From ba9f71c4139ec25275e46b7fc64a440998726bb3 Mon Sep 17 00:00:00 2001 From: Joe Peeples Date: Fri, 22 Mar 2024 12:03:51 -0400 Subject: [PATCH 1/5] change from `pull` to `kib-pull` --- docs/release-notes/8.0.asciidoc | 76 +++++++++--------- docs/release-notes/8.1.asciidoc | 44 +++++------ docs/release-notes/8.10.asciidoc | 58 +++++++------- docs/release-notes/8.11.asciidoc | 76 +++++++++--------- docs/release-notes/8.12.asciidoc | 108 ++++++++++++------------- docs/release-notes/8.2.asciidoc | 94 +++++++++++----------- docs/release-notes/8.3.asciidoc | 98 +++++++++++------------ docs/release-notes/8.4.asciidoc | 110 +++++++++++++------------- docs/release-notes/8.5.asciidoc | 132 +++++++++++++++---------------- docs/release-notes/8.6.asciidoc | 124 ++++++++++++++--------------- docs/release-notes/8.7.asciidoc | 100 +++++++++++------------ docs/release-notes/8.8.asciidoc | 120 ++++++++++++++-------------- docs/release-notes/8.9.asciidoc | 70 ++++++++-------- 13 files changed, 605 insertions(+), 605 deletions(-) diff --git a/docs/release-notes/8.0.asciidoc b/docs/release-notes/8.0.asciidoc index 58d20ae9a7..781f543744 100644 --- a/docs/release-notes/8.0.asciidoc +++ b/docs/release-notes/8.0.asciidoc @@ -14,14 +14,14 @@ [discrete] [[bug-fixes-8.0.1]] ==== Bug fixes and enhancements -* Fixes a bug that prevented the `kibana.alert.uuid` field from being populated in event correlation sequence shell alerts ({pull}125890[#125890]). -* Applies updated field aliases to mappings in legacy indices ({pull}125888[#125888]). -* Updates prebuilt detection rules ({pull}125316[#125316]). -* Truncates long rule exception descriptions when viewing exception items in rule details ({pull}125145[#125145]). -* Fixes a bug that caused the import process to fail if an exception list contained an exception item with comments ({pull}124909[#124909]). -* Fixes a bug that duplicated the navigation button in the *Security news* section on the Overview page ({pull}124356[#124356]). -* Fixes a bug that caused Timeline to appear if users had access to cases, but not {elastic-sec} ({pull}123775[#123775]). -* Enforces privilege requirements for displaying the map on the *Network* page and allows users with `Read` or `All` Map feature privileges to expand or hide the map ({pull}123336[#123336]). +* Fixes a bug that prevented the `kibana.alert.uuid` field from being populated in event correlation sequence shell alerts ({kib-pull}125890[#125890]). +* Applies updated field aliases to mappings in legacy indices ({kib-pull}125888[#125888]). +* Updates prebuilt detection rules ({kib-pull}125316[#125316]). +* Truncates long rule exception descriptions when viewing exception items in rule details ({kib-pull}125145[#125145]). +* Fixes a bug that caused the import process to fail if an exception list contained an exception item with comments ({kib-pull}124909[#124909]). +* Fixes a bug that duplicated the navigation button in the *Security news* section on the Overview page ({kib-pull}124356[#124356]). +* Fixes a bug that caused Timeline to appear if users had access to cases, but not {elastic-sec} ({kib-pull}123775[#123775]). +* Enforces privilege requirements for displaying the map on the *Network* page and allows users with `Read` or `All` Map feature privileges to expand or hide the map ({kib-pull}123336[#123336]). [discrete] [[release-notes-8.0.0]] @@ -37,7 +37,7 @@ Before you upgrade, review the <> for ==== Known issues *Case migration errors might be logged when upgrading* -You might find the `Failed to migrate user action alerts` error message in your {kib} migration logs when upgrading to {stack} version 8.0.0. This error is incorrectly logged when migrating cases and can be ignored ({pull}124950[#124950]). +You might find the `Failed to migrate user action alerts` error message in your {kib} migration logs when upgrading to {stack} version 8.0.0. This error is incorrectly logged when migrating cases and can be ignored ({kib-pull}124950[#124950]). Here is an example of an error message you might encounter: @@ -48,11 +48,11 @@ Here is an example of an error message you might encounter: *Existing or new rules that use the legacy alerts index may temporarily fail after upgrading* -After you upgrade to {stack} version 8.0.0, existing and new rules might fail to execute if their source index is configured to use a legacy alert index pattern created in {stack} version 7.x (`.siem-signals-`). Rule failures will likely cause detection gaps, which will be proportional in time to the scheduled interval of the rule. Rules will start to successfully execute after legacy alerts are no longer within the scheduled time period queried by the rule. Despite this automatic correction, coverage gaps might still remain ({pull}124327[#124327]). +After you upgrade to {stack} version 8.0.0, existing and new rules might fail to execute if their source index is configured to use a legacy alert index pattern created in {stack} version 7.x (`.siem-signals-`). Rule failures will likely cause detection gaps, which will be proportional in time to the scheduled interval of the rule. Rules will start to successfully execute after legacy alerts are no longer within the scheduled time period queried by the rule. Despite this automatic correction, coverage gaps might still remain ({kib-pull}124327[#124327]). *The Threat Intel Filebeat Module (v8.x) Indicator Match rule query is misconfigured* -The indicator index query of the prebuilt rule is misconfigured and will prevent the rule from generating alerts ({pull}121045[#121045], {pull}1560[#1560]). To resolve this, duplicate the rule and update its settings: +The indicator index query of the prebuilt rule is misconfigured and will prevent the rule from generating alerts ({kib-pull}121045[#121045], {kib-pull}1560[#1560]). To resolve this, duplicate the rule and update its settings: . Go to the Rules table (*Detect -> Rules*). . Locate the Threat Intel Filebeat Module (v8.x) Indicator Match prebuilt rule. @@ -75,7 +75,7 @@ TIP: You can search for the rule by entering the rule name in the Rule table's s *The import process fails for rules with exception comments* -Comments on rule exceptions cause the import process to fail because the following system-generated fields cannot be validated for exception comments ({pull}124742[#124742]): +Comments on rule exceptions cause the import process to fail because the following system-generated fields cannot be validated for exception comments ({kib-pull}124742[#124742]): * `created_at` * `created_by` @@ -103,9 +103,9 @@ A new Lucene 9 validation change may cause event correlation (EQL) rule errors w [[breaking-changes-8.0.0]] ==== Breaking Changes -* Removes the trusted application API. The trusted application interface retains current functionality, but now uses the exception list API ({pull}120134[#120134]). -* Removes the list endpoint metadata API ({pull}119401[#119401]). -* Lets you grant privileges for cases separately from {elastic-sec} privileges ({pull}113573[#113573], {pull}112980[#112980]). As a result of this change, you must update case privileges for existing roles _before_ upgrading to {stack} 8.0.0. Follow these steps: +* Removes the trusted application API. The trusted application interface retains current functionality, but now uses the exception list API ({kib-pull}120134[#120134]). +* Removes the list endpoint metadata API ({kib-pull}119401[#119401]). +* Lets you grant privileges for cases separately from {elastic-sec} privileges ({kib-pull}113573[#113573], {kib-pull}112980[#112980]). As a result of this change, you must update case privileges for existing roles _before_ upgrading to {stack} 8.0.0. Follow these steps: . Open the main menu and click *Management -> Stack Management -> Stack -> Upgrade Assistant*. . From the Upgrade Assistant page, review the Kibana deprecation warnings. A message prompts you to update role privileges because of changes to the {elastic-sec} Cases feature. . Click the message to open it, then click *Quick resolve*. @@ -119,31 +119,31 @@ A new Lucene 9 validation change may cause event correlation (EQL) rule errors w [discrete] [[new-features-8.0.0]] ==== Features -* Shows all historical alerts for a given rule on the rule details page, including those associated with previous versions of the rule ({pull}120053[#120053]). -* Enhances the UI and functionality for the Rules and Rule Monitoring tables and enables actions on the Rule Monitoring table ({pull}119644[#119644]). -* The Threat Intelligence view supports {agent}, {filebeat}, and custom integrations ({pull}116175[#116175]). -* Allows exception lists to be exported and imported with detection rules ({pull}115144[#115144], {pull}118816[#118816]). +* Shows all historical alerts for a given rule on the rule details page, including those associated with previous versions of the rule ({kib-pull}120053[#120053]). +* Enhances the UI and functionality for the Rules and Rule Monitoring tables and enables actions on the Rule Monitoring table ({kib-pull}119644[#119644]). +* The Threat Intelligence view supports {agent}, {filebeat}, and custom integrations ({kib-pull}116175[#116175]). +* Allows exception lists to be exported and imported with detection rules ({kib-pull}115144[#115144], {kib-pull}118816[#118816]). [discrete] [[bug-fixes-8.0.0]] ==== Bug fixes and enhancements -* Enhances the UI for the Exceptions table; improves how dates are displayed in the Rules and Exceptions tables ({pull}117643[#117643], {pull}118940[#118940]). -* Updates the mappings of the rule registry to ECS version 8.0.0 so that detection rules can process ECS version 8.0.0 data ({pull}123012[#123012]). -* Allows you to create and add runtime fields from the Alert and Timeline tables ({pull}117627[#117627], {pull}114806[#114806]). -* Enhances the Data view selection UI and hides the Data view dropdown when no data is present ({pull}117601[#117601], {pull}119956[#119956]). -* Enhances previews and error flagging during rule creation ({pull}116374[#116374]). -* Updates rule actions to use `kibana.alert.*` fields instead of `signals.*` fields ({pull}116491[#116491]). -* Changes the insufficient permissions message type from an error to a warning ({pull}123777[#123777]). -* Fixes typos in the success messages that appear after you close Timelines or Timeline templates ({pull}123258[#123258]). -* Updates the Exceptions table header and Export button ({pull}122870[#122870]). -* Fixes a bug that could break a rule’s details page after you edited, activated, or deactivated the rule ({pull}122024[#122024]). -* Fixes an overlap between the rule query text field and Timeline banner ({pull}121967[#121967], {pull}121127[#121127]). -* Adds support for the `threat.feed.name` field in the alert details flyout and Timeline view ({pull}120250[#120250]). -* Adds the default threat indicator path (`threat_indicator_path`) to indicator match rules where it was missing ({pull}118962[#118962]). -* Adds a default value for the threat indicator path that indicator match rules use when creating indicator match rules from the {security-app} UI or the create rule API ({pull}118821[#118821]). -* Enhances the Endpoint details flyout UI ({pull}117987[#117987]). -* Fixes a bug that prevented you from clearing a connector’s `Additional comments` field ({pull}117901[#117901]). -* Allows you to modify the default threat indicator path for the Threat Intel Filebeat Module (v7.x) Indicator Match prebuilt rule ({pull}116583[#116583]). +* Enhances the UI for the Exceptions table; improves how dates are displayed in the Rules and Exceptions tables ({kib-pull}117643[#117643], {kib-pull}118940[#118940]). +* Updates the mappings of the rule registry to ECS version 8.0.0 so that detection rules can process ECS version 8.0.0 data ({kib-pull}123012[#123012]). +* Allows you to create and add runtime fields from the Alert and Timeline tables ({kib-pull}117627[#117627], {kib-pull}114806[#114806]). +* Enhances the Data view selection UI and hides the Data view dropdown when no data is present ({kib-pull}117601[#117601], {kib-pull}119956[#119956]). +* Enhances previews and error flagging during rule creation ({kib-pull}116374[#116374]). +* Updates rule actions to use `kibana.alert.