8.11 release notes #4095
Merged
8.11 release notes #4095
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Documentation previews: |
benironside
requested review from
stephmilovic,
banderror,
yctercero,
semd,
caitlinbetz,
michaelolo24,
roxana-gheorghe and
machadoum
stephmilovic
approved these changes
Oct 26, 2023
michaelolo24
approved these changes
Oct 30, 2023
There was a problem hiding this comment.
Thanks for putting this together, @benironside! I'll likely take one more pass to make sure all of my features are doc'd. In the meantime, here's my first round of edits.
| * Updates the exceptions flyout's `match_any` operator to accept duplicate values that differ in case. Previously, values of `foo` and `FOO` were incorrectly considered duplicates ({pull}167208[#167208]). | ||
| * Enables the Elastic AI Assistant to answer questions about Elasticsearch Query Language (ES|QL) by allowing it to query, via ELSER, an ES|QL knowledge base. Refer to <<security-assistant, Elastic AI Assistant>> to enable the knowledge base ({pull}167097[#167097]). | ||
| * Enables ES|QL in Timeline (technical preview) ({pull}166764[#166764]). | ||
| * Adds the new ES|QL rule type (technical preview) ({pull}165450[#165450]). |
There was a problem hiding this comment.
@paulewing do you want to expand on this at all?
banderror
approved these changes
Oct 31, 2023
Co-authored-by: Nastasha Solomon <[email protected]>
Co-authored-by: Nastasha Solomon <[email protected]>
Co-authored-by: Nastasha Solomon <[email protected]>
Co-authored-by: Nastasha Solomon <[email protected]>
Co-authored-by: Nastasha Solomon <[email protected]>
benironside
commented
Nov 6, 2023
|
Hey @benironside, before we merge these release notes, could we please also mention the following tickets as known issues in 8.11.0? Fixes for these three will be released in 8.11.1: |
Co-authored-by: Joe Peeples <[email protected]>
Co-authored-by: Joe Peeples <[email protected]>
Co-authored-by: Joe Peeples <[email protected]>
|
@banderror can you provide summaries and workarounds (if available) for the known issues you listed here? Thank you! |
jmikell821
reviewed
Nov 6, 2023
Co-authored-by: Janeen Mikell Roberts <[email protected]>
… into 8.11-release-notes
dplumlee
reviewed
Nov 6, 2023
There was a problem hiding this comment.
@nastasha-solomon re: workarounds for the issues @banderror listed, there's unfortunately no workarounds for the coverage overview bugs as they're all display issues in the code itself. The incorrect sub-technique bug could technically be worked around by applying the changes to the threat field manually via the API instead of the Rule create/edit UI (definitely a little clunky for just the two instances where it occurs). All fixes are targeted for 8.11.1 as Georgii mentioned.
yctercero
reviewed
Nov 7, 2023
| * Upgrades {elastic-defend} to capture a new Windows event type: ETW Threat Intelligence (ETW-TI). Renames the Windows events policy `Credential access` category to `API` in the UI (but not in the `.yaml`, maintaining backwards compatibility). Adds two new advanced options: `windows.advanced.events.api_disabled` and | ||
| `windows.advanced.events.api_verbose` ({pull}167549[#167549]). | ||
| * Adds the `Same family` category and tab to the Data Quality dashboard. Fields with mappings in the same family have the same search behavior as the type specified by ECS, but may have different space usage or performance characteristics ({pull}167480[#167480]). | ||
| * Updates the exceptions flyout's `match_any` operator to accept duplicate values that differ in case ({pull}167208[#167208]). |
yctercero
reviewed
Nov 7, 2023
mergify bot
pushed a commit
that referenced
this pull request
Nov 7, 2023
