elastic · benironside · Nov 7, 2023 · Oct 24, 2023 · Oct 25, 2023 · Oct 25, 2023
@@ -3,6 +3,7 @@
 
 This section summarizes the changes in each release.
 
+* <<release-notes-8.11.0, {elastic-sec} version 8.11.0>>
 * <<release-notes-8.10.4, {elastic-sec} version 8.10.4>>
 * <<release-notes-8.10.3, {elastic-sec} version 8.10.3>>
 * <<release-notes-8.10.2, {elastic-sec} version 8.10.2>>
@@ -48,6 +49,7 @@ This section summarizes the changes in each release.
 :issue: https://github.com/elastic/kibana/issues/
 :pull: https://github.com/elastic/kibana/pull/
 
+include::release-notes/8.11.asciidoc[]
 include::release-notes/8.10.asciidoc[]
 include::release-notes/8.9.asciidoc[]
 include::release-notes/8.8.asciidoc[]

@@ -1,4 +1,4 @@
-[[release-notes-header-8.10.1]]
+[[release-notes-header-8.10.0]]
 == 8.10
 
 [discrete]

@@ -0,0 +1,55 @@
+[[release-notes-header-8.11.0]]
+== 8.11
+
+[discrete]
+[[release-notes-8.11.0]]
+=== 8.11.0
+
+[discrete]
+[[breaking-changes-8.11.0]]
+==== Breaking changes
+* Ends support for the `filterQuery` field of the `getLiveQueryResults` and `findLiveQuery` APIs, and replaces it with the KQL field `kuery`. Requests to those APIs that used the `filterQuery` field should replace it with `kuery` ({pull}161806[#161806]).
+* In 8.11, rule APIs will only support `investigation_fields` as { field_names: string[] }. Note that, if you've added this field to your rules in 8.10, you don't need to do anything when you import your rules. 
+
+[discrete]
+[[deprecations-8.11.0]]
+==== Deprecations
+* Deprecates the `doc_root.vulnerability.package` and replaces it with the `doc_root.package` ECS package ({pull}164651[#164651]).
+
+[discrete]
+[[features-8.11.0]]
+==== New features
+* Upgrades {elastic-defend} for Windows to capture a new event type: ETW Threat Intelligence (ETW-TI). Renames the Windows events policy `Credential access` category to `API` in the UI (but not in the `.yaml`, maintaining backwards compatibility). Adds two new advanced options: `windows.advanced.events.api_disabled` and
+`windows.advanced.events.api_verbose` ({pull}167549[#167549]).
+* Adds the `Same family` category and tab to the Data Quality dashboard. Fields with mappings in the same family have the same search behavior as the type specified by ECS, but may have different space usage or performance characteristics ({pull}167480[#167480]).
+* Updates the exceptions flyout's `match_any` operator to accept duplicate values that differ in case. Previously, values of `foo` and `FOO` were incorrectly considered duplicates ({pull}167208[#167208]).
+* Enables the Elastic AI Assistant to answer questions about Elasticsearch Query Language (ES|QL) by allowing it to query, via ELSER, an ES|QL knowledge base. Refer to <<security-assistant, Elastic AI Assistant>> to enable the knowledge base ({pull}167097[#167097]).
+* Enables ES|QL in Timeline (technical preview) ({pull}166764[#166764]).
+* Adds the new ES|QL rule type (technical preview) ({pull}165450[#165450]).
+* Implements Kafka output for {elastic-endpoint} (https://github.com/elastic/endpoint-dev/issues/13192[#13192]).
+* Upgrades {elastic-endpoint} to support MacOS (https://github.com/elastic/endpoint-dev/issues/13058[#13058]).
+
+
+[discrete]
+[[enhancements-8.11.0]]
+==== Enhancements
+* Adds a new Generative AI connector, Amazon Bedrock, for use with Elastic AI Assistant ({pull}166662[#166662]).
+* Adds fields to the Cases webhook: `id`, `severity`, and `status` ({pull}166295[#166295]).
+* Updates the order of items on {kib}'s left-side navigation menu to match the order in {elastic-sec}'s' left-side navigation menu ({pull}164268[#164268]).
+* Updates the Endpoint policy UI (**Manage -> Policies**) to include a `Protection updates` tab, a new column called `Deployed version`, and a banner that highlights outdated policies ({pull}165256[#165256], {pull}162719[#162719]).
+* Adds tooltips to link titles on the expandable alerts flyout ({pull}166737[#166737]).
+
+
+[discrete]
+[[bug-fixes-8.11.0]]
+==== Bug fixes
+* Updates the Entity Risk Score error message to list the necessary permissions ({pull}169216[#169216]).
+* Renames the Generative AI connector to OpenAI, since Generative AI is now a category of connectors that include OpenAI and Amazon Bedrock ({pull}167677[#167677]).
+* Displays more descriptive errors for Generative AI connectors ({pull}167674[#167674]).
+* Adds metrics to some rule execution warning messages ({pull}167551[#167551]).
+* Fixes a bug that could cause the exceptions flyout to reload unnecessarily in response to rule updates ({pull}166914[#166914]).
+* Fixes a bug that could cause EQL shell alerts to not include certain common fields ({pull}166751[#166751]).
+* Makes the prevalence details datepicker appear in full width on the expandable alerts flyout ({pull}166714[#166714]).
+* Fixes a bug that could prevent the "Install Cloud Native Vulnerability Management" button on the empty state of the Findings page from working ({pull}166335[#166335]).
+* Fixes a bug that could cause an error when you edited a rule's filter ({pull}165262[#165262]).
+* Fixes a bug that caused the rules table to auto-refresh when auto-refresh was disabled ({pull}165250[#165250]).