*` fields instead of `signals.*` fields ({kib-pull}116491[#116491]). +* Changes the insufficient permissions message type from an error to a warning ({kib-pull}123777[#123777]). +* Fixes typos in the success messages that appear after you close Timelines or Timeline templates ({kib-pull}123258[#123258]). +* Updates the Exceptions table header and Export button ({kib-pull}122870[#122870]). +* Fixes a bug that could break a rule’s details page after you edited, activated, or deactivated the rule ({kib-pull}122024[#122024]). +* Fixes an overlap between the rule query text field and Timeline banner ({kib-pull}121967[#121967], {kib-pull}121127[#121127]). +* Adds support for the `threat.feed.name` field in the alert details flyout and Timeline view ({kib-pull}120250[#120250]). +* Adds the default threat indicator path (`threat_indicator_path`) to indicator match rules where it was missing ({kib-pull}118962[#118962]). +* Adds a default value for the threat indicator path that indicator match rules use when creating indicator match rules from the {security-app} UI or the create rule API ({kib-pull}118821[#118821]). +* Enhances the Endpoint details flyout UI ({kib-pull}117987[#117987]). +* Fixes a bug that prevented you from clearing a connector’s `Additional comments` field ({kib-pull}117901[#117901]). +* Allows you to modify the default threat indicator path for the Threat Intel Filebeat Module (v7.x) Indicator Match prebuilt rule ({kib-pull}116583[#116583]). [discrete] [[release-notes-8.0.0-rc2]] @@ -155,7 +155,7 @@ A new Lucene 9 validation change may cause event correlation (EQL) rule errors w *The Data view option might not display in upgraded environments with legacy alerts* -To make the *Data view* option appear, a user with elevated role privileges must visit the {security-app}, open a page that displays alert data (such as the Overview page), then refresh the page ({pull}121390[#121390]). +To make the *Data view* option appear, a user with elevated role privileges must visit the {security-app}, open a page that displays alert data (such as the Overview page), then refresh the page ({kib-pull}121390[#121390]). The role must have the following privileges: @@ -175,7 +175,7 @@ NOTE: If new alerts are generated in an upgraded environment without legacy aler *Detection rules may not generate alerts after upgrading to {stack} 8.0.0* -Rules are automatically disabled during the upgrade process and must be manually re-enabled after the process completes. Failure to do so could cause a gap in rule coverage ({pull}120906[#120906]). +Rules are automatically disabled during the upgrade process and must be manually re-enabled after the process completes. Failure to do so could cause a gap in rule coverage ({kib-pull}120906[#120906]). Before upgrading, use the <> API to retrieve a list of enabled detection rules in your environment. You can reference this list when re-enabling rules after you upgrade. diff --git a/docs/release-notes/8.1.asciidoc b/docs/release-notes/8.1.asciidoc index f01ec06974..b745b94554 100644 --- a/docs/release-notes/8.1.asciidoc +++ b/docs/release-notes/8.1.asciidoc @@ -13,8 +13,8 @@ [discrete] [[bug-fixes-8.1.3]] ==== Bug fixes and enhancements -* Improves UI performance in environments with a high number of field mappings ({pull}129862[#129862], {pull}128928[#128928], {pull}128885[#128885], {pull}128909[#128909], {pull}128774[#128774]). -* Fixes a bug on the *Host* and *Network* pages that forced table behavior to persist after users updated the pages’ time range ({pull}130024[#130024]). +* Improves UI performance in environments with a high number of field mappings ({kib-pull}129862[#129862], {kib-pull}128928[#128928], {kib-pull}128885[#128885], {kib-pull}128909[#128909], {kib-pull}128774[#128774]). +* Fixes a bug on the *Host* and *Network* pages that forced table behavior to persist after users updated the pages’ time range ({kib-pull}130024[#130024]). [discrete] [[release-notes-8.1.2]] @@ -45,9 +45,9 @@ [[bug-fixes-8.1.1]] ==== Bug fixes and enhancements * Fixes an {endpoint-sec} integration bug that prevented benign Windows files from being deleted under certain circumstances. -* Adds a notification to the **Exception lists** page that informs users if they are lacking certain role privileges ({pull}126874[#126874]). -* Turns off the **Upload value lists** option on the **Rules** page if users have `Read` Security privileges only ({pull}126829[#126829]). -* Removes the option to select rules in the All Rules table if users have `Read` Security privileges only ({pull}126827[#126827]). +* Adds a notification to the **Exception lists** page that informs users if they are lacking certain role privileges ({kib-pull}126874[#126874]). +* Turns off the **Upload value lists** option on the **Rules** page if users have `Read` Security privileges only ({kib-pull}126829[#126829]). +* Removes the option to select rules in the All Rules table if users have `Read` Security privileges only ({kib-pull}126827[#126827]). [discrete] [[release-notes-8.1.0]] @@ -58,7 +58,7 @@ ==== Known issues * An {endpoint-sec} integration bug prevents benign Windows files from being deleted under certain circumstances. * On macOS versions before 12.4, if {elastic-endpoint} is used with other products that monitor or manage network traffic (such as antivirus programs, firewalls, or VPNs), users might experience network connection issues. To resolve this issue, upgrade to macOS 12.4 or later. -* Indicator match rules cannot use the `.items-*` system index and will encounter execution errors when run. Avoid using indices populated from value lists for indicator match rules ({pull}133457[#133457]). +* Indicator match rules cannot use the `.items-*` system index and will encounter execution errors when run. Avoid using indices populated from value lists for indicator match rules ({kib-pull}133457[#133457]). * A new Lucene 9 validation change may cause event correlation (EQL) rule errors whenever rule queries contain regular expressions using wildcard fields and predefined character classes (for example, `\w`, `\s`, `\d`). [discrete] @@ -70,24 +70,24 @@ There are no breaking changes in 8.1.0. [discrete] [[features-8.1.0]] ==== Features -* Adds a *Technical preview* toggle above the Rules table which, when enabled, allows users to sort on all rule management columns ({pull}119611[#119611]). -* Introduces a new *Host risk classification* column in the All hosts table on the *Hosts* page. In addition, a new *Host by risk* tab has been added to the *Hosts* page and host detail pages. From the *Host by risk* tab, you can access an explanation of how a host’s risk is calculated and scored ({pull}122980[#122980], {pull}122586[#122586], {pull}122018[#122018], {pull}121075[#121075], {pull}120487[#120487], {pull}119734[#119734]). -* Introduces the ability to bulk edit rule index patterns and tags ({pull}122635[#122635]). -* Expands Endpoint per-policy artifact assignment to include endpoint event filters and host isolation IP exceptions ({pull}121879[#121879], {pull}121632[#121632]). -* Adds the rule execution UUID field to alerts. In addition, the `kibana.alert.rule.execution.uuid` field is now part of the alert data schema and can be found in the field browser in the Alerts table.({pull}113058[#113058]). -* Introduces case metrics that summarize alert information and response times ({pull}121336[#121336]). -* Improves copy for the privilege check on the Endpoints page ({pull}124118[#124118]). +* Adds a *Technical preview* toggle above the Rules table which, when enabled, allows users to sort on all rule management columns ({kib-pull}119611[#119611]). +* Introduces a new *Host risk classification* column in the All hosts table on the *Hosts* page. In addition, a new *Host by risk* tab has been added to the *Hosts* page and host detail pages. From the *Host by risk* tab, you can access an explanation of how a host’s risk is calculated and scored ({kib-pull}122980[#122980], {kib-pull}122586[#122586], {kib-pull}122018[#122018], {kib-pull}121075[#121075], {kib-pull}120487[#120487], {kib-pull}119734[#119734]). +* Introduces the ability to bulk edit rule index patterns and tags ({kib-pull}122635[#122635]). +* Expands Endpoint per-policy artifact assignment to include endpoint event filters and host isolation IP exceptions ({kib-pull}121879[#121879], {kib-pull}121632[#121632]). +* Adds the rule execution UUID field to alerts. In addition, the `kibana.alert.rule.execution.uuid` field is now part of the alert data schema and can be found in the field browser in the Alerts table.({kib-pull}113058[#113058]). +* Introduces case metrics that summarize alert information and response times ({kib-pull}121336[#121336]). +* Improves copy for the privilege check on the Endpoints page ({kib-pull}124118[#124118]). [discrete] [[bug-fixes-8.1.0]] ==== Bug fixes and enhancements -* Improves the performance of indicator match rules ({pull}123882[#123882], {pull}123677[#123677]). -* Changes the default indicator index query of custom and prebuilt indicator match rules to `@timestamp >= "now-30d/d"` ({pull}123590[#123590]). -* Improves the exceptions interface by replacing the exceptions modal with a flyout ({pull}123408[#123408]). +* Improves the performance of indicator match rules ({kib-pull}123882[#123882], {kib-pull}123677[#123677]). +* Changes the default indicator index query of custom and prebuilt indicator match rules to `@timestamp >= "now-30d/d"` ({kib-pull}123590[#123590]). +* Improves the exceptions interface by replacing the exceptions modal with a flyout ({kib-pull}123408[#123408]). * Alert details flyout enhancements: -** Shows different highlighted fields in an alert’s details flyout based on its type, category, and code ({pull}123239[#123239]). -** Adds overview cards with key data to the alert details flyout ({pull}120347[#120347]). -* Allows users to aggregate alert data based on a larger selection of ECS fields instead of just 10 preset options ({pull}120610[#120610]). -* Enriches threshold-related alert data from correct fields ({pull}125376[#125376]). -* Hides the delete button for disabled exception lists ({pull}122844[#122844]). -* Fixes various minor UX bugs ({pull}121410[#121410]). +** Shows different highlighted fields in an alert’s details flyout based on its type, category, and code ({kib-pull}123239[#123239]). +** Adds overview cards with key data to the alert details flyout ({kib-pull}120347[#120347]). +* Allows users to aggregate alert data based on a larger selection of ECS fields instead of just 10 preset options ({kib-pull}120610[#120610]). +* Enriches threshold-related alert data from correct fields ({kib-pull}125376[#125376]). +* Hides the delete button for disabled exception lists ({kib-pull}122844[#122844]). +* Fixes various minor UX bugs ({kib-pull}121410[#121410]). diff --git a/docs/release-notes/8.10.asciidoc b/docs/release-notes/8.10.asciidoc index 108abb0f3d..403fe10864 100644 --- a/docs/release-notes/8.10.asciidoc +++ b/docs/release-notes/8.10.asciidoc @@ -20,8 +20,8 @@ announcement]. [discrete] [[bug-fixes-8.10.4]] ==== Bug fixes -* Fixes a bug in Timeline that prevented the **Show top _x_** action from showing results ({pull}168339[#168339]). -* Fixes a bug that caused outdated or incorrect data to display on the MITRE ATT&CK® Coverage page ({pull}167917[#167917]). +* Fixes a