elastic · benironside · Nov 7, 2023 · Oct 24, 2023 · Oct 25, 2023 · Oct 25, 2023
@@ -3,6 +3,7 @@
 
 This section summarizes the changes in each release.
 
+* <<release-notes-8.11.0, {elastic-sec} version 8.11.0>>
 * <<release-notes-8.10.4, {elastic-sec} version 8.10.4>>
 * <<release-notes-8.10.3, {elastic-sec} version 8.10.3>>
 * <<release-notes-8.10.2, {elastic-sec} version 8.10.2>>
@@ -48,6 +49,7 @@ This section summarizes the changes in each release.
 :issue: https://github.com/elastic/kibana/issues/
 :pull: https://github.com/elastic/kibana/pull/
 
+include::release-notes/8.11.asciidoc[]
 include::release-notes/8.10.asciidoc[]
 include::release-notes/8.9.asciidoc[]
 include::release-notes/8.8.asciidoc[]

@@ -1,4 +1,4 @@
-[[release-notes-header-8.10.1]]
+[[release-notes-header-8.10.0]]
 == 8.10
 
 [discrete]

@@ -0,0 +1,61 @@
+[[release-notes-header-8.11.0]]
+== 8.11
+
+[discrete]
+[[release-notes-8.11.0]]
+=== 8.11.0
+
+[discrete]
+[[known-issue-8.11.0]]
+==== Known issues
+* MITRE ATT&CK® technique cells show duplicate rules ({issue}167929[#167929]).
+* MITRE ATT&CK® tactic cells show an incorrect rule count ({issue}167930[#167930]).
+* An incorrect MITRE ATT&CK® sub-technique is applied after you save a rule ({issue}170347[#170347]).
+
+[discrete]
+[[breaking-changes-8.11.0]]
+==== Breaking changes
+* Ends support for the `filterQuery` field of the `getLiveQueryResults` and `findLiveQuery` APIs, and replaces it with the KQL field `kuery`. Requests to those APIs that used the `filterQuery` field should replace it with `kuery` ({pull}161806[#161806]).
+* In 8.11, rule APIs will only support `investigation_fields` as `{ field_names: string[] }`. If you've added this field to your rules in 8.10, you don't need to do anything when you import your rules. 
+
+[discrete]
+[[deprecations-8.11.0]]
+==== Deprecations
+* Deprecates the `doc_root.vulnerability.package` and replaces it with the `doc_root.package` ECS package ({pull}164651[#164651]).
+
+[discrete]
+[[features-8.11.0]]
+==== New features
+* Upgrades {elastic-defend} to capture a new Windows event type: ETW Threat Intelligence (ETW-TI). Renames the Windows events policy `Credential access` category to `API` in the UI (but not in the `.yaml`, maintaining backwards compatibility). Adds two new advanced options: `windows.advanced.events.api_disabled` and
+`windows.advanced.events.api_verbose` ({pull}167549[#167549]).
+* Adds the `Same family` category and tab to the Data Quality dashboard. Fields with mappings in the same family have the same search behavior as the type specified by ECS, but may have different space usage or performance characteristics ({pull}167480[#167480]).
+* Updates the exceptions flyout's `match_any` operator to accept duplicate values that differ in case ({pull}167208[#167208]).
+* Enables the Elastic AI Assistant to answer questions about Elasticsearch Query Language (ES|QL) by allowing it to query, via ELSER, an ES|QL knowledge base. Refer to <<security-assistant, Elastic AI Assistant>> to enable the knowledge base ({pull}167097[#167097]).
+* Enables ES|QL in Timeline (technical preview) ({pull}166764[#166764]).
+* Adds the new ES|QL rule type (technical preview) ({pull}165450[#165450]).
+* Updates the Endpoint policy UI (**Manage -> Policies**) to include a `Protection updates` tab, a new column called `Deployed version`, and a banner that highlights outdated policies ({pull}165256[#165256], {pull}162719[#162719]).
+* Implements Kafka output for {elastic-endpoint} (https://github.com/elastic/endpoint-dev/issues/13192[#13192]).
+* Introduces full support for {elastic-endpoint} on macOS (https://github.com/elastic/endpoint-dev/issues/13058[#13058]).
+
+[discrete]
+[[enhancements-8.11.0]]
+==== Enhancements
+* Adds a new Generative AI connector, Amazon Bedrock, for use with Elastic AI Assistant ({pull}166662[#166662]).
+* Renames the Generative AI connector to OpenAI, since Generative AI is now a category of connectors that include OpenAI and Amazon Bedrock ({pull}167677[#167677]).
+* Adds the `id`, `severity`, and `status` fields to the Webhook - Case Management connector ({pull}166295[#166295]).
+* Updates the order of items on {kib}'s left-side navigation menu to match the order in {elastic-sec}'s left-side navigation menu ({pull}164268[#164268]).
+* Adds tooltips to overview section titles in the alert details flyout ({pull}166737[#166737]).
+* Updates the `.lists` and `.items` indices to data streams ({pull}162508[#162508]).
+
+[discrete]
+[[bug-fixes-8.11.0]]
+==== Bug fixes
+* Updates the Entity Risk Score error message to list the necessary permissions ({pull}169216[#169216]).
+* Displays more descriptive errors for Generative AI connectors ({pull}167674[#167674]).
+* Adds metrics to some rule execution warning messages ({pull}167551[#167551]).
+* Fixes a bug that could cause the exceptions flyout to reload unnecessarily in response to rule updates ({pull}166914[#166914]).
+* Fixes a bug that could cause EQL shell alerts to not include certain common fields ({pull}166751[#166751]).
+* Sets the date and time picker to full width in the expanded Prevalence view within the alert details flyout ({pull}166714[#166714]).
+* Fixes a bug that could prevent the **Install Cloud Native Vulnerability Management** button on the empty state of the Findings page from working ({pull}166335[#166335]).
+* Fixes a bug that could cause an error when you edited a rule's filter ({pull}165262[#165262]).
+* Fixes a bug that caused the Rules table to auto-refresh when auto-refresh was disabled ({pull}165250[#165250]).