From fb27d5a1bdbb152504c46214f3abf4bcfa2de042 Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com> Date: Wed, 17 Jan 2024 11:53:43 -0500 Subject: [PATCH] 8.12 Release Notes (#4469) * opens stub page for 8.12 RNs * Adding content * Bug summaries * Adding include to 8.12 file * Updates all the descriptions for New features and Enhancements * removes items behind feature flags * Removing placeholders * Update docs/release-notes/8.12.asciidoc * Update docs/release-notes/8.12.asciidoc * Update docs/release-notes/8.12.asciidoc * Update docs/release-notes/8.12.asciidoc * Update docs/release-notes/8.12.asciidoc * Update docs/release-notes/8.12.asciidoc * Update docs/release-notes/8.12.asciidoc * Update docs/release-notes/8.12.asciidoc * Update docs/release-notes/8.12.asciidoc * Update docs/release-notes/8.12.asciidoc * Update docs/release-notes/8.12.asciidoc * Update docs/release-notes/8.12.asciidoc * Adds endpoint enhancements * Fixed header ver * Makes changes related to conversation with Steph * addresses Caitlin's feedback * Update docs/release-notes/8.12.asciidoc * Update docs/release-notes/8.12.asciidoc * Philippe's input * Adds space * Update docs/release-notes/8.12.asciidoc * Update docs/release-notes/8.12.asciidoc * Update docs/release-notes/8.12.asciidoc * Update docs/release-notes/8.12.asciidoc * Update docs/release-notes/8.12.asciidoc Co-authored-by: Joe Peeples * Update docs/release-notes/8.12.asciidoc Co-authored-by: Joe Peeples * Update docs/release-notes/8.12.asciidoc Co-authored-by: Joe Peeples * Update docs/release-notes/8.12.asciidoc * Update docs/release-notes/8.12.asciidoc * Update docs/release-notes/8.12.asciidoc * Add known issue for updated rule JSON diff * Apply suggestions from Kseniia's review * Update docs/release-notes/8.12.asciidoc Co-authored-by: Joe Peeples * Adding one more known issue * Adding title * minor wording tweaks * Remove space * Removed extra spaces * Update docs/release-notes/8.12.asciidoc * Adding issue no. --------- Co-authored-by: nastasha.solomon Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Co-authored-by: Joe Peeples (cherry picked from commit b3afa3d87b908c7883739168c256abc2fb838198) --- docs/release-notes.asciidoc | 2 + docs/release-notes/8.12.asciidoc | 120 +++++++++++++++++++++++++++++++ 2 files changed, 122 insertions(+) create mode 100644 docs/release-notes/8.12.asciidoc diff --git a/docs/release-notes.asciidoc b/docs/release-notes.asciidoc index 47502f15a7..5097897553 100644 --- a/docs/release-notes.asciidoc +++ b/docs/release-notes.asciidoc @@ -3,6 +3,7 @@ This section summarizes the changes in each release. +* <> * <> * <> * <> @@ -53,6 +54,7 @@ This section summarizes the changes in each release. :issue: https://github.com/elastic/kibana/issues/ :pull: https://github.com/elastic/kibana/pull/ +include::release-notes/8.12.asciidoc[] include::release-notes/8.11.asciidoc[] include::release-notes/8.10.asciidoc[] include::release-notes/8.9.asciidoc[] diff --git a/docs/release-notes/8.12.asciidoc b/docs/release-notes/8.12.asciidoc new file mode 100644 index 0000000000..6b51ed42d4 --- /dev/null +++ b/docs/release-notes/8.12.asciidoc @@ -0,0 +1,120 @@ +[[release-notes-header-8.12.0]] +== 8.12 + +[discrete] +[[release-notes-8.12.0]] +=== 8.12.0 + +[discrete] +[[known-issue-8.12.0]] +==== Known issues + +// tag::known-issue-173958[] +[discrete] +.Data view option incorrectly displays when editing a filter applied to the KQL query bar +[%collapsible] +==== +*Details* + +When editing the Alerts page KQL query bar filter or editing the KQL query bar filter on the rule edit page, you might encounter a UI bug requiring you to select a data view to proceed. + +*Workaround* + +Select the **Edit the query filter using DSL** option. +==== +// end::known-issue-173958[] + +// tag::known-issue-175043[] +[discrete] +.Action frequency settings hidden in the UI when creating and editing a rule +[%collapsible] +==== +*Details* + +Configuration options for rule action frequency are unavailable when creating and editing rules. Rules with action frequencies that are already configured still run correctly. + +*Workaround* + +Use the <> API to change a rule's action frequency settings. Alternatively, export a rule, update its action frequency settings, and then re-import the rule. +==== +// end::known-issue-175043[] + +// tag::known-issue-174844[] +[discrete] +.Unrelated property differences in prebuilt rule update comparison +[%collapsible] +==== +*Details* + +The JSON comparison for updated prebuilt detection rules might display some properties used for internal processing, which doesn't accurately indicate how the rule will change if you update it. + +For example, if you added automated actions or an exception list to an installed rule, the comparison shows the JSON properties `actions`, `response_actions`, or `exceptions_list` in the **Base version** (your installed version) but not in the **Update** column (Elastic's latest version). When you update the rule, it will still include your actions or exceptions — they will not be removed. + +Similarly, the comparison might show a difference in the `enabled` property, but upgrading the rule will not change whether your installed rule is enabled or not. Other properties that might display in the comparison but don't actually indicate rule configuration changes include `execution_summary`, `timestamp_override_fallback_disabled`, `meta`, `filters`, `updated_at`, and `output_index`. + +*Workaround* + +No workaround is