bug in Timeline that prevented the **Show top _x_** action from showing results ({kib-pull}168339[#168339]). +* Fixes a bug that caused outdated or incorrect data to display on the MITRE ATT&CK® Coverage page ({kib-pull}167917[#167917]). [discrete] [[release-notes-8.10.3]] @@ -30,16 +30,16 @@ announcement]. [discrete] [[enhancements-8.10.3]] ==== Enhancements -* Updates the MITRE ATT&CK® framework to `v13.1` ({pull}166536[#166536]). +* Updates the MITRE ATT&CK® framework to `v13.1` ({kib-pull}166536[#166536]). [discrete] [[bug-fixes-8.10.3]] ==== Bug fixes -* Increases the line height of the session view preview in the alert details flyout ({pull}166932[#166932]). -* Adds tooltips to the Correlations table in the alert details flyout ({pull}166913[#166913]). -* Fixes a bug that prevented the prevalence query from considering fields with multiple values ({pull}166891[#166891]). -* Fixes an alert details flyout bug that affected the way prevalence data was fetched ({pull}166694[#166694]). -* Fixes a bug in Timeline that prevented the **Show top _x_** action from using the Timeline query ({pull}165109[#165109]). +* Increases the line height of the session view preview in the alert details flyout ({kib-pull}166932[#166932]). +* Adds tooltips to the Correlations table in the alert details flyout ({kib-pull}166913[#166913]). +* Fixes a bug that prevented the prevalence query from considering fields with multiple values ({kib-pull}166891[#166891]). +* Fixes an alert details flyout bug that affected the way prevalence data was fetched ({kib-pull}166694[#166694]). +* Fixes a bug in Timeline that prevented the **Show top _x_** action from using the Timeline query ({kib-pull}165109[#165109]). [discrete] [[release-notes-8.10.2]] @@ -71,7 +71,7 @@ There are no user-facing changes in 8.10.2. [[bug-fixes-8.10.1]] ==== Bug fixes -* Updates the Elastic AI Assistant response schema ({pull}166300[#166300], {pull}166495[#166495]). +* Updates the Elastic AI Assistant response schema ({kib-pull}166300[#166300], {kib-pull}166495[#166495]). [discrete] [[release-notes-8.10.0]] @@ -92,31 +92,31 @@ There are no breaking changes in 8.10.0. [[features-8.10.0]] ==== New features * Introduces a redesigned alert details flyout that enhances your investigative flows (https://github.com/elastic/security-docs/pull/3816[#3816], https://github.com/elastic/security-docs/pull/3854[#3854]). -* Adds the MITRE ATT&CK® coverage page, which shows how well your active detection rules protect against adversary tactics and techniques ({pull}161556[#161556], {pull}163498[#163498], {pull}164613[#164613], {pull}164986[#164986]). -* Adds a component under the Elastic AI Assistant header that allows you to select a different connector ({pull}163666[#163666]). -* Adds role-based access control for the Elastic AI Assistant ({pull}163031[#163031]). -* Adds a flyout that allows you to examine rule details when installing or updating a prebuilt rule ({pull}163304[#163304]). -* Adds the ability to specify custom highlighted fields for an alert ({pull}163235[#163235]). -* Adds the **Reputation service** option to the malicious behavior protection setting on the Elastic Defend integration policy ({pull}161617[#161617]). +* Adds the MITRE ATT&CK® coverage page, which shows how well your active detection rules protect against adversary tactics and techniques ({kib-pull}161556[#161556], {kib-pull}163498[#163498], {kib-pull}164613[#164613], {kib-pull}164986[#164986]). +* Adds a component under the Elastic AI Assistant header that allows you to select a different connector ({kib-pull}163666[#163666]). +* Adds role-based access control for the Elastic AI Assistant ({kib-pull}163031[#163031]). +* Adds a flyout that allows you to examine rule details when installing or updating a prebuilt rule ({kib-pull}163304[#163304]). +* Adds the ability to specify custom highlighted fields for an alert ({kib-pull}163235[#163235]). +* Adds the **Reputation service** option to the malicious behavior protection setting on the Elastic Defend integration policy ({kib-pull}161617[#161617]). [discrete] [[enhancements-8.10.0]] ==== Enhancements -* Modifies the {elastic-sec} main menu by adding the Rules main page and landing page, and shifting the order of the Cases and Explore pages ({pull}165061[#165061], {pull}163102[#163102], {pull}161667[#161667]). -* Adds a `resource.id` column to the "Top 10 vulnerable resources" table on the Cloud Native Vulnerability Management dashboard ({pull}162668[#162668]). -* Shows the most relevant tab when you open the Findings page, instead of always showing the Misconfigurations tab ({pull}162289[#162289]). -* Adds the **Building block** label to the rule details page for building block rules ({pull}162233[#162233]). -* Removes a filter that restricted the fields you could choose from when creating an Endpoint exception or event filter ({pull}162193[#162193]). -* Shows a confirmation message on the Rules page and rule details page when you delete rules ({pull}162477[#162477]). +* Modifies the {elastic-sec} main menu by adding the Rules main page and landing page, and shifting the order of the Cases and Explore pages ({kib-pull}165061[#165061], {kib-pull}163102[#163102], {kib-pull}161667[#161667]). +* Adds a `resource.id` column to the "Top 10 vulnerable resources" table on the Cloud Native Vulnerability Management dashboard ({kib-pull}162668[#162668]). +* Shows the most relevant tab when you open the Findings page, instead of always showing the Misconfigurations tab ({kib-pull}162289[#162289]). +* Adds the **Building block** label to the rule details page for building block rules ({kib-pull}162233[#162233]). +* Removes a filter that restricted the fields you could choose from when creating an Endpoint exception or event filter ({kib-pull}162193[#162193]). +* Shows a confirmation message on the Rules page and rule details page when you delete rules ({kib-pull}162477[#162477]). [discrete] [[bug-fixes-8.10.0]] ==== Bug fixes -* Fixes a UI bug that caused the rule preview to break when you closed it ({pull}164973[#164973]). -* Fixes a bug that stopped pre-configured connectors from working with the Elastic AI Assistant ({pull}164900[#164900]). -* Adds the new Elastic AI Assistant logo and global header menu item ({pull}164763[#164763]). -* Ensures that users see the appropriate message in the Elastic AI Assistant UI if they don't have the necessary connector and action privileges ({pull}164382[#164382]). -* Prevents threshold rule error messages from concealing shard failure messages ({pull}164231[#164231]). -* Removes filter in and out inline actions from the Alerts table on the case details page, and fixes issues with the **Top alerts by** inline action ({pull}161150[#161150]). -* Uses the {agent} `last_checkin` status for endpoints' `last seen` status ({pull}160506[#160506]). -* Hides the **Top alerts by** inline action for nested fields ({pull}159645[#159645]). \ No newline at end of file +* Fixes a UI bug that caused the rule preview to break when you closed it ({kib-pull}164973[#164973]). +* Fixes a bug that stopped pre-configured connectors from working with the Elastic AI Assistant ({kib-pull}164900[#164900]). +* Adds the new Elastic AI Assistant logo and global header menu item ({kib-pull}164763[#164763]). +* Ensures that users see the appropriate message in the Elastic AI Assistant UI if they don't have the necessary connector and action privileges ({kib-pull}164382[#164382]). +* Prevents threshold rule error messages from concealing shard failure messages ({kib-pull}164231[#164231]). +* Removes filter in and out inline actions from the Alerts table on the case details page, and fixes issues with the **Top alerts by** inline action ({kib-pull}161150[#161150]). +* Uses the {agent} `last_checkin` status for endpoints' `last seen` status ({kib-pull}160506[#160506]). +* Hides the **Top alerts by** inline action for nested fields ({kib-pull}159645[#159645]). \ No newline at end of file diff --git a/docs/release-notes/8.11.asciidoc b/docs/release-notes/8.11.asciidoc index b0f390cb4a..cc5ff74040 100644 --- a/docs/release-notes/8.11.asciidoc +++ b/docs/release-notes/8.11.asciidoc @@ -8,10 +8,10 @@ [discrete] [[bug-fixes-8.11.4]] ==== Bug fixes -* Stops the **{esql}** tab from rendering until you click on it in Timeline ({pull}173484[#173484]). -* Adds a feature flag (`timelineEsqlTabDisabled`) to hide the **{esql}** tab in Timeline ({pull}174029[#174029]). -* Removes the default query from the **{esql}** tab in Timeline ({pull}174393[#174393]). -* Fixes a bug that caused the **Add to Case** action to fail if you didn't add a comment before isolating and releasing a host ({pull}172912[#172912]). +* Stops the **{esql}** tab from rendering until you click on it in Timeline ({kib-pull}173484[#173484]). +* Adds a feature flag (`timelineEsqlTabDisabled`) to hide the **{esql}** tab in Timeline ({kib-pull}174029[#174029]). +* Removes the default query from the **{esql}** tab in Timeline ({kib-pull}174393[#174393]). +* Fixes a bug that caused the **Add to Case** action to fail if you didn't add a comment before isolating and releasing a host ({kib-pull}172912[#172912]). [discrete] [[release-notes-8.11.3]] @@ -20,7 +20,7 @@ [discrete] [[bug-fixes-8.11.3]] ==== Bug fixes -* Fixes a bug that caused the **Add to Case** action to fail if you didn't add a comment before isolating and releasing a host ({pull}172912[#172912]). +* Fixes a bug that caused the **Add to Case** action to fail if you didn't add a comment before isolating and releasing a host ({kib-pull}172912[#172912]). [discrete] [[release-notes-8.11.2]] @@ -29,15 +29,15 @@ [discrete] [[enhancements-8.11.2]] ==== Enhancements -* Updates references on the Entity Risk Score management page ({pull}171089[#171089]). +* Updates references on the Entity Risk Score management page ({kib-pull}171089[#171089]). [discrete] [[bug-fixes-8.11.2]] ==== Bug fixes -* Fixes a bug that caused the Alerts page to crash if you reloaded it while the preview panel in the alert details flyout was open ({pull}172323[#172323]). -* Fixes the event analyzer panel width ({pull}172026[#172026]). -* Applies page filters to MITRE ATT&CK® sub-technique cells when displaying rules ({pull}170988[#170988]). -* Fixes a bug with the **Investigate in timeline** action for Elastic AI Assistant that caused {esql} queries to open in the KQL query bar within Timeline ({pull}170542[#170542]). +* Fixes a bug that caused the Alerts page to crash if you reloaded it while the preview panel in the alert details flyout was open ({kib-pull}172323[#172323]). +* Fixes the event analyzer panel width ({kib-pull}172026[#172026]). +* Applies page filters to MITRE ATT&CK® sub-technique cells when displaying rules ({kib-pull}170988[#170988]). +* Fixes a bug with the **Investigate in timeline** action for Elastic AI Assistant that caused {esql} queries to open in the KQL query bar within Timeline ({kib-pull}170542[#170542]). [discrete] [[release-notes-8.11.1]] @@ -46,14 +46,14 @@ [discrete] [[enhancements-8.11.1]] ==== Enhancements -* Allows user and host risk score tables to be filtered by time range ({pull}168826[#168826]). +* Allows user and host risk score tables to be filtered by time range ({kib-pull}168826[#168826]). [discrete] [[bug-fixes-8.11.1]] ==== Bug fixes -* Fixes a bug that caused MITRE ATT&CK® technique cells to show duplicate rules ({pull}169708[#169708]). -* Fixes a bug that caused the incorrect MITRE ATT&CK® sub-technique to be applied after you saved a rule ({pull}170465[#170465]). -* Adds a privilege check for bulk-changing alert statuses ({pull}170584[#170584]). +* Fixes a bug that caused MITRE ATT&CK® technique cells to show duplicate rules ({kib-pull}169708[#169708]). +* Fixes a bug that caused the incorrect MITRE ATT&CK® sub-technique to be applied after you saved a rule ({kib-pull}170465[#170465]). +* Adds a privilege check for bulk-changing alert statuses ({kib-pull}170584[#170584]). [discrete] [[release-notes-8.11.0]] @@ -70,25 +70,25 @@ [discrete] [[breaking-changes-8.11.0]] ==== Breaking changes -* Ends support for the `filterQuery` field of the `getLiveQueryResults` and `findLiveQuery` APIs, and replaces it with the KQL field `kuery`. Requests to those APIs that used the `filterQuery` field should replace it with `kuery` ({pull}161806[#161806]). +* Ends support for the `filterQuery` field of the `getLiveQueryResults` and `findLiveQuery` APIs, and replaces it with the KQL field `kuery`. Requests to those APIs that used the `filterQuery` field should replace it with `kuery` ({kib-pull}161806[#161806]). * In 8.11, rule APIs will only support `investigation_fields` as `{ field_names: string[] }`. If you've added this field to your rules in 8.10, you don't need to do anything when you import your rules. [discrete] [[deprecations-8.11.0]] ==== Deprecations -* Deprecates the `doc_root.vulnerability.package` and replaces it with the `doc_root.package` ECS package ({pull}164651[#164651]). +* Deprecates the `doc_root.vulnerability.package` and replaces it with the `doc_root.package` ECS package ({kib-pull}164651[#164651]). [discrete] [[features-8.11.0]] ==== New features * Upgrades {elastic-defend} to capture a new Windows event type: ETW Threat Intelligence (ETW-TI). Renames the Windows events policy `Credential access` category to `API` in the UI (but not in the `.yaml`, maintaining backwards compatibility). Adds two new advanced options: `windows.advanced.events.api_disabled` and -`windows.advanced.events.api_verbose` ({pull}167549[#167549]). -* Adds the `Same family` category and tab to the Data Quality dashboard. Fields with mappings in the same family have the same search behavior as the type specified by ECS, but may have different space usage or performance characteristics ({pull}167480[#167480]). -* Updates the exceptions flyout's `match_any` operator to accept duplicate values that differ in case ({pull}167208[#167208]). -* beta:[] Enables the Elastic AI Assistant to answer questions about Elasticsearch Query Language (ES|QL) by allowing it to query, via ELSER, an ES|QL knowledge base. Refer to <> to enable the knowledge base ({pull}167097[#167097]). -* Enables ES|QL in Timeline (technical preview) ({pull}166764[#166764]). -* Adds the new ES|QL rule type (technical preview) ({pull}165450[#165450]). -* Updates the Endpoint policy UI (**Manage -> Policies**) to include a `Protection updates` tab, a new column called `Deployed version`, and a banner that highlights outdated policies ({pull}165256[#165256], {pull}162719[#162719]). +`windows.advanced.events.api_verbose` ({kib-pull}167549[#167549]). +* Adds the `Same family` category and tab to the Data Quality dashboard. Fields with mappings in the same family have the same search behavior as the type specified by ECS, but may have different space usage or performance characteristics ({kib-pull}167480[#167480]). +* Updates the exceptions flyout's `match_any` operator to accept duplicate values that differ in case ({kib-pull}167208[#167208]). +* beta:[] Enables the Elastic AI Assistant to answer questions about Elasticsearch Query Language (ES|QL) by allowing it to query, via ELSER, an ES|QL knowledge base. Refer to <> to enable the knowledge base ({kib-pull}167097[#167097]). +* Enables ES|QL in Timeline (technical preview) ({kib-pull}166764[#166764]). +* Adds the new ES|QL rule type (technical preview) ({kib-pull}165450[#165450]). +* Updates the Endpoint policy UI (**Manage -> Policies**) to include a `Protection updates` tab, a new column called `Deployed version`, and a banner that highlights outdated policies ({kib-pull}165256[#165256], {kib-pull}162719[#162719]). * Introduces full support for {elastic-endpoint} on macOS Sonoma. * Updates {elastic-defend} to support AlmaLinux 9 and Rocky Linux 9. * Adds a new optional parameter to {elastic-endpoint}'s `top` command. The `--limit` parameter specifies how many times to refresh the command's output before a graceful exit. @@ -97,23 +97,23 @@ [discrete] [[enhancements-8.11.0]] ==== Enhancements -* Adds a new Generative AI connector, Amazon Bedrock, for use with Elastic AI Assistant ({pull}166662[#166662]). -* Renames the Generative AI connector to OpenAI, since Generative AI is now a category of connectors that include OpenAI and Amazon Bedrock ({pull}167677[#167677]). -* Adds the `id`, `severity`, and `status` fields to the Webhook - Case Management connector ({pull}166295[#166295]). -* Updates the order of items on {kib}'s left-side navigation menu to match the order in {elastic-sec}'s left-side navigation menu ({pull}164268[#164268]). -* Adds tooltips to overview section titles in the alert details flyout ({pull}166737[#166737]). -* Updates the `.lists` and `.items` indices to data streams ({pull}162508[#162508]). +* Adds a new Generative AI connector, Amazon Bedrock, for use with Elastic AI Assistant ({kib-pull}166662[#166662]). +* Renames the Generative AI connector to OpenAI, since Generative AI is now a category of connectors that include OpenAI and Amazon Bedrock ({kib-pull}167677[#167677]). +* Adds the `id`, `severity`, and `status` fields to the Webhook - Case Management connector ({kib-pull}166295[#166295]). +* Updates the order of items on {kib}'s left-side navigation menu to match the order in {elastic-sec}'s left-side navigation menu ({kib-pull}164268[#164268]). +* Adds tooltips to overview section titles in the alert details flyout ({kib-pull}166737[#166737]). +* Updates the `.lists` and `.items` indices to data streams ({kib-pull}162508[#162508]). [discrete] [[bug-fixes-8.11.0]] ==== Bug fixes -* Updates the Entity Risk Score error message to list the necessary permissions ({pull}169216[#169216]). -* Displays more descriptive errors for Generative AI connectors ({pull}167674[#167674]). -* Adds metrics to some rule execution warning messages ({pull}167551[#167551]). -* Fixes a bug that could cause the exceptions flyout to reload unnecessarily in response to rule updates ({pull}166914[#166914]). -* Fixes a bug that could cause EQL shell alerts to not include certain common fields ({pull}166751[#166751]). -* Sets the date and time picker to full width in the expanded Prevalence view within the alert details flyout ({pull}166714[#166714]). -* Fixes a bug that could prevent the **Install Cloud Native Vulnerability Management** button on the empty state of the Findings page from working ({pull}166335[#166335]). -* Fixes a bug that could cause an error when you edited a rule's filter ({pull}165262[#165262]). -* Fixes a bug that caused the Rules table to auto-refresh when auto-refresh was disabled ({pull}165250[#165250]). \ No newline at end of file +* Updates the Entity Risk Score error message to list the necessary permissions ({kib-pull}169216[#169216]). +* Displays more descriptive errors for Generative AI connectors ({kib-pull}167674[#167674]). +* Adds metrics to some rule execution warning messages ({kib-pull}167551[#167551]). +* Fixes a bug that could cause the exceptions flyout to reload unnecessarily in response to rule updates ({kib-pull}166914[#166914]). +* Fixes a bug that could cause EQL shell alerts to not include certain common fields ({kib-pull}166751[#166751]). +* Sets the date and time picker to full width in the expanded Prevalence view within the alert details flyout ({kib-pull}166714[#166714]). +* Fixes a bug that could prevent the **Install Cloud Native Vulnerability Management** button on the empty state of the Findings page from working ({kib-pull}166335[#166335]). +* Fixes a bug that could cause an error when you edited a rule's filter ({kib-pull}165262[#165262]). +* Fixes a bug that caused the Rules table to auto-refresh when auto-refresh was disabled ({kib-pull}165250[#165250]). \ No newline at end of file diff --git a/docs/release-notes/8.12.asciidoc b/docs/release-notes/8.12.asciidoc index 16995d66b5..ff9b74a2d6 100644 --- a/docs/release-notes/8.12.asciidoc +++ b/docs/release-notes/8.12.asciidoc @@ -24,15 +24,15 @@ To resolve this issue, upgrade to 8.13 or later. [discrete] [[bug-fixes-8.12.2]] ==== Bug fixes -* Fixes long-running queries in Timeline and Events tables within Explore pages ({pull}176838[#176838]). -* Updates the default {bedrock} connector API URL ({pull}176090[#176090]). -* Ensures the risk score query only searches through alerts associated with the current user ({pull}175903[#175903]). -* Fixes a bug that prevented scheduled query packs from running if a pack's ID was composed of numbers ({pull}176507[#176507]). -* Fixes a bug that affected the rule details page layout if rule filters were extremely long. Also fixes a bug that incorrectly caused rule filters to display instead of their custom labels ({pull}176590[#176590]). -* Fixes a bug that prevented rules from being successfully imported if any rules referenced preconfigured connectors ({pull}176284[#176284]). -* Fixes a bug that prevented rules from being successfully exported if you exported more than 1000 rules ({pull}175979[#175979]). -* Turns off the option to install rules if you don't have the appropriate privileges ({pull}176598[#176598]). -* Fixes a bug that caused data to be lost when you upgraded a prebuilt rule to a new version with a different rule type ({pull}176421[#176421]). +* Fixes long-running queries in Timeline and Events tables within Explore pages ({kib-pull}176838[#176838]). +* Updates the default {bedrock} connector API URL ({kib-pull}176090[#176090]). +* Ensures the risk score query only searches through alerts associated with the current user ({kib-pull}175903[#175903]). +* Fixes a bug that prevented scheduled query packs from running if a pack's ID was composed of numbers ({kib-pull}176507[#176507]). +* Fixes a bug that affected the rule details page layout if rule filters were extremely long. Also fixes a bug that incorrectly caused rule filters to display instead of their custom labels ({kib-pull}176590[#176590]). +* Fixes a bug that prevented rules from being successfully imported if any rules referenced preconfigured connectors ({kib-pull}176284[#176284]). +* Fixes a bug that prevented rules from being successfully exported if you exported more than 1000 rules ({kib-pull}175979[#175979]). +* Turns off the option to install rules if you don't have the appropriate privileges ({kib-pull}176598[#176598]). +* Fixes a bug that caused data to be lost when you upgraded a prebuilt rule to a new version with a different rule type ({kib-pull}176421[#176421]). [discrete] [[release-notes-8.12.1]] @@ -58,20 +58,20 @@ To resolve this issue, upgrade to 8.13 or later. [[enhancements-8.12.1]] ==== Enhancements -* Provides performance improvements related to image load and registry write events ({pull}175486[#175486]). +* Provides performance improvements related to image load and registry write events ({kib-pull}175486[#175486]). [discrete] [[bug-fixes-8.12.1]] ==== Bug fixes -* Fixes misaligned elements in the top navigation bar ({pull}175516[#175516]). -* Fixes a bug that affected search results when you entered an agent name that included a dash (`-`) ({pull}175134[#175134]). -* Fixes a UI bug that hid frequency options for rule actions when you created or edited a rule ({pull}175050[#175050]). -* Removes the option to select a data view when modifying a rule's filter ({pull}174922[#174922]). -* Hides the technical and runtime fields that shouldn't appear in the JSON diff view when you're upgrading a rule ({pull}174789[#174789]). -* Ensures the current user is used when querying threshold rule history ({pull}174723[#174723]). -* Updates the document ID used for the visual event analyzer preview and the related by ancestry section of the alert details flyout ({pull}174651[#174651]). -* Deletes saved searches that are associated with deleted Timelines, and prevents saved searches from being created twice ({pull}174562[#174562]). -* Fixes a bug that prevented the assignee column from appearing in the Alerts table after upgrading to 8.12.0 ({pull}174370[#174370]). +* Fixes misaligned elements in the top navigation bar ({kib-pull}175516[#175516]). +* Fixes a bug that affected search results when you entered an agent name that included a dash (`-`) ({kib-pull}175134[#175134]). +* Fixes a UI bug that hid frequency options for rule actions when you created or edited a rule ({kib-pull}175050[#175050]). +* Removes the option to select a data view when modifying a rule's filter ({kib-pull}174922[#174922]). +* Hides the technical and runtime fields that shouldn't appear in the JSON diff view when you're upgrading a rule ({kib-pull}174789[#174789]). +* Ensures the current user is used when querying threshold rule history ({kib-pull}174723[#174723]). +* Updates the document ID used for the visual event analyzer preview and the related by ancestry section of the alert details flyout ({kib-pull}174651[#174651]). +* Deletes saved searches that are associated with deleted Timelines, and prevents saved searches from being created twice ({kib-pull}174562[#174562]). +* Fixes a bug that prevented the assignee column from appearing in the Alerts table after upgrading to 8.12.0 ({kib-pull}174370[#174370]). [discrete] [[release-notes-8.12.0]] @@ -140,53 +140,53 @@ There are no deprecations in 8.12.0. [[features-8.12.0]] ==== New features -* Introduces the ability to assign alerts to specific users ({pull}170579[#170579], {pull}171589[#171589]). -* Introduces Retrieval Augmented Generation (RAG) for Alerts, allowing you to give Elastic AI Assistant context about more alerts in your environment ({pull}172542[#172542]). -* Enables alert suppression for threshold rules ({pull}171423[#171423]). -* Adds an *Updates* tab to the prebuilt rules upgrade flyout to show differences between the installed and updated versions ({pull}172535[#172535], {pull}173187[#173187]). -* Adds a setting that lets you exclude cold and frozen tiers from visual event analyzer queries ({pull}172162[#172162]). -* Adds a tour to guide users through Timelines UI changes ({pull}172030[#172030]). -* Adds a timeout option for Osquery queries, so you can customize the maximum time each query should run before timing out ({pull}169925[#169925]). -* Introduces new grouping capabilities for CSPM and KSPM Findings data ({pull}169884[#169884]). -* Adds the expandable alert details flyout to the rule preview panel ({pull}167902[#167902]). +* Introduces the ability to assign alerts to specific users ({kib-pull}170579[#170579], {kib-pull}171589[#171589]). +* Introduces Retrieval Augmented Generation (RAG) for Alerts, allowing you to give Elastic AI Assistant context about more alerts in your environment ({kib-pull}172542[#172542]). +* Enables alert suppression for threshold rules ({kib-pull}171423[#171423]). +* Adds an *Updates* tab to the prebuilt rules upgrade flyout to show differences between the installed and updated versions ({kib-pull}172535[#172535], {kib-pull}173187[#173187]). +* Adds a setting that lets you exclude cold and frozen tiers from visual event analyzer queries ({kib-pull}172162[#172162]). +* Adds a tour to guide users through Timelines UI changes ({kib-pull}172030[#172030]). +* Adds a timeout option for Osquery queries, so you can customize the maximum time each query should run before timing out ({kib-pull}169925[#169925]). +* Introduces new grouping capabilities for CSPM and KSPM Findings data ({kib-pull}169884[#169884]). +* Adds the expandable alert details flyout to the rule preview panel ({kib-pull}167902[#167902]). * Introduces bidirectional response actions to isolate and release SentinelOne-protected hosts (technical preview). [discrete] [[enhancements-8.12.0]] ==== Enhancements -* Refactors the timeline UI — various minor updates ({pull}168230[#168230]). -* Introduces manual saving for Timeline ({pull}171027[#171027], {pull}169239[#169239]). -* Improves forward-compatibility for the rule schema ({pull}170861[#170861]). -* Simplifies the format of risk engine API error responses ({pull}170645[#170645]). -* Makes various UI improvements to the alert details flyout ({pull}170279[#170279], {pull}169035[#169035], {pull}173399[#173399], {pull}170078[#170078], {pull}168297[#168297]). -* Saves the state of the alert details flyout in the browser. For example, after you use the flyout's *Investigate in timeline* button, you can click your browser's back button to return to the flyout ({pull}169661[#169661]). -* Adds a button to rule execution error messages that lets you ask AI Assistant to diagnose errors ({pull}166778[#166778]). +* Refactors the timeline UI — various minor updates ({kib-pull}168230[#168230]). +* Introduces manual saving for Timeline ({kib-pull}171027[#171027], {kib-pull}169239[#169239]). +* Improves forward-compatibility for the rule schema ({kib-pull}170861[#170861]). +* Simplifies the format of risk engine API error responses ({kib-pull}170645[#170645]). +* Makes various UI improvements to the alert details flyout ({kib-pull}170279[#170279], {kib-pull}169035[#169035], {kib-pull}173399[#173399], {kib-pull}170078[#170078], {kib-pull}168297[#168297]). +* Saves the state of the alert details flyout in the browser. For example, after you use the flyout's *Investigate in timeline* button, you can click your browser's back button to return to the flyout ({kib-pull}169661[#169661]). +* Adds a button to rule execution error messages that lets you ask AI Assistant to diagnose errors ({kib-pull}166778[#166778]). * Integrates a new Event Tracing for Windows (ETW) provider (Microsoft-Windows-Win32k) to create new event types that can be used by prebuilt endpoint rules to detect keylogging activity. * Allows for acting and target memory region buffers within behavior alerts to be scanned against {elastic-sec}'s collection of YARA signatures when collected. Detections are added to alerts. * Adds a new ReadProcessMemory (lsass) event that can be used by prebuilt endpoint rules to detect credential dumping. -* Adds a link to the Amazon Bedrock connector edit UI that opens the token tracking dashboard ({pull}172115[#172115]). -* Allows you to use the `matches` and `does not match` operators when defining endpoint exceptions and event filters ({pull}166002[#166002], {pull}170495[#170495]). +* Adds a link to the Amazon Bedrock connector edit UI that opens the token tracking dashboard ({kib-pull}172115[#172115]). +* Allows you to use the `matches` and `does not match` operators when defining endpoint exceptions and event filters ({kib-pull}166002[#166002], {kib-pull}170495[#170495]). * Adds support for Kafka as an output type for Endpoint. [discrete] [[bug-fixes-8.12.0]] ==== Bug fixes -* Fixes response action bugs by mapping the `unisolate` command to the `release` command and the `running-processes` command to the `processes` command ({pull}173831[#173831]). -* Fixes the dark theme for the alert details flyout footer ({pull}173577[#173577]). -* Makes the Timeline tour compatible with the Timeline template page ({pull}173526[#173526]). -* Stops the **{esql}** tab from rendering until you click on it in Timeline ({pull}173484[#173484]). -* Adds a feature flag (`timelineEsqlTabDisabled`) to show or hide the **{esql}** tab in Timeline ({pull}174029[#174029]). -* Removes the default query in the **{esql}** tab in Timeline ({pull}174393[#174393]). -* Fixes a bug that caused {ml} fetch jobs to fail when the default data view (`securitySolution:defaultIndex`) contained special characters ({pull}173426[#173426]). -* Remove the **Assignees** field from the event details flyout ({pull}173314[#173314]). -* Fixes a bug that caused the **Add to Case** action to fail if you didn't add a comment before isolating and releasing a host ({pull}172912[#172912]). -* Fixes a UI bug that overlaid **Default Risk score** values as you created a new rule ({pull}172677[#172677]). -* Fixes a bug that cleared configured fields in the exceptions flyout after the flyout reloaded and refocused ({pull}172666[#172666]). -* Limits the character length for exception comments to 3000 characters, and makes the error message more descriptive if the limit's exceeded ({pull}170764[#170764]). -* Re-adds the missing alerts index filtration to Data views ({pull}170484[#170484]). -* Fixes a bug that didn't allow exceptions to be created or edited after an error displayed ({pull}169801[#169801]). -* Stops {security-app} pages from crashing when there's a fields error in the **Stack by** component ({pull}168411[#168411]). -* Deletes saved searches that are associated with deleted Timelines and prevents saved searches from being created twice ({pull}174562[#174562]). -* Fixes a bug with the **Share alert** feature in the alert details flyout ({pull}174005[#174005]). \ No newline at end of file +* Fixes response action bugs by mapping the `unisolate` command to the `release` command and the `running-processes` command to the `processes` command ({kib-pull}173831[#173831]). +* Fixes the dark theme for the alert details flyout footer ({kib-pull}173577[#173577]). +* Makes the Timeline tour compatible with the Timeline template page ({kib-pull}173526[#173526]). +* Stops the **{esql}** tab from rendering until you click on it in Timeline ({kib-pull}173484[#173484]). +* Adds a feature flag (`timelineEsqlTabDisabled`) to show or hide the **{esql}** tab in Timeline ({kib-pull}174029[#174029]). +* Removes the default query in the **{esql}** tab in Timeline ({kib-pull}174393[#174393]). +* Fixes a bug that caused {ml} fetch jobs to fail when the default data view (`securitySolution:defaultIndex`) contained special characters ({kib-pull}173426[#173426]). +* Remove the **Assignees** field from the event details flyout ({kib-pull}173314[#173314]). +* Fixes a bug that caused the **Add to Case** action to fail if you didn't add a comment before isolating and releasing a host ({kib-pull}172912[#172912]). +* Fixes a UI bug that overlaid **Default Risk score** values as you created a new rule ({kib-pull}172677[#172677]). +* Fixes a bug that cleared configured fields in the exceptions flyout after the flyout reloaded and refocused ({kib-pull}172666[#172666]). +* Limits the character length for exception comments to 3000 characters, and makes the error message more descriptive if the limit's exceeded ({kib-pull}170764[#170764]). +* Re-adds the missing alerts index filtration to Data views ({kib-pull}170484[#170484]). +* Fixes a bug that didn't allow exceptions to be created or edited after an error displayed ({kib-pull}169801[#169801]). +* Stops {security-app} pages from crashing when there's a fields error in the **Stack by** component ({kib-pull}168411[#168411]). +* Deletes saved searches that are associated with deleted Timelines and prevents saved searches from being created twice ({kib-pull}174562[#174562]). +* Fixes a bug with the **Share alert** feature in the alert details flyout ({kib-pull}174005[#174005]). \ No newline at end of file diff --git a/docs/release-notes/8.2.asciidoc b/docs/release-notes/8.2.asciidoc index fd931f860a..98a2812aee 100644 --- a/docs/release-notes/8.2.asciidoc +++ b/docs/release-notes/8.2.asciidoc @@ -13,7 +13,7 @@ [discrete] [[bug-fixes-8.2.3]] ==== Bug fixes and enhancements -* Fixes a bug that caused incorrect enrichment data to be attached to alerts ({pull}133591[#133591]). +* Fixes a bug that caused incorrect enrichment data to be attached to alerts ({kib-pull}133591[#133591]). [discrete] [[release-notes-8.2.2]] @@ -27,7 +27,7 @@ [discrete] [[bug-fixes-8.2.2]] ==== Bug