Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

What's new in 8.9 #3543

Closed
19 tasks done
jmikell821 opened this issue Jul 7, 2023 · 0 comments · Fixed by #3633
Closed
19 tasks done

What's new in 8.9 #3543

jmikell821 opened this issue Jul 7, 2023 · 0 comments · Fixed by #3633
Assignees
Labels
Effort: Medium Issues that take moderate but not substantial time to complete highlights Priority: Medium Issues that have relevance, but aren't urgent v8.9.0

Comments

@jmikell821
Copy link
Contributor

jmikell821 commented Jul 7, 2023

Please add your features and enhancements for 8.9. Don't forget to include the related PR link!

Detections & Response

Rules

  • Automated endpoint response actions: Users can now add the host isolation response action to rules. When rule conditions are met, the endpoint is automatically isolated. Automated response actions for rules #3546
  • Response actions for rules are GA: Rule response actions are no longer in technical preview. They've been GA'ed for 8.9. (There's no doc PR, but I can try to find the dev issue/PR.)
  • Rule details page includes rule's actions and response actions: The rule details page has been expanded to include a new section that shows the rule's actions and response actions. The newly-added Actions sections includes details such as the action (conector) type, name, and run frequency. (No docs PR since we decided to not doc the rule details page in 8.9. This feature was release-noted only.)
  • Last response filter added to Rules table: In addition to sorting their rules by response, users can now filter for specific responses (Succeeded, Warning, or Failed). [DOCS] Document the new rule execution status filter #3570
  • New UI for installing and upgrading prebuilt detection rules: The UI and workflow for managing prebuilt detection rules has been redesigned to allow more flexibility and visibility into rule updates. Users can now select which prebuilt rules they want to install and update, instead of only being able to install the entire set of rules. Prebuilt detection rules: new UI for installing and upgrading #3552
  • New tags for prebuilt rules: Prebuilt detection rules have new tags identifying the rule’s purpose, detection method, associated resources, and other information to help categorize your rules. Also part of Prebuilt detection rules: new UI for installing and upgrading #3552
  • Detection rule monitoring dashboard: This new dashboard provides visualizations to help you monitor the overall health and performance of Elastic Security’s detection rules. Consult this dashboard for a high-level view of whether your rules are running successfully and how long they’re taking to run, search data, and create alerts. Document the new Detection rule monitoring dashboard #3600

Alerts

  • [ ]

Detection Engine

  • Alert tags: Alert tags allow users to organize related alerts into categories that they can filter and group. Users can add or remove alert tags to individual or multiple alerts. They also have the option to create custom tags by updating the feature's advanced setting. Alert tagging & close reason #3542
  • Auto-filled rule exceptions: When users create a new exception from an alert, exception conditions are auto-populated with relevant alert data. A comment describing this action is also automatically added to the Add comments section. Auto fill exceptions from alert data #3544

Threat Hunting

Explore

  • [ ]

Investigations

Generative AI

Defend Workflows/Asset Management

  • New response action: upload: The new upload response action allows you to upload a file to an endpoint enrolled with Elastic Defend. This could be combined with the execute response action to upload & run scripts, or perform other mitigation on remote hosts. Upload response action #3601

Cloud Security

  • CloudFormation Deployment for CSPM:

Introduces a new, simpler deployment method for Cloud Security Posture Management. You can now quickly set up this feature using AWS CloudFormation [https://github.com//pull/3599]

  • Cloud Native Vulnerability Management Dashboard:

Introduces a new dashboard that shows you an overview of vulnerabilities detected in your environment [https://github.com//pull/3553]

image

Endpoint

  • [ ]

Protections Experience

  • [ ]

ResponseOps

Integrations

  • [ ]
@jmikell821 jmikell821 added highlights v8.9.0 Priority: Medium Issues that have relevance, but aren't urgent Effort: Medium Issues that take moderate but not substantial time to complete labels Jul 7, 2023
@jmikell821 jmikell821 self-assigned this Jul 7, 2023
@jmikell821 jmikell821 pinned this issue Jul 7, 2023
@jmikell821 jmikell821 unpinned this issue Aug 7, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Effort: Medium Issues that take moderate but not substantial time to complete highlights Priority: Medium Issues that have relevance, but aren't urgent v8.9.0
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant