[8.10] What's new 8.10 (backport #3901)

docs/whats-new.asciidoc

@@ -4,131 +4,91 @@
 
 Here are the highlights of what’s new and improved in {elastic-sec}. For detailed information about this release, check out the <<release-notes, Release notes>>.
 
-Other versions: {security-guide-all}/8.8/whats-new.html[8.8] | {security-guide-all}/8.7/whats-new.html[8.7] | {security-guide-all}/8.6/whats-new.html[8.6] | {security-guide-all}/8.5/whats-new.html[8.5] | {security-guide-all}/8.4/whats-new.html[8.4] | {security-guide-all}/8.3/whats-new.html[8.3] | {security-guide-all}/8.2/whats-new.html[8.2] | {security-guide-all}/8.1/whats-new.html[8.1] | {security-guide-all}/8.0/whats-new.html[8.0] | {security-guide-all}/7.17/whats-new.html[7.17] | {security-guide-all}/7.16/whats-new.html[7.16] | {security-guide-all}/7.15/whats-new.html[7.15] | {security-guide-all}/7.14/whats-new.html[7.14] | {security-guide-all}/7.13/whats-new.html[7.13] | {security-guide-all}/7.12/whats-new.html[7.12] | {security-guide-all}/7.11/whats-new.html[7.11] | {security-guide-all}/7.10/whats-new.html[7.10] |
+Other versions: {security-guide-all}/8.9/whats-new.html[8.9] | {security-guide-all}/8.8/whats-new.html[8.8] | {security-guide-all}/8.7/whats-new.html[8.7] | {security-guide-all}/8.6/whats-new.html[8.6] | {security-guide-all}/8.5/whats-new.html[8.5] | {security-guide-all}/8.4/whats-new.html[8.4] | {security-guide-all}/8.3/whats-new.html[8.3] | {security-guide-all}/8.2/whats-new.html[8.2] | {security-guide-all}/8.1/whats-new.html[8.1] | {security-guide-all}/8.0/whats-new.html[8.0] | {security-guide-all}/7.17/whats-new.html[7.17] | {security-guide-all}/7.16/whats-new.html[7.16] | {security-guide-all}/7.15/whats-new.html[7.15] | {security-guide-all}/7.14/whats-new.html[7.14] | {security-guide-all}/7.13/whats-new.html[7.13] | {security-guide-all}/7.12/whats-new.html[7.12] | {security-guide-all}/7.11/whats-new.html[7.11] | {security-guide-all}/7.10/whats-new.html[7.10] |
 {security-guide-all}/7.9/whats-new.html[7.9]
 
 // NOTE: The notable-highlights tagged regions are re-used in the Installation and Upgrade Guide. Full URL links are required in tagged regions.
 // tag::notable-highlights[]
 
-[float]
-== Elastic AI Assistant enhancements 
-
-The {security-guide}/security-assistant.html[Elastic AI Assistant] now has a centralized UI for configuring settings, and you can now {security-guide}/security-assistant.html#data-information[anonymize data] sent to and from the AI provider. 
-
-[role="screenshot"]
-image::whats-new/images/8.9/AI-anonymous.png[Elastic AI Assistant settings]
-
-Additionally, the new {kibana-ref}/gen-ai-action-type.html#gen-ai-connector-token-dashboard[Generative AI token usage dashboard] allows you to monitor your token usage with the AI provider.
 
 [float]
-== Detect network intrusions and compromised hosts with Lateral movement detection 
+== Navigation menu updates
 
-Lateral movement detection is a new, preventative advanced analytics package that detects anomalies from intrusions, file transfer, and Remote Desktop Protocol (RDP) events, which indicate lateral movement. To download and configure this package, follow the instructions https://github.com/elastic/integrations/blob/6895ccf89d56bcd6fabee733740c7f99f2afd991/packages/lmd/docs/README.md[here].
+The Security navigation menu has been updated with reorganized sections and a refreshed design. In addition, a new **Rules** section allows you to access the following pages:
 
-NOTE: This feature requires a Platinum or Enterprise http://elastic.co/pricing[subscription]. 
+* Rules
+* Benchmark Integrations
+* Shared Exception Lists
+* MITRE ATT&CK® coverage
 
 [role="screenshot"]
-image::whats-new/images/8.9/lateral-movement.gif[Lateral movement]
-
-[float]
-== Detection rules enhancements
+image::whats-new/images/8.10/nav-overview.gif[Security navigation menu]
 
 [float]
-=== New UI for installing and upgrading prebuilt detection rules
+== Elastic AI Assistant enhancements 
 
-There's a {security-guide}/prebuilt-rules-management.html[newly redesigned UI] and workflow for managing prebuilt detection rules to allow more flexibility and visibility into rule updates. You can now select which prebuilt rules you want to install and update, instead of only installing the entire set of rules. You can also duplicate a rule to make changes to it. 
+A new RBAC setting controls user access to the {security-guide}/security-assistant.html[Elastic AI Assistant].
 
 [role="screenshot"]
-image::whats-new/images/8.9/prebuilt-rules.png[Prebuilt rules UI]
-
-In addition, prebuilt detection rules have new tags to categorize your rules, such as the rule’s purpose, detection method, associated resources, and other information.  
+image::whats-new/images/8.10/ai-assistant-privilege.png[Elastic AI Assistant Kibana privilege]
 
 [float]
-=== Monitor rule performance with the new Detection rule monitoring dashboard
-
-The {security-guide}/rule-monitoring-dashboard.html[Detection rule monitoring dashboard] provides visualizations to help you monitor the overall health and performance of {elastic-sec}'s detection rules. Review this dashboard for a high-level overview to determine if your rules are running successfully and how long they’re taking to run, search data, and create alerts.
-
-[role="screenshot"]
-image::whats-new/images/8.9/rule-monitor-dashboard.png[Detection rule monitor dashboard]
+== Detection rules and alerts enhancements
 
 [float]
-=== Automated endpoint response actions for rules
-
-You can now add the {security-guide}/host-isolation-ov.html#isolate-a-host[host isolation response action] to rules. When rule conditions are met, the endpoint is automatically isolated. 
+=== MITRE ATT&CK® coverage page
 
-[float]
-=== Rule exceptions auto-populated with alert data
+The {security-guide}/rules-coverage.html[MITRE ATT&CK® coverage page] shows which MITRE ATT&CK® adversary tactics and techniques are covered by your installed and enabled detection rules. This includes both Elastic prebuilt rules and custom rules.
 
-Now, when you {security-guide}/add-exceptions.html#detection-rule-exceptions[create a new rule exception] from an alert, exception conditions are auto-populated with relevant alert data. A comment describing this action is also automatically added to the *Add comments* section.
+[role="screenshot"]
+image::whats-new/images/8.10/rules-coverage.png[MITRE ATT&CK® coverage page]
 
 [float]
-=== Interactive investigation guides are now generally available
-
-{security-guide}/interactive-investigation-guides.html[Interactive investigation guides], which suggest steps for triaging, analyzing, and responding to potential security issues, are now generally available. You can configure an interactive investigation guide when you create a new rule or edit an existing one.
+=== New prebuilt rule details flyout
 
+The new prebuilt rule details flyout allows you to examine the details of a prebuilt rule before you {security-guide}/prebuilt-rules-management.html[install or update] it. You can access this flyout by clicking a rule name on the **Add Elastic Rules** page or the **Rule updates** table. The flyout displays the **About**, **Definition**, and **Schedule** sections, as shown on the rule details page. It also shows the setup and investigation guides for rules that have them.
+
 [role="screenshot"]
-image::whats-new/images/8.9/IG-UI.png[Interactive investigation guide]
-
+image::whats-new/images/8.10/prebuilt-rule-details-flyout.png[Prebuilt rule details flyout]
 
 [float]
-=== Prebuilt rule updates
-
-Check out the {security-guide}/prebuilt-rules-downloadable-updates.html[latest updates] to prebuilt rules. To download the latest updates, refer to {security-guide}/prebuilt-rules-management.html#update-prebuilt-rules[Update Elastic prebuilt rules]. 
+=== Enhanced alert details flyout UI
 
-[float]
-=== Manage and filter alert tags
+The redesigned alert details experience presents relevant context and insights while investigating an alert. Use the collapsed view to access summarized information, and then expand each section to open detailed views. Additional improvements include:
 
-{security-guide}/alerts-ui-manage.html#apply-alert-tags[Alert tags], which you can add or remove for individual or multiple alerts, allow you to organize related alerts into categories that you can filter and group. If desired, you can also create custom tags by updating the feature's advanced setting.
+* Previews of rule details and visualizations allow you to stay within the flyout when investigating the alert.
+* Investigation guides are easier to find and read.
+* Alert insights now include prevalence information on related hosts and users.
 