* First complete draft of 8.11 release notes * updates breaking change * Fixin small things * Adding one more bc * Update docs/release-notes/8.11.asciidoc Co-authored-by: Nastasha Solomon <[email protected]> * Update docs/release-notes/8.11.asciidoc Co-authored-by: Nastasha Solomon <[email protected]> * Update docs/release-notes/8.11.asciidoc Co-authored-by: Nastasha Solomon <[email protected]> * Update docs/release-notes/8.11.asciidoc Co-authored-by: Nastasha Solomon <[email protected]> * Update docs/release-notes/8.11.asciidoc Co-authored-by: Nastasha Solomon <[email protected]> * Update docs/release-notes/8.11.asciidoc Co-authored-by: Nastasha Solomon <[email protected]> * Update docs/release-notes/8.11.asciidoc Co-authored-by: Nastasha Solomon <[email protected]> * Update docs/release-notes/8.11.asciidoc Co-authored-by: Nastasha Solomon <[email protected]> * Update docs/release-notes/8.11.asciidoc * Update docs/release-notes/8.11.asciidoc * Update docs/release-notes/8.11.asciidoc * Update docs/release-notes/8.11.asciidoc * Update docs/release-notes/8.11.asciidoc Co-authored-by: Joe Peeples <[email protected]> * Update docs/release-notes/8.11.asciidoc Co-authored-by: Joe Peeples <[email protected]> * Update docs/release-notes/8.11.asciidoc Co-authored-by: Joe Peeples <[email protected]> * Adding known issues * Moves Endpoint features to correct section * Update docs/release-notes/8.11.asciidoc Co-authored-by: Janeen Mikell Roberts <[email protected]> * Update docs/release-notes/8.11.asciidoc * Janeen's input * incorporates Davis' comment --------- Co-authored-by: nastasha.solomon <[email protected]> Co-authored-by: Nastasha Solomon <[email protected]> Co-authored-by: Joe Peeples <[email protected]> Co-authored-by: Janeen Mikell Roberts <[email protected]> (cherry picked from commit d5eb310)
benironside
added a commit
that referenced
this pull request
Nov 7, 2023
* First complete draft of 8.11 release notes * updates breaking change * Fixin small things * Adding one more bc * Update docs/release-notes/8.11.asciidoc Co-authored-by: Nastasha Solomon <[email protected]> * Update docs/release-notes/8.11.asciidoc Co-authored-by: Nastasha Solomon <[email protected]> * Update docs/release-notes/8.11.asciidoc Co-authored-by: Nastasha Solomon <[email protected]> * Update docs/release-notes/8.11.asciidoc Co-authored-by: Nastasha Solomon <[email protected]> * Update docs/release-notes/8.11.asciidoc Co-authored-by: Nastasha Solomon <[email protected]> * Update docs/release-notes/8.11.asciidoc Co-authored-by: Nastasha Solomon <[email protected]> * Update docs/release-notes/8.11.asciidoc Co-authored-by: Nastasha Solomon <[email protected]> * Update docs/release-notes/8.11.asciidoc Co-authored-by: Nastasha Solomon <[email protected]> * Update docs/release-notes/8.11.asciidoc * Update docs/release-notes/8.11.asciidoc * Update docs/release-notes/8.11.asciidoc * Update docs/release-notes/8.11.asciidoc * Update docs/release-notes/8.11.asciidoc Co-authored-by: Joe Peeples <[email protected]> * Update docs/release-notes/8.11.asciidoc Co-authored-by: Joe Peeples <[email protected]> * Update docs/release-notes/8.11.asciidoc Co-authored-by: Joe Peeples <[email protected]> * Adding known issues * Moves Endpoint features to correct section * Update docs/release-notes/8.11.asciidoc Co-authored-by: Janeen Mikell Roberts <[email protected]> * Update docs/release-notes/8.11.asciidoc * Janeen's input * incorporates Davis' comment --------- Co-authored-by: nastasha.solomon <[email protected]> Co-authored-by: Nastasha Solomon <[email protected]> Co-authored-by: Joe Peeples <[email protected]> Co-authored-by: Janeen Mikell Roberts <[email protected]> (cherry picked from commit d5eb310) Co-authored-by: Benjamin Ironside Goldstein <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #4005 and fixes #4015
Adds release notes for Elastic Security 8.11, including Endpoint.
Preview: 8.11 release notes