diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-4-3/prebuilt-rule-8-4-3-host-files-system-changes-via-windows-subsystem-for-linux.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-4-3/prebuilt-rule-8-4-3-host-files-system-changes-via-windows-subsystem-for-linux.asciidoc index 2e629d870b..1cabd2374b 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-4-3/prebuilt-rule-8-4-3-host-files-system-changes-via-windows-subsystem-for-linux.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-4-3/prebuilt-rule-8-4-3-host-files-system-changes-via-windows-subsystem-for-linux.asciidoc @@ -1,7 +1,7 @@ [[prebuilt-rule-8-4-3-host-files-system-changes-via-windows-subsystem-for-linux]] === Host Files System Changes via Windows Subsystem for Linux -Detects files creation and modification on the host system from the the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. +Detects files creation and modification on the host system from the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. *Rule type*: eql diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-4-3/prebuilt-rule-8-4-3-suspicious-execution-via-windows-subsystem-for-linux.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-4-3/prebuilt-rule-8-4-3-suspicious-execution-via-windows-subsystem-for-linux.asciidoc index 8316d60a9a..573caf048b 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-4-3/prebuilt-rule-8-4-3-suspicious-execution-via-windows-subsystem-for-linux.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-4-3/prebuilt-rule-8-4-3-suspicious-execution-via-windows-subsystem-for-linux.asciidoc @@ -1,7 +1,7 @@ [[prebuilt-rule-8-4-3-suspicious-execution-via-windows-subsystem-for-linux]] === Suspicious Execution via Windows Subsystem for Linux -Detects Linux Bash commands from the the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. +Detects Linux Bash commands from the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. *Rule type*: eql diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-4-3/prebuilt-rules-8-4-3-summary.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-4-3/prebuilt-rules-8-4-3-summary.asciidoc index 79420d68fa..2078fe577d 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-4-3/prebuilt-rules-8-4-3-summary.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-4-3/prebuilt-rules-8-4-3-summary.asciidoc @@ -41,13 +41,13 @@ This section lists all updates associated with version 8.4.3 of the Fleet integr |<> | Identifies attempt to load an untrusted driver. Adversaries may modify code signing policies to enable execution of unsigned or self-signed code. | new | 1 -|<> | Detects Linux Bash commands from the the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. | new | 1 +|<> | Detects Linux Bash commands from the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. | new | 1 |<> | Detects attempts to execute a program on the host from the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. | new | 1 |<> | Detects attempts to enable the Windows Subsystem for Linux using Microsoft Dism utility. Adversaries may enable and use WSL for Linux to avoid detection. | new | 1 -|<> | Detects files creation and modification on the host system from the the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. | new | 1 +|<> | Detects files creation and modification on the host system from the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. | new | 1 |<> | Detects attempts to install or use Kali Linux via Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. | new | 1 diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-5-1/prebuilt-rule-8-5-1-host-files-system-changes-via-windows-subsystem-for-linux.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-5-1/prebuilt-rule-8-5-1-host-files-system-changes-via-windows-subsystem-for-linux.asciidoc index 66706310b2..04587ac494 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-5-1/prebuilt-rule-8-5-1-host-files-system-changes-via-windows-subsystem-for-linux.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-5-1/prebuilt-rule-8-5-1-host-files-system-changes-via-windows-subsystem-for-linux.asciidoc @@ -1,7 +1,7 @@ [[prebuilt-rule-8-5-1-host-files-system-changes-via-windows-subsystem-for-linux]] === Host Files System Changes via Windows Subsystem for Linux -Detects files creation and modification on the host system from the the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. +Detects files creation and modification on the host system from the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. *Rule type*: eql diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-5-1/prebuilt-rule-8-5-1-suspicious-execution-via-windows-subsystem-for-linux.