fixes and enhancements -* Fixes a sorting and tooltip issue in Timeline for non-ECS fields that don’t have nested values ({pull}132570[#132570]). +* Fixes a sorting and tooltip issue in Timeline for non-ECS fields that don’t have nested values ({kib-pull}132570[#132570]). [discrete] [[release-notes-8.2.1]] @@ -41,11 +41,11 @@ [discrete] [[bug-fixes-8.2.1]] ==== Bug fixes and enhancements -* Allows {kibana-ref}/pre-configured-connectors.html[preconfigured connectors] to be used with cases ({pull}130372[#130372]). -* Adds pagination to the *Table* tab on the Alert details flyout to fix a performance issue on the Timelines page ({pull}131358[#131358]). -* Fixes sorting issues that were related to unmapped fields ({pull}132190[#132190]). -* Fixes a bug in the *Filter In*, *Filter Out*, and *Add to timeline investigation* inline actions that caused incorrect results to be retrieved ({pull}132251[#132251]). -* Enhances performance by improving calculations for the top count function and hover action in data tables ({pull}131363[#131363]). +* Allows {kibana-ref}/pre-configured-connectors.html[preconfigured connectors] to be used with cases ({kib-pull}130372[#130372]). +* Adds pagination to the *Table* tab on the Alert details flyout to fix a performance issue on the Timelines page ({kib-pull}131358[#131358]). +* Fixes sorting issues that were related to unmapped fields ({kib-pull}132190[#132190]). +* Fixes a bug in the *Filter In*, *Filter Out*, and *Add to timeline investigation* inline actions that caused incorrect results to be retrieved ({kib-pull}132251[#132251]). +* Enhances performance by improving calculations for the top count function and hover action in data tables ({kib-pull}131363[#131363]). [discrete] [[release-notes-8.2.0]] @@ -55,14 +55,14 @@ [[known-issue-8.2.0]] ==== Known issues * On macOS versions before 12.4, if {elastic-endpoint} is used with other products that monitor or manage network traffic (such as antivirus programs, firewalls, or VPNs), users might experience network connection issues. To resolve this issue, upgrade to macOS 12.4 or later. -* Indicator match rules cannot use the `.items-*` system index and will encounter execution errors when run. Avoid using indices populated from value lists for indicator match rules ({pull}133457[#133457]). +* Indicator match rules cannot use the `.items-*` system index and will encounter execution errors when run. Avoid using indices populated from value lists for indicator match rules ({kib-pull}133457[#133457]). * The `matches` operator in the *Add Rule Exception* flyout does not work because wildcard matches are not supported for rule exceptions. Using the `matches` operator will cause rule exceptions and their associated rules to fail. You can restore failed rules by deleting unsupported exceptions and refreshing the rules ({issue}136340[#136340]). * A new Lucene 9 validation change may cause event correlation (EQL) rule errors whenever rule queries contain regular expressions using wildcard fields and predefined character classes (for example, `\w`, `\s`, `\d`). [discrete] [[deprecations-8.2.0]] ==== Deprecations -The following endpoints are deprecated ({pull}129448[#129448]) and will be removed in a future release. They will remain active for at least the next 18 months: +The following endpoints are deprecated ({kib-pull}129448[#129448]) and will be removed in a future release. They will remain active for at least the next 18 months: * <> * <> @@ -79,46 +79,46 @@ There are no breaking changes in 8.2.0. [discrete] [[features-8.2.0]] ==== Features -* Enables rule previews for indicator match rules ({pull}126651[#126651]). -* Displays the alerts table when previewing a rule ({pull}127986[#127986]). -* Introduces a new beta feature, <>. Session view contextualizes and provides insight into Linux process data ({pull}127828[#127828], {pull}126997[#126997], {pull}127520[#127520], {pull}124575[#124575]). -* Creates a <> page under *Explore* to help you better understand authentication and usage information ({pull}127617[#127617], {pull}127953[#127953], {pull}126434[#126434], {pull}126079[#126079], {pull}128375[#128375], {pull}130030[#130030]). -* Creates a User details flyout ({pull}127019[#127019]). -* Creates a <> that enables you to prevent applications from running on hosts ({pull}127098[#127098], {pull}127031[#127031], {pull}126390[#126390]). -* Creates a *Policies* page, which lists all of the integration policies configured for {endpoint-sec}. Use the page to quickly view and manage your {endpoint-sec} integration policies ({pull}123760[#123760]). -* Enables you to bulk-apply Timeline templates to rules ({pull}128691[#128691]). -* Enables users to filter the rules management table by index pattern or MITRE ATT&CK tactic or technique (name or ID) ({pull}128245[#128245]). -* Allows you to run Osquery searches from the **Take action** button on the Alert details flyout (**Alerts** and **Timelines** pages) ({pull}128142[#128142]). -* Adds a list of linked cases to the alert details flyout ({pull}128033[#128033]). -* Expands the actions you can take on visualizations throughout {elastic-sec} to *Inspect*, *Open in Lens*, *Add to new case*, and *Add to existing case* ({pull}126507[#126507]). -* Adds rule execution logs to the rule details page to consolidate information about a rule's execution history ({pull}126215[#126215]). -* Enables wildcard entries for `file.path.text` fields within event filters with the *matches* operator ({pull}125202[#125202]). +* Enables rule previews for indicator match rules ({kib-pull}126651[#126651]). +* Displays the alerts table when previewing a rule ({kib-pull}127986[#127986]). +* Introduces a new beta feature, <>. Session view contextualizes and provides insight into Linux process data ({kib-pull}127828[#127828], {kib-pull}126997[#126997], {kib-pull}127520[#127520], {kib-pull}124575[#124575]). +* Creates a <> page under *Explore* to help you better understand authentication and usage information ({kib-pull}127617[#127617], {kib-pull}127953[#127953], {kib-pull}126434[#126434], {kib-pull}126079[#126079], {kib-pull}128375[#128375], {kib-pull}130030[#130030]). +* Creates a User details flyout ({kib-pull}127019[#127019]). +* Creates a <> that enables you to prevent applications from running on hosts ({kib-pull}127098[#127098], {kib-pull}127031[#127031], {kib-pull}126390[#126390]). +* Creates a *Policies* page, which lists all of the integration policies configured for {endpoint-sec}. Use the page to quickly view and manage your {endpoint-sec} integration policies ({kib-pull}123760[#123760]). +* Enables you to bulk-apply Timeline templates to rules ({kib-pull}128691[#128691]). +* Enables users to filter the rules management table by index pattern or MITRE ATT&CK tactic or technique (name or ID) ({kib-pull}128245[#128245]). +* Allows you to run Osquery searches from the **Take action** button on the Alert details flyout (**Alerts** and **Timelines** pages) ({kib-pull}128142[#128142]). +* Adds a list of linked cases to the alert details flyout ({kib-pull}128033[#128033]). +* Expands the actions you can take on visualizations throughout {elastic-sec} to *Inspect*, *Open in Lens*, *Add to new case*, and *Add to existing case* ({kib-pull}126507[#126507]). +* Adds rule execution logs to the rule details page to consolidate information about a rule's execution history ({kib-pull}126215[#126215]). +* Enables wildcard entries for `file.path.text` fields within event filters with the *matches* operator ({kib-pull}125202[#125202]). [discrete] [[bug-fixes-8.2.0]] ==== Bug fixes and enhancements * Performance enhancements for indicator match rules: -** Adds point in time (PIT) search ({pull}128433[#128433]). -** Adds events-first (reverse) search ({pull}127428[#127428]). -** Includes filters from indicator match rule mappings to reduce the search load when rules run ({pull}127411[#127411]). -* Fixes a bug that affected the accuracy of rule preview results ({pull}128003[#128003]). -* Adds event log telemetry for detection rules ({pull}128216[#128216]). -* Adds support for Osquery pack integration assets ({pull}128109[#128109]). -* Fixes minor Osquery issues on alerts ({pull}128676[#128676]). -* Allows users to reduce resource usage by collapsing KPIs and table queries running on the *Hosts* and *Network* pages ({pull}127930[#127930]). -* Adds the *Alert prevalence* column to the Highlighted fields table ({pull}127599[#127599]). -* Introduces a new landing page that provides guidance for adding data ({pull}127324[#127324]). -* Redesigns the *Fields* browser ({pull}126105[#126105]). -* Allows runtime fields to be managed from the *Fields* browser ({pull}127037[#127037]). -* Adds the *Blocklist enabled* toggle to Malware protection settings ({pull}127031[#127031]). -* Updates MITRE ATT&CK mappings for detection rules to v10.1 ({pull}126288[#126288]). -* Adds an Advanced Settings toggle to turn off `read` privilege warnings for detection rules using a remote cross-cluster search (CCS) index pattern ({pull}124459[#124459]). -* Adds four new Timeline templates that are focused on key event categories to provide relevant alert data and assist with investigation and resolution efforts ({pull}125172[#125172]). -* Excludes malware and ransomware alerts from detection rule telemetry ({pull}130233[#130233]). -* Fixes alert and external alert filters on the *Hosts* page and *Users* page ({pull}129451[#129451]). -* Passes threshold alert filters to the Timeline ({pull}129405[#129405]). -* Displays a confirmation message when a user creates the first event filter ({pull}128810[#128810]). -* Fixes a bug that ignored exceptions when loading the threshold alert count in a Timeline ({pull}128495[#128495]). -* Adds a fallback mechanism to EQL rules so that rules fall back to `@timestamp` if `timestamp_override` doesn't exist ({pull}127989[#127989]). -* Fixes a bug that stopped EQL rules from using a `max_signals` value greater than 100 ({pull}127839[#127839]). -* Updates EQL rules to use the EQL method of the {es} client ({pull}127684[#127684]). +** Adds point in time (PIT) search ({kib-pull}128433[#128433]). +** Adds events-first (reverse) search ({kib-pull}127428[#127428]). +** Includes filters from indicator match rule mappings to reduce the search load when rules run ({kib-pull}127411[#127411]). +* Fixes a bug that affected the accuracy of rule preview results ({kib-pull}128003[#128003]). +* Adds event log telemetry for detection rules ({kib-pull}128216[#128216]). +* Adds support for Osquery pack integration assets ({kib-pull}128109[#128109]). +* Fixes minor Osquery issues on alerts ({kib-pull}128676[#128676]). +* Allows users to reduce resource usage by collapsing KPIs and table queries running on the *Hosts* and *Network* pages ({kib-pull}127930[#127930]). +* Adds the *Alert prevalence* column to the Highlighted fields table ({kib-pull}127599[#127599]). +* Introduces a new landing page that provides guidance for adding data ({kib-pull}127324[#127324]). +* Redesigns the *Fields* browser ({kib-pull}126105[#126105]). +* Allows runtime fields to be managed from the *Fields* browser ({kib-pull}127037[#127037]). +* Adds the *Blocklist enabled* toggle to Malware protection settings ({kib-pull}127031[#127031]). +* Updates MITRE ATT&CK mappings for detection rules to v10.1 ({kib-pull}126288[#126288]). +* Adds an Advanced Settings toggle to turn off `read` privilege warnings for detection rules using a remote cross-cluster search (CCS) index pattern ({kib-pull}124459[#124459]). +* Adds four new Timeline templates that are focused on key event categories to provide relevant alert data and assist with investigation and resolution efforts ({kib-pull}125172[#125172]). +* Excludes malware and ransomware alerts from detection