Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

What's new 8.11 #4205

Merged
merged 1 commit into from
Nov 7, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
84 changes: 43 additions & 41 deletions docs/whats-new.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -2,93 +2,95 @@
[chapter]
= What's new in {minor-version}

Here are the highlights of what’s new and improved in {elastic-sec}. For detailed information about this release, check out our latest https://www.elastic.co/blog/whats-new-elastic-security-8-10-0[release blog] and <<release-notes, release notes>>.
Here are the highlights of what’s new and improved in {elastic-sec}. For detailed information about this release, check out our <<release-notes, release notes>>.

Other versions: {security-guide-all}/8.9/whats-new.html[8.9] | {security-guide-all}/8.8/whats-new.html[8.8] | {security-guide-all}/8.7/whats-new.html[8.7] | {security-guide-all}/8.6/whats-new.html[8.6] | {security-guide-all}/8.5/whats-new.html[8.5] | {security-guide-all}/8.4/whats-new.html[8.4] | {security-guide-all}/8.3/whats-new.html[8.3] | {security-guide-all}/8.2/whats-new.html[8.2] | {security-guide-all}/8.1/whats-new.html[8.1] | {security-guide-all}/8.0/whats-new.html[8.0] | {security-guide-all}/7.17/whats-new.html[7.17] | {security-guide-all}/7.16/whats-new.html[7.16] | {security-guide-all}/7.15/whats-new.html[7.15] | {security-guide-all}/7.14/whats-new.html[7.14] | {security-guide-all}/7.13/whats-new.html[7.13] | {security-guide-all}/7.12/whats-new.html[7.12] | {security-guide-all}/7.11/whats-new.html[7.11] | {security-guide-all}/7.10/whats-new.html[7.10] |
Other versions: {security-guide-all}/8.10/whats-new.html[8.10] | {security-guide-all}/8.9/whats-new.html[8.9] | {security-guide-all}/8.8/whats-new.html[8.8] | {security-guide-all}/8.7/whats-new.html[8.7] | {security-guide-all}/8.6/whats-new.html[8.6] | {security-guide-all}/8.5/whats-new.html[8.5] | {security-guide-all}/8.4/whats-new.html[8.4] | {security-guide-all}/8.3/whats-new.html[8.3] | {security-guide-all}/8.2/whats-new.html[8.2] | {security-guide-all}/8.1/whats-new.html[8.1] | {security-guide-all}/8.0/whats-new.html[8.0] | {security-guide-all}/7.17/whats-new.html[7.17] | {security-guide-all}/7.16/whats-new.html[7.16] | {security-guide-all}/7.15/whats-new.html[7.15] | {security-guide-all}/7.14/whats-new.html[7.14] | {security-guide-all}/7.13/whats-new.html[7.13] | {security-guide-all}/7.12/whats-new.html[7.12] | {security-guide-all}/7.11/whats-new.html[7.11] | {security-guide-all}/7.10/whats-new.html[7.10] |
{security-guide-all}/7.9/whats-new.html[7.9]

// NOTE: The notable-highlights tagged regions are re-used in the Installation and Upgrade Guide. Full URL links are required in tagged regions.
// tag::notable-highlights[]


[float]
== Navigation menu updates
== Latest risk scoring engine

The Security navigation menu has been updated with reorganized sections and a refreshed design. In addition, a new **Rules** section allows you to access the following pages:
The latest risk scoring engine generates risk scores on a recurring interval, and allows for easier onboarding and management. The engine is built to factor in risks from all {elastic-sec} use cases. It also allows you to customize and control how and when risk is calculated.

* Rules
* Benchmark Integrations
* Shared Exception Lists
* MITRE ATT&CK® coverage
With the new risk scoring engine, you can:

* Preview and enable the risk engine using a centralized one-click onboarding workflow.
* Conveniently migrate to the new engine if you're an existing user of risk scoring.
* Generate risk scores for hosts and users from the last 30 days.
* View the alerts that contributed to an entity's risk score, allowing faster investigations.
* Continue to access entity risk analytics in existing security workflows.

[role="screenshot"]
image::whats-new/images/8.10/nav-overview.gif[Security navigation menu]
image::whats-new/images/8.11/entity-risk-score.png[Entity Risk Score page]

[float]
== Elastic AI Assistant enhancements

A new RBAC setting controls user access to the {security-guide}/security-assistant.html[Elastic AI Assistant].
[float]
=== New Amazon Bedrock connector

[role="screenshot"]
image::whats-new/images/8.10/ai-assistant-privilege.png[Elastic AI Assistant Kibana privilege]
You can use Elastic's new Amazon Bedrock connector to integrate with Anthropic Claude models from AWS in the {security-guide}/security-assistant.html[Elastic AI Assistant].

[float]
=== ES|QL knowledge base

With the new knowledge base enabled, {security-guide}/security-assistant.html[Elastic AI Assistant] can answer detailed questions about the Elastic Search Query Language (ES|QL), including help with generating specific queries and syntax questions.