 [role="screenshot"]
-image::whats-new/images/8.9/alert-tags.png[Apply alert tags]
+image::whats-new/images/8.10/open-alert-details-flyout.gif[Enhanced alert details flyout]
 
 [float]
-== New integrations 
-
-The following security https://docs.elastic.co/integrations[integrations] were added in {minor-version}:
+=== Custom highlighted fields
 
-* Arista Firewall
-* Google Security Command Center
-* Microsoft Defender for Cloud
-* Okta (Entity Analytics)
-* SentinelOne Cloud Funnel
-* Zero Networks
+When {security-guide}/rules-ui-create.html#rule-ui-advanced-params[configuring advanced rule settings], you can now specify additional highlighted fields for personalized alert investigation flows. Fields with data are added to the Highlighted fields section within the alert details flyout. You can also find custom highlighted fields in the About section of the rule details page.
 
 [role="screenshot"]
-image::whats-new/images/8.9/integrations.png[Newly add integrations in 8.9]
+image::whats-new/images/8.10/custom-highlighted-fields.png[Custom highlighted fields]
 
 [float]
-== Upload files to an endpoint with new `upload` response action
+== Reputation service
 
-The response console's new {security-guide}/response-actions.html#_upload[`upload` response action] allows you to upload a file to an endpoint enrolled with {elastic-defend}. You can combine this with the execute response action to upload and run scripts, or perform other mitigation on remote hosts.
+When configuring {security-guide}/configure-endpoint-integration-policy.html#behavior-protection[malicious behavior protection] on an {elastic-defend} policy, you can now select to use **Reputation service**. This service identifies malicious activity and false positives, and enriches alerts using data from various sources, such as VirusTotal and telemetry. For example, reputation service can detect suspicious downloads of binaries with low or malicious reputation.
 
-[float]
-== Cloud Security enhancements
+NOTE: Reputation service requires an active https://www.elastic.co/pricing[Platinum or Enterprise subscription] and is available on cloud deployments only.
 
 [float]
-=== New CloudFormation deployment for Cloud Security Posture Management (CSPM)
-
-The {security-guide}/cspm-get-started.html#cspm-get-started[CloudFormation deployment for CSPM] provides a new, simpler deployment method for Cloud Security Posture Management, which you can use to monitor the security posture of your cloud assets. You can quickly set up this feature using {security-guide}/cspm-get-started.html#cspm-setup[AWS CloudFormation]. 
+== Cloud Security enhancements
 
 [float]
-=== Discover vulnerabilities with the new Cloud Native Vulnerability Management dashboard
+=== Organization-wide onboarding for cloud security posture management on AWS
 
-The {security-guide}/vuln-management-dashboard.html[Cloud Native Vulnerability Management (CNVM) dashboard] gives you an overview of vulnerabilities detected in your cloud infrastructure.
-
-[role="screenshot"]
-image::whats-new/images/8.9/CNVM-dashboard.png[CNVM dashboard]
+This release automates the onboarding of every AWS Organization account to cloud security posture management (CSPM) — including existing and new accounts. With {security-guide}/cspm-get-started.html#cspm-setup[AWS CloudFormation], onboarding takes just a few clicks. This helps you quickly get a comprehensive view of the security posture of all your current and future AWS accounts.
 
 [float]
-== Cases enhancements 
-
-The following enhancements have been added to Cases: 
-
-* You now have the option to {security-guide}/cases-open-manage.html#cases-ui-open[specify a category] for new and existing cases.
-* You can now {security-guide}/cases-open-manage.html#cases-lens-visualization[add Lens visualizations to cases] from anywhere within the {security-app}.
-* The case details *Alerts* tab now displays the number of alerts attached to a case.
-* Email notifications now follow a new and improved template.
-
+=== Cloud security posture management, now for Google Cloud
 
+Cloud security posture management (CSPM) capabilities have been expanded to cover {security-guide}/cspm-get-started-gcp.html[Google Cloud]. You can now assess and bolster the security posture of your GCP assets right from our platform.
 
 // end::notable-highlights[]