rule telemetry ({kib-pull}130233[#130233]). +* Fixes alert and external alert filters on the *Hosts* page and *Users* page ({kib-pull}129451[#129451]). +* Passes threshold alert filters to the Timeline ({kib-pull}129405[#129405]). +* Displays a confirmation message when a user creates the first event filter ({kib-pull}128810[#128810]). +* Fixes a bug that ignored exceptions when loading the threshold alert count in a Timeline ({kib-pull}128495[#128495]). +* Adds a fallback mechanism to EQL rules so that rules fall back to `@timestamp` if `timestamp_override` doesn't exist ({kib-pull}127989[#127989]). +* Fixes a bug that stopped EQL rules from using a `max_signals` value greater than 100 ({kib-pull}127839[#127839]). +* Updates EQL rules to use the EQL method of the {es} client ({kib-pull}127684[#127684]). diff --git a/docs/release-notes/8.3.asciidoc b/docs/release-notes/8.3.asciidoc index 7e23760bb6..fb758edf6f 100644 --- a/docs/release-notes/8.3.asciidoc +++ b/docs/release-notes/8.3.asciidoc @@ -14,9 +14,9 @@ [discrete] [[bug-fixes-8.3.3]] ==== Bug fixes and enhancements -* Fixes a bug that prevented the *Create field* button from appearing in the Fields browser when you accessed it from a Timeline created using the Alerts page's *Open in timeline* button ({pull}135842[#135842]). -* Removes the unsupported `matches` operator from the *Add Rule Exception* flyout ({pull}136340[#136340]). -* Prevents rule execution log events from being wrongly ordered when the maximum number of events are reached and events are filtered by status ({pull}131675[#131675]). +* Fixes a bug that prevented the *Create field* button from appearing in the Fields browser when you accessed it from a Timeline created using the Alerts page's *Open in timeline* button ({kib-pull}135842[#135842]). +* Removes the unsupported `matches` operator from the *Add Rule Exception* flyout ({kib-pull}136340[#136340]). +* Prevents rule execution log events from being wrongly ordered when the maximum number of events are reached and events are filtered by status ({kib-pull}131675[#131675]). [discrete] [[release-notes-8.3.2]] @@ -31,8 +31,8 @@ [discrete] [[bug-fixes-8.3.2]] ==== Bug fixes and enhancements -* Allows indices created from value lists to be used with indicator match rules ({pull}135128[#135128]). -* Fixes an issue where detection rules that were created or edited in 8.2.x failed to execute after you upgraded to {stack} 8.3.0 or 8.3.1 ({pull}135663[#135663]). +* Allows indices created from value lists to be used with indicator match rules ({kib-pull}135128[#135128]). +* Fixes an issue where detection rules that were created or edited in 8.2.x failed to execute after you upgraded to {stack} 8.3.0 or 8.3.1 ({kib-pull}135663[#135663]). ==== @@ -108,7 +108,7 @@ A new Lucene 9 validation change may cause event correlation rule (EQL) errors w [discrete] [[bug-fixes-8.3.1]] ==== Bug fixes and enhancements -* Fixes a bug that prevented the Cases widget in the Detection & Response dashboard from updating ({pull}135128[#135128]). +* Fixes a bug that prevented the Cases widget in the Detection & Response dashboard from updating ({kib-pull}135128[#135128]). [discrete] [[release-notes-8.3.0]] @@ -171,35 +171,35 @@ A new Lucene 9 validation change may cause event correlation rule (EQL) errors w [[breaking-changes-8.3.0]] ==== Breaking changes -* Updates Elastic prebuilt {ml} detection rules for some Windows and Linux anomalies with new `v3` {ml} jobs. A confirmation modal is displayed when updating rules if `v1`/`v2` jobs are installed. If you're using 8.2 or earlier versions of {beats} or {agent}, you may need to duplicate prebuilt rules or create new custom rules _before_ you update the prebuilt rules. Once you update the prebuilt rules, they will only use `v3` {ml} jobs. Refer to {security-guide}/alerts-ui-monitor.html#ml-job-compatibility[Troubleshoot missing alerts for machine learning jobs] for more information ({pull}128334[#128334]). +* Updates Elastic prebuilt {ml} detection rules for some Windows and Linux anomalies with new `v3` {ml} jobs. A confirmation modal is displayed when updating rules if `v1`/`v2` jobs are installed. If you're using 8.2 or earlier versions of {beats} or {agent}, you may need to duplicate prebuilt rules or create new custom rules _before_ you update the prebuilt rules. Once you update the prebuilt rules, they will only use `v3` {ml} jobs. Refer to {security-guide}/alerts-ui-monitor.html#ml-job-compatibility[Troubleshoot missing alerts for machine learning jobs] for more information ({kib-pull}128334[#128334]). [discrete] [[features-8.3.0]] ==== Features -* Renames Endpoint Security integration to "{endpoint-cloud-sec}" ({pull}132752[#132752]). -* Adds a new {security-guide}/detection-response-dashboard.html[Detection & Response dashboard], which provides focused visibility into the day-to-day operations of your security environment ({pull}130670[#130670], {pull}128335[#128335], {pull}129021[#129021], {pull}128087[#128087], {pull}131828[#131828], {pull}131029[#131029]). -* Introduces a new optional design for the main navigation menu ({pull}132210[#132210], {pull}131437[#131437], {pull}133719[#133719]). -* Adds a *User risk* tab to the User details flyout ({pull}130256[#130256]). -* Adds an *Authentications* tab to the User details flyout ({pull}129456[#129456]). -* Adds the ability to investigate Osquery results in Timeline ({pull}128596[#128596]). -* Allows multiple alerts to be added to a case ({pull}130958[#130958]). -* Adds the option to delete case comments from a case ({pull}130254[#130254]). -* Provides an option to select a severity level for a case ({pull}131626[#131626]). -* Adds the experimental *Alerts* tab to cases, which allows users to inspect attached alerts ({pull}131883[#131883]). -* Adds the *Average time to close* metric to the Cases page ({pull}131909[#131909]). -* Adds new fields to prebuilt detection rules' schemas: `related_integrations`, `required_fields`, and `setup` ({pull}132409[#132409]). -* Adds the *Related integrations*, *Required fields*, and *Setup guide* sections to the rule details page to help users identify and meet a rule's prerequisites. Also adds the related integrations badge to the Rules table ({pull}131475[#131475]). Content for these new sections is delivered in a prebuilt rules update, independent of {stack} release versioning. +* Renames Endpoint Security integration to "{endpoint-cloud-sec}" ({kib-pull}132752[#132752]). +* Adds a new {security-guide}/detection-response-dashboard.html[Detection & Response dashboard], which provides focused visibility into the day-to-day operations of your security environment ({kib-pull}130670[#130670], {kib-pull}128335[#128335], {kib-pull}129021[#129021], {kib-pull}128087[#128087], {kib-pull}131828[#131828], {kib-pull}131029[#131029]). +* Introduces a new optional design for the main navigation menu ({kib-pull}132210[#132210], {kib-pull}131437[#131437], {kib-pull}133719[#133719]). +* Adds a *User risk* tab to the User details flyout ({kib-pull}130256[#130256]). +* Adds an *Authentications* tab to the User details flyout ({kib-pull}129456[#129456]). +* Adds the ability to investigate Osquery results in Timeline ({kib-pull}128596[#128596]). +* Allows multiple alerts to be added to a case ({kib-pull}130958[#130958]). +* Adds the option to delete case comments from a case ({kib-pull}130254[#130254]). +* Provides an option to select a severity level for a case ({kib-pull}131626[#131626]). +* Adds the experimental *Alerts* tab to cases, which allows users to inspect attached alerts ({kib-pull}131883[#131883]). +* Adds the *Average time to close* metric to the Cases page ({kib-pull}131909[#131909]). +* Adds new fields to prebuilt detection rules' schemas: `related_integrations`, `required_fields`, and `setup` ({kib-pull}132409[#132409]). +* Adds the *Related integrations*, *Required fields*, and *Setup guide* sections to the rule details page to help users identify and meet a rule's prerequisites. Also adds the related integrations badge to the Rules table ({kib-pull}131475[#131475]). Content for these new sections is delivered in a prebuilt rules update, independent of {stack} release versioning. [discrete] [[bug-fixes-8.3.0]] ==== Bug fixes and enhancements -* Separates array values with commas in the Alerts table ({pull}133297[#133297]). -* Exposes the EQL search settings `event_category_field`, `tiebreaker_field`, and `timestamp_field` through the rules API and UI for event correlation rules ({pull}132247[#132247]). -* Adds the *Session ID* field to the *Highlighted fields* section of the Alert details flyout ({pull}132219[#132219]). -* Adds Dashboards and Threat Hunting Landing pages ({pull}130905[#130905]). -* Allows highlighted fields to be investigated in Timeline ({pull}131255[#131255]). -* Adds the *Run Osquery* option to the *More actions* menu (*...*) in the Alerts table ({pull}131790[#131790]). -* Improves the performance of these actions on the bulk rule actions endpoint ({pull}130924[#130924]). +* Separates array values with commas in the Alerts table ({kib-pull}133297[#133297]). +* Exposes the EQL search settings `event_category_field`, `tiebreaker_field`, and `timestamp_field` through the rules API and UI for event correlation rules ({kib-pull}132247[#132247]). +* Adds the *Session ID* field to the *Highlighted fields* section of the Alert details flyout ({kib-pull}132219[#132219]). +* Adds Dashboards and Threat Hunting Landing pages ({kib-pull}130905[#130905]). +* Allows highlighted fields to be investigated in Timeline ({kib-pull}131255[#131255]). +* Adds the *Run Osquery* option to the *More actions* menu (*...*) in the Alerts table ({kib-pull}131790[#131790]). +* Improves the performance of these actions on the bulk rule actions endpoint ({kib-pull}130924[#130924]). ** `add_tags` ** `delete_tags` ** `set_tags` @@ -207,25 +207,25 @@ A new Lucene 9 validation change may cause event correlation rule (EQL) errors w ** `delete_index_patterns` ** `set_index_patterns` ** `set_timeline` -* Fixes a bug that caused the rule details page to crash when users opened a deleted or non-existent rule ({pull}133867[#133867]). -* Allows threshold alerts to be investigated in Timeline if filters are not provided ({pull}133733[#133733]). -* Prevents events from being added to cases from Timeline ({pull}133410[#133410]). -* Fixes a bug that prevented the Users and Hosts pages from resetting after being sorted ({pull}133111[#133111]). -* Removes the filter and investigate in Timeline options from the {agent} status in highlighted fields ({pull}132829[#132829], {pull}132586[#132586]). -* Improves the copy of Timeline tooltips ({pull}132756[#132756]). -* Fixes a validation bug that occurred when users were building a rule exception and changed the exception statement’s operator ({pull}131989[#131989]). -* Adds a checkmark to the pagination selection on the *Exceptions lists* page ({pull}131979[#131979]). -* Re-adds the success message that displays when users export an exceptions list ({pull}131952[#131952]). -* Updates import toast logic to accurately report the total number of failures ({pull}131873[#131873]). -* Ensures an error is not generated when the `agent.version` provided by an alert is in an unexpected format ({pull}131272[#131272]). -* Improves error checks for threshold rules ({pull}131088[#131088]). -* Expands support for migrating legacy rule actions ({pull}130511[#130511]). -* Fixes a bug that caused the *Add Rule Exception* flyout to unexpectedly close when users create the first exception for the rule from an alert ({pull}130187[#130187]). -* Corrects Rule name sorting so detection rules are ordered alphabetically, regardless of their casing ({pull}130105[#130105]). -* Improves the *Reporter* column in the Cases