From 71edb1d97b81391cdad172e32b7bf72124f3c51e Mon Sep 17 00:00:00 2001 From: "mergify[bot]" <37929162+mergify[bot]@users.noreply.github.com> Date: Thu, 21 Mar 2024 18:07:14 -0400 Subject: [PATCH] [8.7] Manual prebuilt rule updates support notice (backport #4934) (#4960) * Manual prebuilt rule updates support notice (#4934) * Add statement to relevant pages - Upgrade Elastic Security - Install and manage Elastic prebuilt rules * Update docs/detections/prebuilt-rules-management.asciidoc Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com> * Update docs/upgrade/upgrade-security.asciidoc Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> * Update docs/upgrade/upgrade-security.asciidoc --------- Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com> Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> (cherry picked from commit 9ad5d7054bafa40235c2df6888c29b92f87845f3) # Conflicts: # docs/detections/prebuilt-rules-management.asciidoc # docs/upgrade/upgrade-security.asciidoc * Delete docs/detections/prebuilt-rules-management.asciidoc * Update upgrade-security.asciidoc * Update rules-ui-manage.asciidoc --------- Co-authored-by: Joe Peeples --- docs/detections/rules-ui-manage.asciidoc | 6 ++++-- docs/upgrade/upgrade-security.asciidoc | 8 ++++++++ 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/docs/detections/rules-ui-manage.asciidoc b/docs/detections/rules-ui-manage.asciidoc index 2df41f606f..d2e8054b4f 100644 --- a/docs/detections/rules-ui-manage.asciidoc +++ b/docs/detections/rules-ui-manage.asciidoc @@ -61,10 +61,12 @@ You can then activate whichever rules you want. If you delete any prebuilt rules [NOTE] ============== -Apart from the Elastic Endpoint rule, prebuilt rules are not activated by +* Apart from the Elastic Endpoint rule, prebuilt rules are not activated by default. If you want to modify a prebuilt rule, you must first duplicate it, then make your changes to the duplicated rule. All Elastic prebuilt rules are tagged with the word `Elastic`. - ++ To learn how to enable detection rules in Elastic Security, watch the <> at the end of this topic. + +* Automatic updates of Elastic prebuilt rules are supported for the current {elastic-sec} version and the latest three previous minor releases. For example, if you’re on {elastic-sec} 8.10, you’ll be able to use the Rules UI to update your prebuilt rules until {elastic-sec} 8.14 is released. After that point, you can still manually download and install updated prebuilt rules, but you must upgrade to the latest {elastic-sec} version to receive automatic updates. ============== [float] diff --git a/docs/upgrade/upgrade-security.asciidoc b/docs/upgrade/upgrade-security.asciidoc index 51792f74e1..b91087f7a4 100644 --- a/docs/upgrade/upgrade-security.asciidoc +++ b/docs/upgrade/upgrade-security.asciidoc @@ -40,6 +40,14 @@ For large deployments with more than 10 {kib} instances, and more than 10,000 sa you can reduce the upgrade downtime by bringing up a single {kib} instance and waiting for it to complete the upgrade migration before bringing up the remaining instances. +IMPORTANT: You can upgrade to pre-release versions for testing, +but upgrading from a pre-release to the Generally Available version is unsupported. +You should use pre-release versions only for testing in a temporary environment. + +[float] +=== Support for Elastic prebuilt detection rule automatic updates +<> are supported for the current {elastic-sec} version and the latest three previous minor releases. For example, if you’re upgrading to {elastic-sec} 8.10, you’ll be able to use the Rules UI to update your prebuilt rules until {elastic-sec} 8.14 is released. After that point, you can still manually download and install updated prebuilt rules, but you must upgrade to the latest {elastic-sec} version to receive automatic updates. + [float] [[preventing-migration-failures]] === Preparing for migration