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-5-1/prebuilt-rule-8-5-1-suspicious-execution-via-windows-subsystem-for-linux.asciidoc index bd95676944..86a591c328 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-5-1/prebuilt-rule-8-5-1-suspicious-execution-via-windows-subsystem-for-linux.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-5-1/prebuilt-rule-8-5-1-suspicious-execution-via-windows-subsystem-for-linux.asciidoc @@ -1,7 +1,7 @@ [[prebuilt-rule-8-5-1-suspicious-execution-via-windows-subsystem-for-linux]] === Suspicious Execution via Windows Subsystem for Linux -Detects Linux Bash commands from the the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. +Detects Linux Bash commands from the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. *Rule type*: eql diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-5-1/prebuilt-rules-8-5-1-summary.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-5-1/prebuilt-rules-8-5-1-summary.asciidoc index b9ef47b742..0179262110 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-5-1/prebuilt-rules-8-5-1-summary.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-5-1/prebuilt-rules-8-5-1-summary.asciidoc @@ -41,13 +41,13 @@ This section lists all updates associated with version 8.5.1 of the Fleet integr |<> | Identifies attempt to load an untrusted driver. Adversaries may modify code signing policies to enable execution of unsigned or self-signed code. | new | 1 -|<> | Detects Linux Bash commands from the the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. | new | 1 +|<> | Detects Linux Bash commands from the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. | new | 1 |<> | Detects attempts to execute a program on the host from the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. | new | 1 |<> | Detects attempts to enable the Windows Subsystem for Linux using Microsoft Dism utility. Adversaries may enable and use WSL for Linux to avoid detection. | new | 1 -|<> | Detects files creation and modification on the host system from the the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. | new | 1 +|<> | Detects files creation and modification on the host system from the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. | new | 1 |<> | Detects attempts to install or use Kali Linux via Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. | new | 1 diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-6-1/prebuilt-rule-8-6-1-host-files-system-changes-via-windows-subsystem-for-linux.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-6-1/prebuilt-rule-8-6-1-host-files-system-changes-via-windows-subsystem-for-linux.asciidoc index 0209649c39..726244e94b 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-6-1/prebuilt-rule-8-6-1-host-files-system-changes-via-windows-subsystem-for-linux.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-6-1/prebuilt-rule-8-6-1-host-files-system-changes-via-windows-subsystem-for-linux.asciidoc @@ -1,7 +1,7 @@ [[prebuilt-rule-8-6-1-host-files-system-changes-via-windows-subsystem-for-linux]] === Host Files System Changes via Windows Subsystem for Linux -Detects files creation and modification on the host system from the the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. +Detects files creation and modification on the host system from the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. *Rule type*: eql diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-6-1/prebuilt-rule-8-6-1-suspicious-execution-via-windows-subsystem-for-linux.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-6-1/prebuilt-rule-8-6-1-suspicious-execution-via-windows-subsystem-for-linux.asciidoc index a96a62df92..74bfeda0ac 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-6-1/prebuilt-rule-8-6-1-suspicious-execution-via-windows-subsystem-for-linux.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-6-1/prebuilt-rule-8-6-1-suspicious-execution-via-windows-subsystem-for-linux.asciidoc @@ -1,7 +1,7 @@ [[prebuilt-rule-8-6-1-suspicious-execution-via-windows-subsystem-for-linux]] === Suspicious Execution via Windows Subsystem for Linux -Detects Linux Bash commands from the the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. +Detects Linux Bash commands from the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. *Rule type*: eql diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-6-1/prebuilt-rules-8-6-1-summary.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-6-1/prebuilt-rules-8-6-1-summary.asciidoc index 63df5dba36..c7268b9bde 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-6-1/prebuilt-rules-8-6-1-summary.