[float]
== Detection rules and alerts enhancements

[float]
=== MITRE ATT&CK® coverage page
=== ES|QL rule type

The {security-guide}/rules-coverage.html[MITRE ATT&CK® coverage page] shows which MITRE ATT&CK® adversary tactics and techniques are covered by your installed and enabled detection rules. This includes both Elastic prebuilt rules and custom rules.
Use the new {security-guide}/rules-ui-create.html#create-esql-rule[ES|QL rule type] to create detection rules that use ES|QL queries. The ES|QL rule type supports aggregating and non-aggregating queries.

[role="screenshot"]
image::whats-new/images/8.10/rules-coverage.png[MITRE ATT&CK® coverage page]
image::whats-new/images/8.11/esql-rule.png[New ES|QL rule type]

[float]
=== New prebuilt rule details flyout
=== Exceptions enhancements

The new prebuilt rule details flyout allows you to examine the details of a prebuilt rule before you {security-guide}/prebuilt-rules-management.html[install or update] it. You can access this flyout by clicking a rule name on the **Add Elastic Rules** page or the **Rule updates** table. The flyout displays the **About**, **Definition**, and **Schedule** sections, as shown on the rule details page. It also shows the setup and investigation guides for rules that have them.

[role="screenshot"]
image::whats-new/images/8.10/prebuilt-rule-details-flyout.png[Prebuilt rule details flyout]
When {security-guide}/add-exceptions.html#detection-rule-exceptions[adding exceptions to a rule], the `is one of` and `is not one of` operators now support identical, case-sensitive values – for example, `Windows` and `windows`.

[float]
=== Enhanced alert details flyout UI
=== Access to host and user prevalence

The redesigned alert details experience presents relevant context and insights while investigating an alert. Use the collapsed view to access summarized information, and then expand each section to open detailed views. Additional improvements include:

* Previews of rule details and visualizations allow you to stay within the flyout when investigating the alert.
* Investigation guides are easier to find and read.
* Alert insights now include prevalence information on related hosts and users.

[role="screenshot"]
image::whats-new/images/8.10/open-alert-details-flyout.gif[Enhanced alert details flyout]
{security-guide}/view-alert-details.html#expanded-prevalence-view[The host and user prevalence features] in the alert details flyout now require a https://www.elastic.co/pricing/[Platinum subscription] or higher.

[float]
=== Custom highlighted fields
== ES|QL in Timeline

When {security-guide}/rules-ui-create.html#rule-ui-advanced-params[configuring advanced rule settings], you can now specify additional highlighted fields for personalized alert investigation flows. Fields with data are added to the Highlighted fields section within the alert details flyout. You can also find custom highlighted fields in the About section of the rule details page.
You can use {security-guide}/timelines-ui.html#esql-in-timeline[ES|QL in Timeline] to filter, transform, and analyze event data stored in {es}. To start using ES|QL, open the the **ES|QL** tab.

[role="screenshot"]
image::whats-new/images/8.10/custom-highlighted-fields.png[Custom highlighted fields]
image::whats-new/images/8.11/esql-tab.png[New ES|QL tab in Timeline]

[float]
== New Reputation service option for malicious behavior protection

When configuring {security-guide}/configure-endpoint-integration-policy.html#behavior-protection[malicious behavior protection] on an {elastic-defend} policy, you can now select to use **Reputation service**. This service identifies malicious activity and false positives, and enriches alerts using data from various sources, such as VirusTotal and telemetry. For example, reputation service can detect suspicious downloads of binaries with low or malicious reputation.
== Cloud Security enhancements

NOTE: Reputation service requires an active https://www.elastic.co/pricing[Platinum or Enterprise subscription] and is available on cloud deployments only.
Cloud security posture management (CSPM) capabilities have been expanded to support {security-guide}/cspm-get-started-gcp.html#cspm-set-up-manual-gcp-org[organization-wide GCP deployments], as well as {security-guide}/cspm-get-started-azure.html[single-subscription Azure deployments].

[float]
== Cloud Security enhancements
== Cases enhancements

[float]
=== Organization-wide onboarding for cloud security posture management on AWS
=== Custom case fields

This release automates the onboarding of every AWS Organization account to cloud security posture management (CSPM) — including existing and new accounts. With {security-guide}/cspm-get-started.html#cspm-setup[AWS CloudFormation], onboarding takes just a few clicks. This helps you quickly get a comprehensive view of the security posture of all your current and future AWS accounts.
You can now {security-guide}/cases-open-manage.html#cases-ui-custom-fields[add custom fields to cases] to support customized collaboration.

[role="screenshot"]
image::whats-new/images/8.11/cases-add-custom-field.png[Add custom fields to cases]

[float]
=== Cloud security posture management, now for Google Cloud
=== Connectors page renamed

Cloud security posture management (CSPM) capabilities have been expanded to cover {security-guide}/cspm-get-started-gcp.html[Google Cloud]. You can now assess and bolster the security posture of your GCP assets right from our platform.
The page where you create and manage case connectors has been renamed to Settings.

[role="screenshot"]
image::whats-new/images/8.11/cases-settings.png[The case settings page]

// end::notable-highlights[]
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added docs/whats-new/images/8.11/cases-settings.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added docs/whats-new/images/8.11/esql-rule.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added docs/whats-new/images/8.11/esql-tab.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.