Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[8.11] What's new fixes (backport #4225) #4255

Merged
merged 1 commit into from
Nov 14, 2023
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 15 additions & 14 deletions docs/whats-new.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,9 @@ Other versions: {security-guide-all}/8.10/whats-new.html[8.10] | {security-guide


[float]
== Latest risk scoring engine
== Latest entity risk scoring engine provides greater scalability and performance

The latest risk scoring engine generates risk scores on a recurring interval, and allows for easier onboarding and management. The engine is built to factor in risks from all {elastic-sec} use cases. It also allows you to customize and control how and when risk is calculated.
The latest <<entity-risk-scoring, risk scoring engine>> generates risk scores on a recurring interval, and allows for easier onboarding and management. The engine is built to factor in risks from all {elastic-sec} use cases. It also allows you to customize and control how and when risk is calculated.

With the new risk scoring engine, you can:

Expand All @@ -30,53 +30,54 @@ image::whats-new/images/8.11/entity-risk-score.png[Entity Risk Score page]
[float]
== Elastic AI Assistant enhancements

The following enhancements have been added to the Elastic AI Assistant:

[float]
=== New Amazon Bedrock connector

You can use Elastic's new Amazon Bedrock connector to integrate with Anthropic Claude models from AWS in the {security-guide}/security-assistant.html[Elastic AI Assistant].

[float]
=== ES|QL knowledge base
=== New ES|QL knowledge base

beta:[] With the new knowledge base enabled, {security-guide}/security-assistant.html[Elastic AI Assistant] can answer detailed questions about the Elastic Search Query Language (ES|QL), including help with generating specific queries and syntax questions.

[float]
== Detection rules and alerts enhancements

The following enhancements have been added to detection rules and alerts:

[float]
=== ES|QL rule type
=== Create ES|QL query detection rules with new ES|QL rule type

Use the new {security-guide}/rules-ui-create.html#create-esql-rule[ES|QL rule type] to create detection rules that use ES|QL queries. The ES|QL rule type supports aggregating and non-aggregating queries.

[role="screenshot"]
image::whats-new/images/8.11/esql-rule.png[New ES|QL rule type]

[float]
=== Exceptions enhancements
=== Case-sensitive values supported in rule exceptions

When {security-guide}/add-exceptions.html#detection-rule-exceptions[adding exceptions to a rule], the `is one of` and `is not one of` operators now support identical, case-sensitive values – for example, `Windows` and `windows`.

[float]
=== Access to host and user prevalence

{security-guide}/view-alert-details.html#expanded-prevalence-view[The host and user prevalence features] in the alert details flyout now require a https://www.elastic.co/pricing/[Platinum subscription] or higher.

[float]
== ES|QL in Timeline
== Use ES|QL in Timeline

You can use {security-guide}/timelines-ui.html#esql-in-timeline[ES|QL in Timeline] to filter, transform, and analyze event data stored in {es}. To start using ES|QL, open the the **ES|QL** tab.
You can use {security-guide}/timelines-ui.html#esql-in-timeline[ES|QL in Timeline] to filter, transform, and analyze event data stored in {es}. To start using ES|QL, open the **ES|QL** tab.

[role="screenshot"]
image::whats-new/images/8.11/esql-tab.png[New ES|QL tab in Timeline]

[float]
== Cloud Security enhancements
== Expanded support for Cloud security posture management (CSPM)

Cloud security posture management (CSPM) capabilities have been expanded to support {security-guide}/cspm-get-started-gcp.html#cspm-set-up-manual-gcp-org[organization-wide GCP deployments], as well as {security-guide}/cspm-get-started-azure.html[single-subscription Azure deployments].

[float]
== Cases enhancements

The following enhancements have been added to cases:

[float]
=== Custom case fields

Expand All @@ -88,7 +89,7 @@ image::whats-new/images/8.11/cases-add-custom-field.png[Add custom fields to cas
[float]
=== Connectors page renamed

The page where you create and manage case connectors has been renamed to Settings.
The page where you create and manage case connectors has been renamed to **Settings**.

[role="screenshot"]
image::whats-new/images/8.11/cases-settings.png[The case settings page]
Expand Down