needed. You can ignore these unrelated property differences in the JSON comparison. +==== +// end::known-issue-174844[] + +[discrete] +[[breaking-changes-8.12.0]] +==== Breaking changes + +There are no breaking changes in 8.12.0. + +[discrete] +[[deprecations-8.12.0]] +==== Deprecations + +There are no deprecations in 8.12.0. + +[discrete] +[[features-8.12.0]] +==== New features + +* Introduces the ability to assign alerts to specific users ({pull}170579[#170579], {pull}171589[#171589]). +* Introduces Retrieval Augmented Generation (RAG) for Alerts, allowing you to give Elastic AI Assistant context about more alerts in your environment ({pull}172542[#172542]). +* Enables alert suppression for threshold rules ({pull}171423[#171423]). +* Adds an *Updates* tab to the prebuilt rules upgrade flyout to show differences between the installed and updated versions ({pull}172535[#172535], {pull}173187[#173187]). +* Adds a setting that lets you exclude cold and frozen tiers from visual event analyzer queries ({pull}172162[#172162]). +* Adds a tour to guide users through Timelines UI changes ({pull}172030[#172030]). +* Adds a timeout option for Osquery queries, so you can customize the maximum time each query should run before timing out ({pull}169925[#169925]). +* Introduces new grouping capabilities for CSPM and KSPM Findings data ({pull}169884[#169884]). +* Adds the expandable alert details flyout to the rule preview panel ({pull}167902[#167902]). +* Introduces bidirectional response actions to isolate and release SentinelOne-protected hosts (technical preview). + +[discrete] +[[enhancements-8.12.0]] +==== Enhancements + +* Refactors the timeline UI — various minor updates ({pull}168230[#168230]). +* Introduces manual saving for Timeline ({pull}171027[#171027], {pull}169239[#169239]). +* Improves forward-compatibility for the rule schema ({pull}170861[#170861]). +* Simplifies the format of risk engine API error responses ({pull}170645[#170645]). +* Makes various UI improvements to the alert details flyout ({pull}170279[#170279], {pull}169035[#169035], {pull}173399[#173399], {pull}170078[#170078], {pull}168297[#168297]). +* Saves the state of the alert details flyout in the browser. For example, after you use the flyout's *Investigate in timeline* button, you can click your browser's back button to return to the flyout ({pull}169661[#169661]). +* Adds a button to rule execution error messages that lets you ask AI Assistant to diagnose errors ({pull}166778[#166778]). +* Integrates a new Event Tracing for Windows (ETW) provider (Microsoft-Windows-Win32k) to create new event types that can be used by prebuilt endpoint rules to detect keylogging activity. +* Allows for acting and target memory region buffers within behavior alerts to be scanned against {elastic-sec}'s collection of YARA signatures when collected. Detections are added to alerts. +* Adds a new ReadProcessMemory (lsass) event that can be used by prebuilt endpoint rules to detect credential dumping. +* Adds a link to the Amazon Bedrock connector edit UI that opens the token tracking dashboard ({pull}172115[#172115]). +* Allows you to use the `matches` and `does not match` operators when defining endpoint exceptions and event filters ({pull}166002[#166002], {pull}170495[#170495]). +* Adds support for Kafka as an output type for Endpoint. + +[discrete] +[[bug-fixes-8.12.0]] +==== Bug fixes + +* Fixes response action bugs by mapping the `unisolate` command to the `release` command and the `running-processes` command to the `processes` command ({pull}173831[#173831]). +* Fixes the dark theme for the alert details flyout footer ({pull}173577[#173577]). +* Makes the Timeline tour compatible with the Timeline template page ({pull}173526[#173526]). +* Stops the **{esql}** tab from rendering until you click on it in Timeline ({pull}173484[#173484]). +* Adds a feature flag (`timelineEsqlTabDisabled`) to show or hide the **{esql}** tab in Timeline ({pull}174029[#174029]). +* Removes the default query in the **{esql}** tab in Timeline ({pull}174393[#174393]). +* Fixes a bug that caused {ml} fetch jobs to fail when the default data view (`securitySolution:defaultIndex`) contained special characters ({pull}173426[#173426]). +* Remove the **Assignees** field from the event details flyout ({pull}173314[#173314]). +* Fixes a bug that caused the **Add to Case** action to fail if you didn't add a comment before isolating and releasing a host ({pull}172912[#172912]). +* Fixes a UI bug that overlaid **Default Risk score** values as you created a new rule ({pull}172677[#172677]). +* Fixes a bug that cleared configured fields in the exceptions flyout after the flyout reloaded and refocused ({pull}172666[#172666]). +* Limits the character length for exception comments to 3000 characters, and makes the error message more descriptive if the limit's exceeded ({pull}170764[#170764]). +* Re-adds the missing alerts index filtration to Data views ({pull}170484[#170484]). +* Fixes a bug that didn't allow exceptions to be created or edited after an error displayed ({pull}169801[#169801]). +* Stops {security-app} pages from crashing when there's a fields error in the **Stack by** component ({pull}168411[#168411]). +* Deletes saved searches that are associated with deleted Timelines and prevents saved searches from being created twice ({pull}174562[#174562]). +* Fixes a bug with the **Share alert** feature in the alert details flyout ({pull}174005[#174005]). \ No newline at end of file