diff --git a/docs/whats-new.asciidoc b/docs/whats-new.asciidoc index 5d901aab94..5d82505d18 100644 --- a/docs/whats-new.asciidoc +++ b/docs/whats-new.asciidoc @@ -12,9 +12,9 @@ Other versions: {security-guide-all}/8.10/whats-new.html[8.10] | {security-guide [float] -== Latest risk scoring engine +== Latest entity risk scoring engine provides greater scalability and performance -The latest risk scoring engine generates risk scores on a recurring interval, and allows for easier onboarding and management. The engine is built to factor in risks from all {elastic-sec} use cases. It also allows you to customize and control how and when risk is calculated. +The latest <> generates risk scores on a recurring interval, and allows for easier onboarding and management. The engine is built to factor in risks from all {elastic-sec} use cases. It also allows you to customize and control how and when risk is calculated. With the new risk scoring engine, you can: @@ -30,21 +30,25 @@ image::whats-new/images/8.11/entity-risk-score.png[Entity Risk Score page] [float] == Elastic AI Assistant enhancements +The following enhancements have been added to the Elastic AI Assistant: + [float] === New Amazon Bedrock connector You can use Elastic's new Amazon Bedrock connector to integrate with Anthropic Claude models from AWS in the {security-guide}/security-assistant.html[Elastic AI Assistant]. [float] -=== ES|QL knowledge base +=== New ES|QL knowledge base beta:[] With the new knowledge base enabled, {security-guide}/security-assistant.html[Elastic AI Assistant] can answer detailed questions about the Elastic Search Query Language (ES|QL), including help with generating specific queries and syntax questions. [float] == Detection rules and alerts enhancements +The following enhancements have been added to detection rules and alerts: + [float] -=== ES|QL rule type +=== Create ES|QL query detection rules with new ES|QL rule type Use the new {security-guide}/rules-ui-create.html#create-esql-rule[ES|QL rule type] to create detection rules that use ES|QL queries. The ES|QL rule type supports aggregating and non-aggregating queries. @@ -52,31 +56,28 @@ Use the new {security-guide}/rules-ui-create.html#create-esql-rule[ES|QL rule ty image::whats-new/images/8.11/esql-rule.png[New ES|QL rule type] [float] -=== Exceptions enhancements +=== Case-sensitive values supported in rule exceptions When {security-guide}/add-exceptions.html#detection-rule-exceptions[adding exceptions to a rule], the `is one of` and `is not one of` operators now support identical, case-sensitive values – for example, `Windows` and `windows`. [float] -=== Access to host and user prevalence - -{security-guide}/view-alert-details.html#expanded-prevalence-view[The host and user prevalence features] in the alert details flyout now require a https://www.elastic.co/pricing/[Platinum subscription] or higher. - -[float] -== ES|QL in Timeline +== Use ES|QL in Timeline -You can use {security-guide}/timelines-ui.html#esql-in-timeline[ES|QL in Timeline] to filter, transform, and analyze event data stored in {es}. To start using ES|QL, open the the **ES|QL** tab. +You can use {security-guide}/timelines-ui.html#esql-in-timeline[ES|QL in Timeline] to filter, transform, and analyze event data stored in {es}. To start using ES|QL, open the **ES|QL** tab. [role="screenshot"] image::whats-new/images/8.11/esql-tab.png[New ES|QL tab in Timeline] [float] -== Cloud Security enhancements +== Expanded support for Cloud security posture management (CSPM) Cloud security posture management (CSPM) capabilities have been expanded to support {security-guide}/cspm-get-started-gcp.html#cspm-set-up-manual-gcp-org[organization-wide GCP deployments], as well as {security-guide}/cspm-get-started-azure.html[single-subscription Azure deployments]. [float] == Cases enhancements +The following enhancements have been added to cases: + [float] === Custom case fields @@ -88,7 +89,7 @@ image::whats-new/images/8.11/cases-add-custom-field.png[Add custom fields to cas [float] === Connectors page renamed -The page where you create and manage case connectors has been renamed to Settings. +The page where you create and manage case connectors has been renamed to **Settings**. [role="screenshot"] image::whats-new/images/8.11/cases-settings.png[The case settings page]