull: https://github.com/elastic/kibana/pull/
 
+include::release-notes/8.9.asciidoc[]
 include::release-notes/8.8.asciidoc[]
 include::release-notes/8.7.asciidoc[]
 include::release-notes/8.6.asciidoc[]
diff --git a/docs/release-notes/8.7.asciidoc b/docs/release-notes/8.7.asciidoc
index 9e4991a72b..5dd151705a 100644
--- a/docs/release-notes/8.7.asciidoc
+++ b/docs/release-notes/8.7.asciidoc
@@ -231,12 +231,7 @@ GET .kibana*/_search
 [[breaking-changes-8.7.0]]
 ==== Breaking changes
 
-//tag::breaking-changes[]
-// NOTE: The breaking-changes tagged regions are reused in the Elastic Installation and Upgrade Guide. The pull attribute is defined within this snippet so it properly resolves in the output.
-:pull: https://github.com/elastic/kibana/pull/
 There are no breaking changes in 8.7.0.
-//end::breaking-changes[]
-
 
 [discrete]
 [[deprecations-8.7.0]]
diff --git a/docs/release-notes/8.9.asciidoc b/docs/release-notes/8.9.asciidoc
new file mode 100644
index 0000000000..fd94028cb1
--- /dev/null
+++ b/docs/release-notes/8.9.asciidoc
@@ -0,0 +1,73 @@
+[[release-notes-header-8.9.0]]
+== 8.9.0
+
+[discrete]
+[[release-notes-8.9.0]]
+=== 8.9
+
+[discrete]
+[[known-issue-8.9.0]]
+==== Known issues
+
+* On the new Detection rule monitoring dashboard, total `Rule executions` will not always equal the sum of `Succeeded`, `Warning`, and `Failed` executions. This is expected because rules can write multiple statuses per execution. One typical example is gap detection: if a rule detects a gap in rule execution it will write an intermediate `Failed` status, then continue to run, and write a final status (such as `Warning`) before finishing its execution.
+* Rule changes can't be saved if the rule's action frequency is shorter than the rule's run interval.
+* The `upload` response action does not report the correct amount of available disk space. The correct amount is approximately four gigabytes. 
+
+[discrete]
+[[breaking-changes-8.9.0]]
+==== Breaking changes
+//tag::breaking-changes[]
+// NOTE: The breaking-changes tagged regions are reused in the Elastic Installation and Upgrade Guide. The pull attribute is defined within this snippet so it properly resolves in the output.
+// THIS ALSO MEANS IF YOU USE LINKS HERE, THEY SHOULD BE FULL URLS WITH NO ATTRIBUTES
+
+:pull: https://github.com/elastic/kibana/pull/
+
+There are no breaking changes in 8.9.0.
+
+//end::breaking-changes[]
+
+[discrete]
+[[deprecations-8.9.0]]
+==== Deprecations
+* Removes the option to use the legacy navigation menu ({pull}158094[#158094]).
+* General prebuilt threat indicator match rules were deprecated and replaced with improved indicator-type rules. 
+
+[discrete]
+[[features-8.9.0]]
+==== New features
+* Allows you to install the Cloud Security Posture Management (CSPM) integration via CloudFormation ({pull}159994[#159994]).
+* Creates a new dashboard, Cloud Native Vulnerability Management, that provides an overview of vulnerabilities on your cloud hosts ({pull}159699[#159699]).
+* Allows you to group vulnerabilities by resource (host) on the Vulnerabilities Findings page, and creates a Resource flyout that displays detailed vulnerability findings for individual hosts ({pull}159873[#159873], {pull}158987[#158987]).
+* Adds a new custom dashboard, "Detection rule monitoring" ({pull}159875[#159875]).
+* Allows you to anonymize event field values sent to AI Assistant ({pull}159857[#159857]).
+* Adds a *Chat* button that opens AI Assistant to the alert details flyout ({pull}159633[#159633]).
+* Updates AI Assistant to let you create and delete custom system prompts and default conversations ({pull}159365[#159365]).
+* Allows you to add alert tags ({pull}157786[#157786]).
+* Adds the ability to automatically isolate a host through a rule’s endpoint response action ({pull}152424[#152424]). 
+* Moves response actions to General Availability.
+* Adds a new response action that allows you to upload files to an endpoint that has {elastic-endpoint} installed ({pull}157208[#157208]).
+* Makes the Lateral Movement Detection advanced analytics package General Availability, and adds the ability to detect malicious activities in Windows RDP events (https://github.com/elastic/integrations/pull/6588[#6588]).
+
+[discrete]
+[[enhancements-8.9.0]]
+==== Enhancements
+* Makes it easier to set up exceptions by auto-populating exception conditions and values with relevant alert data.  
+* Adds a *Last response* dropdown menu to the Rules table that allows you to filter rules by the status of their last execution ("Succeeded", "Warning", or "Failed") ({pull}159865[#159865]).
+* Creates a Lens dashboard for monitoring the use of tokens by AI Assistant ({pull}159075[#159075]).
+* Creates a connector for D3 Security ({pull}158569[#158569]).
+* Improves the interface for installing and upgrading Elastic prebuilt rules ({pull}158450[#158450]).
+* Shows a rule's actions on its details page ({pull}158189[#158189]).
+* Allows you to add Lens visualizations to cases from the visualization's *More actions* menu ({pull}154918[#154918]).
+* Adds a tooltip to snoozed rules that shows exactly when alerting will resume ({pull}157407[#157407]).
+* Enhances the Data Exfiltration Detection package by adding the ability to detect exfiltration anomalies through USB devices and Airdrop (https://github.com/elastic/integrations/pull/6577[#6577]).
+
+[discrete]
+[[bug-fixes-8.9.0]]
+==== Bug fixes
+* Fixes a bug that prevented rule exceptions from being auto-populated when you created a new exception from an alert's **Take action** menu.
+* Fixes a UI bug that overlaid **Default Risk score** values as you created a new rule.
+* Fixes a bug that restricted the number of cloud accounts that could appear on the Cloud Security Posture dashboard to 10 ({pull}157233[#157233]).
+* Fixes a bug that allowed you to save a rule with an alert filter missing a query ({pull}159690[#159690]).
+* Fixes unexpected filtering behavior on the Alerts page. Now, when you select a filter that excludes all alerts, an empty table now appears as expected ({pull}160374[#160374]).
+* Fixes a UI bug where the **Label** field in the Investigation Guide form incorrectly turns red when the entered value is correct ({pull}160574[#160574], {pull}160577[#160577]).
+* Fixes a bug that caused rules to snooze longer than specified ({pull}152873[#152873]).