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-6-1/prebuilt-rules-8-6-1-summary.asciidoc @@ -41,13 +41,13 @@ This section lists all updates associated with version 8.6.1 of the Fleet integr |<> | Identifies attempt to load an untrusted driver. Adversaries may modify code signing policies to enable execution of unsigned or self-signed code. | new | 1 -|<> | Detects Linux Bash commands from the the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. | new | 1 +|<> | Detects Linux Bash commands from the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. | new | 1 |<> | Detects attempts to execute a program on the host from the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. | new | 1 |<> | Detects attempts to enable the Windows Subsystem for Linux using Microsoft Dism utility. Adversaries may enable and use WSL for Linux to avoid detection. | new | 1 -|<> | Detects files creation and modification on the host system from the the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. | new | 1 +|<> | Detects files creation and modification on the host system from the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. | new | 1 |<> | Detects attempts to install or use Kali Linux via Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. | new | 1 diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-7-1/prebuilt-rule-8-7-1-host-files-system-changes-via-windows-subsystem-for-linux.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-7-1/prebuilt-rule-8-7-1-host-files-system-changes-via-windows-subsystem-for-linux.asciidoc index d1a0c3dc8a..baf7df172c 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-7-1/prebuilt-rule-8-7-1-host-files-system-changes-via-windows-subsystem-for-linux.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-7-1/prebuilt-rule-8-7-1-host-files-system-changes-via-windows-subsystem-for-linux.asciidoc @@ -1,7 +1,7 @@ [[prebuilt-rule-8-7-1-host-files-system-changes-via-windows-subsystem-for-linux]] === Host Files System Changes via Windows Subsystem for Linux -Detects files creation and modification on the host system from the the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. +Detects files creation and modification on the host system from the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. *Rule type*: eql diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-7-1/prebuilt-rule-8-7-1-suspicious-execution-via-windows-subsystem-for-linux.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-7-1/prebuilt-rule-8-7-1-suspicious-execution-via-windows-subsystem-for-linux.asciidoc index 2e040e0b47..e9b6dea8c8 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-7-1/prebuilt-rule-8-7-1-suspicious-execution-via-windows-subsystem-for-linux.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-7-1/prebuilt-rule-8-7-1-suspicious-execution-via-windows-subsystem-for-linux.asciidoc @@ -1,7 +1,7 @@ [[prebuilt-rule-8-7-1-suspicious-execution-via-windows-subsystem-for-linux]] === Suspicious Execution via Windows Subsystem for Linux -Detects Linux Bash commands from the the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. +Detects Linux Bash commands from the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. *Rule type*: eql diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-7-1/prebuilt-rules-8-7-1-summary.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-7-1/prebuilt-rules-8-7-1-summary.asciidoc index 730de3c48d..b77809dd66 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-7-1/prebuilt-rules-8-7-1-summary.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-7-1/prebuilt-rules-8-7-1-summary.asciidoc @@ -43,13 +43,13 @@ This section lists all updates associated with version 8.7.1 of the Fleet integr |<> | Identifies attempt to load an untrusted driver. Adversaries may modify code signing policies to enable execution of unsigned or self-signed code. | new | 1 -|<> | Detects Linux Bash commands from the the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. | new | 1 +|<> | Detects Linux Bash commands from the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. | new | 1 |<> | Detects attempts to execute a program on the host from the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. | new | 1 |<> | Detects attempts to enable the Windows Subsystem for Linux using Microsoft Dism utility. Adversaries may enable and use WSL for Linux to avoid detection. | new | 1 -|<> | Detects files creation and modification on the host system from the the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. | new | 1 +|<> | Detects files creation and modification on the host system from the Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. | new | 1 |<> | Detects attempts to install or use Kali Linux via Windows Subsystem for Linux. Adversaries may enable and use WSL for Linux to avoid detection. | new | 1 diff --git a/docs/release-notes/8.13.asciidoc b/docs/release-notes/8.13.asciidoc new file mode 100644 index 0000000000..19b72a8e7f --- /dev/null +++ b/docs/release-notes/8.13.asciidoc @@ -0,0 +1,48 @@ +[[release-notes-header-8.13.0]] +== 8.13 + +[discrete] +[[release-notes-8.13.0]] +=== 8.13.0 + +[discrete] +[[features-8.13.0]] +==== Features + +* Allows you to define an entity's (such as a host's or user's) `Asset criticality`, which can affect risk scores ({kibana-pull}176815[#176815], {kibana-pull}176294[#176294], {kibana-pull}172417[#172417], {kibana-pull}176056[#176056]). +* Allows information on the Data Quality dashboard to now persist in {elastic-sec} rather than disappearing after each session ({kibana-pull}175673[#175673], {kibana-pull}173185[#173185]). +* Adds field-by-field diffs to the rules upgrade flyout so you can see what's changed between versions ({kibana-pull}174564[#174564]). +* Adds alert suppression to the Indicator Match rule type ({kibana-pull}174241[#174241]). +* You can add Elastic Defend’s `kill-process` or `suspend-process` response actions to detection rules to automatically terminate or suspend a process on an affected host ({kibana-pull}161645[#161645]). +* Allows you to isolate and release a SentinelOne-protected host from detection alerts and the response console, and view third-party actions in the response actions history log ({kibana-pull}173927[#173927], {kibana-pull}175810[#175810]). +* Allows you to enable and disable cloud security Benchmark rules ({kibana-pull}174575[#174575]). + + +[discrete] +[[enhancements-8.13.0]] +==== Enhancements + +* Enables advanced sorting and customization options for the Findings page's **Vulnerabilities** table ({kibana-pull}174413[#174413]). +* Adds the ability to analyze an event within a specific time range and data view ({kibana-pull}176364[#176364]). +* Enables the newly expanded host and user details flyouts, which allow you to view host or user details, risk data and inputs, and asset criticality ({kibana-pull}175899[#175899]). +* Improves the header layout in the alert details flyout so basic alert details are better organized ({kibana-pull}175075[#175075]). +* Adds inline actions and a search bar to the left panel in the event analyzer UI and improves formatting issues ({kibana-pull}172397[#172397]). + +[discrete] +[[bug-fixes-8.13.0]] +==== Bug fixes + +* Fixes a bug that prevented the event analyzer preview from loading properly for {esql} rules ({kibana-pull}178389[#178389]). +* Fixes a bug that prevented you from editing, adding, or removing query filters when creating or editing a custom query, indicator match, or new terms rule ({kibana-pull}178207[#178207]). +* Fixes a bug that caused unnecessary error messages to appear in {kib} server logs when using the MITRE ATT&CK® Coverage page ({kibana-pull}178126[#178126]). +* Prevents an infinite loading state on the Add Rules page for users with limited permissions ({kibana-pull}178005[#178005]). +* Fixes a bug that prevented the **Reset Fields** action on the Alerts table from resetting the table's columns ({kibana-pull}177986[#177986]). +* Fixes a bug that interfered with the rule filtering interface when you opened it from specific parts of {elastic-sec} ({kibana-pull}177946[#177946]). +* Ensures that text within the risk score preview table translates correctly ({kibana-pull}177680[#177680]). +* Fixes a bug that could prevent the correct `kibana.alert.threshold_result.terms.value` field value from appearing in the alert details flyout ({kibana-pull}177472[#177472]). +* Fixes multiple bugs affecting the rule filters on the rule details page ({kibana-pull}177081[#177081]). +* Updates the alert assignment UI to make its data model and intended usage clearer ({kibana-pull}176442[#176442]). +* Fixes rule overwrite behavior when importing new rules. Now, when a new rule overwrites an existing rule, the new rule completely replaces all the fields of the old one, and the old rule's fields are never included in the new rule ({kibana-pull}176166[#176166]). +* Fixes a bug that allowed you to add a Timeline as a favorite before it was saved ({kibana-pull}175161[#175161]). +* Fixes a bug that could result in an unnecessary negative sign in the risk score table within the expandable user and host flyouts ({kibana-pull}177015[#177015]). +* Adds file and size constraints to value lists ({kibana-pull}176074[#176074]). \ No newline at end of file