table ({pull}132200[#132200]). -* Adds the option to create a new case to the Select case pane ({pull}128882[#128882]). -* Allows {kibana-ref}/pre-configured-connectors.html[preconfigured connectors] to be used with cases ({pull}130372[#130372]). -* Inserts the deprecated icon next to deprecated preconfigured connectors ({pull}132237[#132237]). -* Updates the Case table so that all tags assigned to the case are displayed when users go to the case and hover over the *Tags* column ({pull}132023[#132023]). -* Adds Oauth support to the {sn} ITSM, SecOps, and ITOM connectors ({pull}131248[#131248]). -* Adds a setting to specify a list of allowed email domains, which can be used with the email connector ({pull}129001[#129001]). +* Fixes a bug that caused the rule details page to crash when users opened a deleted or non-existent rule ({kib-pull}133867[#133867]). +* Allows threshold alerts to be investigated in Timeline if filters are not provided ({kib-pull}133733[#133733]). +* Prevents events from being added to cases from Timeline ({kib-pull}133410[#133410]). +* Fixes a bug that prevented the Users and Hosts pages from resetting after being sorted ({kib-pull}133111[#133111]). +* Removes the filter and investigate in Timeline options from the {agent} status in highlighted fields ({kib-pull}132829[#132829], {kib-pull}132586[#132586]). +* Improves the copy of Timeline tooltips ({kib-pull}132756[#132756]). +* Fixes a validation bug that occurred when users were building a rule exception and changed the exception statement’s operator ({kib-pull}131989[#131989]). +* Adds a checkmark to the pagination selection on the *Exceptions lists* page ({kib-pull}131979[#131979]). +* Re-adds the success message that displays when users export an exceptions list ({kib-pull}131952[#131952]). +* Updates import toast logic to accurately report the total number of failures ({kib-pull}131873[#131873]). +* Ensures an error is not generated when the `agent.version` provided by an alert is in an unexpected format ({kib-pull}131272[#131272]). +* Improves error checks for threshold rules ({kib-pull}131088[#131088]). +* Expands support for migrating legacy rule actions ({kib-pull}130511[#130511]). +* Fixes a bug that caused the *Add Rule Exception* flyout to unexpectedly close when users create the first exception for the rule from an alert ({kib-pull}130187[#130187]). +* Corrects Rule name sorting so detection rules are ordered alphabetically, regardless of their casing ({kib-pull}130105[#130105]). +* Improves the *Reporter* column in the Cases table ({kib-pull}132200[#132200]). +* Adds the option to create a new case to the Select case pane ({kib-pull}128882[#128882]). +* Allows {kibana-ref}/pre-configured-connectors.html[preconfigured connectors] to be used with cases ({kib-pull}130372[#130372]). +* Inserts the deprecated icon next to deprecated preconfigured connectors ({kib-pull}132237[#132237]). +* Updates the Case table so that all tags assigned to the case are displayed when users go to the case and hover over the *Tags* column ({kib-pull}132023[#132023]). +* Adds Oauth support to the {sn} ITSM, SecOps, and ITOM connectors ({kib-pull}131248[#131248]). +* Adds a setting to specify a list of allowed email domains, which can be used with the email connector ({kib-pull}129001[#129001]). diff --git a/docs/release-notes/8.4.asciidoc b/docs/release-notes/8.4.asciidoc index 2b795fe86f..01a48f8595 100644 --- a/docs/release-notes/8.4.asciidoc +++ b/docs/release-notes/8.4.asciidoc @@ -8,8 +8,8 @@ [discrete] [[bug-fixes-8.4.3]] ==== Bug fixes and enhancements -* Aligns the delete icon in the Add Rule Exception flyout ({pull}141365[#141365]). -* Aligns the warning message title on the Rule details page with the warning icon ({pull}140719[#140719]). +* Aligns the delete icon in the Add Rule Exception flyout ({kib-pull}141365[#141365]). +* Aligns the warning message title on the Rule details page with the warning icon ({kib-pull}140719[#140719]). * Fixes a bug that sometimes caused {elastic-endpoint} to stop running on Windows endpoints (https://github.com/elastic/endpoint/issues/29[#29]). [discrete] @@ -58,11 +58,11 @@ NOTE: Uninstalling the {endpoint-cloud-sec} integration may temporarily cause {a [discrete] [[bug-fixes-8.4.2]] ==== Bug fixes and enhancements -* Removes access to the **Notes** and **Pinned** tabs in Timeline templates ({pull}140478[#140478]). -* Fixes a bug with the **Attach to existing case** option in Timeline ({pull}139929[#139929]). -* Fixes bugs in the Rules table that affected the selected rule count and bulk select feature ({pull}139461[#139461]). -* Fixes a bug that caused the Rules page to incorrectly notify users that a prebuilt rules update was available, even after rules were fully updated ({pull}139287[#139287]). -* Fixes a bug that prevented users from accessing alert details if they didn't have the appropriate privileges to view the internal index `.internal.alerts-security.alerts-`. Now, the Alert details flyout correctly uses the public alias index `.alerts-security.alerts-` ({pull}138331[#138331]). +* Removes access to the **Notes** and **Pinned** tabs in Timeline templates ({kib-pull}140478[#140478]). +* Fixes a bug with the **Attach to existing case** option in Timeline ({kib-pull}139929[#139929]). +* Fixes bugs in the Rules table that affected the selected rule count and bulk select feature ({kib-pull}139461[#139461]). +* Fixes a bug that caused the Rules page to incorrectly notify users that a prebuilt rules update was available, even after rules were fully updated ({kib-pull}139287[#139287]). +* Fixes a bug that prevented users from accessing alert details if they didn't have the appropriate privileges to view the internal index `.internal.alerts-security.alerts-`. Now, the Alert details flyout correctly uses the public alias index `.alerts-security.alerts-` ({kib-pull}138331[#138331]). [discrete] [[release-notes-8.4.1]] @@ -110,7 +110,7 @@ NOTE: Uninstalling the {endpoint-cloud-sec} integration may temporarily cause {a [discrete] [[bug-fixes-8.4.1]] ==== Bug fixes and enhancements -* Fixes a bug that caused the Rules page to incorrectly notify users that a prebuilt rules update was available, even after rules were fully updated ({pull}139287[#139287]). +* Fixes a bug that caused the Rules page to incorrectly notify users that a prebuilt rules update was available, even after rules were fully updated ({kib-pull}139287[#139287]). [discrete] [[release-notes-8.4.0]] @@ -119,9 +119,9 @@ NOTE: Uninstalling the {endpoint-cloud-sec} integration may temporarily cause {a [discrete] [[known-issue-8.4.0]] ==== Known issues -* If additional look-back time is set for the advanced query rule preview, alerts from source documents that are outside the preview time frame may not appear in the preview ({pull}137422[#137422]). +* If additional look-back time is set for the advanced query rule preview, alerts from source documents that are outside the preview time frame may not appear in the preview ({kib-pull}137422[#137422]). * A new Lucene 9 validation change may cause event correlation (EQL) rule errors whenever rule queries contain regular expressions using wildcard fields and predefined character classes (for example, `\w`, `\s`, `\d`). -* The Rules page incorrectly displays a notification that an update for prebuilt rules is available even if the rules have been fully updated. Currently, there is no way to remove or hide the notification ({pull}139095[#139095]). +* The Rules page incorrectly displays a notification that an update for prebuilt rules is available even if the rules have been fully updated. Currently, there is no way to remove or hide the notification ({kib-pull}139095[#139095]). * In some situations, {elastic-endpoint} might change to a non-running state on Windows endpoints and fail to restart. {agent} will appear `Unhealthy` when this happens (https://github.com/elastic/endpoint/issues/29[#29]). + To determine whether {elastic-endpoint} has stopped running because of this issue, run the following PowerShell command as an administrator: @@ -166,59 +166,59 @@ There are no breaking changes in 8.4.0. [discrete] [[features-8.4.0]] ==== Features -* Creates a new rule type, New Terms, that creates an alert when a value appears for the first time in a particular field ({pull}134526[#134526]). -* Adds the Insights section to the Alert details flyout to show related cases and alerts ({pull}136009[#136009], {pull}138419[#138419]) -* Shows process alerts in the event process analyzer ({pull}135340[#135340]). -* Adds support for wildcard exceptions for detection rules. New operators are `matches` and `does not match` ({pull}136147[#136147]). -* Adds a new search query parameter, `dry_run`, to the bulk actions API that allows you to simulate a bulk action without permanently updating rules ({pull}134664[#134664]). -* Creates the response console, an interface that enables you to take actions on specific hosts ({pull}135360[#135360], {pull}134520[#134520]). -* Includes integration policy errors and statuses in {fleet} and {elastic-sec} to help troubleshoot when an {agent} has an `Unhealthy` status ({pull}136241[#136241], {pull}136038[#136038]). +* Creates a new rule type, New Terms, that creates an alert when a value appears for the first time in a particular field ({kib-pull}134526[#134526]). +* Adds the Insights section to the Alert details flyout to show related cases and alerts ({kib-pull}136009[#136009], {kib-pull}138419[#138419]) +* Shows process alerts in the event process analyzer ({kib-pull}135340[#135340]). +* Adds support for wildcard exceptions for detection rules. New operators are `matches` and `does not match` ({kib-pull}136147[#136147]). +* Adds a new search query parameter, `dry_run`, to the bulk actions API that allows you to simulate a bulk action without permanently updating rules ({kib-pull}134664[#134664]). +* Creates the response console, an interface that enables you to take actions on specific hosts ({kib-pull}135360[#135360], {kib-pull}134520[#134520]). +* Includes integration policy errors and statuses in {fleet} and {elastic-sec} to help troubleshoot when an {agent} has an `Unhealthy` status ({kib-pull}136241[#136241], {kib-pull}136038[#136038]). * Adds Attack surface reduction protections feature to reduce vulnerabilities on Windows endpoints. Credential hardening prevents attackers from stealing credentials stored in Windows system process memory. * Adds an endpoint self-healing feature to roll back file changes and processes on Windows endpoints when a prevention alert is generated by enabled protection features. -* Adds the ability to run query packs as live queries ({pull}132198[#132198]). +* Adds the ability to run query packs as live queries ({kib-pull}132198[#132198]). * Provides support for process, file, and network events in Kubernetes. You must enable the session view data setting on your {endpoint-cloud-sec} integration policy to enrich these events with session data and Kubernetes metadata fields. * Adds support for Amazon Elastic Kubernetes Service (EKS) to Kubernetes Security Posture Management (KSPM). -* Adds new fields to prebuilt detection rules' schemas: `related_integrations`, `required_fields`, and `setup` ({pull}132409[#132409]). -* Adds the *Related integrations*, *Required fields*, and *Setup guide* sections to the rule details page to help users identify and meet a rule's prerequisites. Also adds the related integrations badge to the Rules table ({pull}131475[#131475]). +* Adds new fields to prebuilt detection rules' schemas: `related_integrations`, `required_fields`, and `setup` ({kib-pull}132409[#132409]). +* Adds the *Related integrations*, *Required fields*, and *Setup guide* sections to the rule details page to help users identify and meet a rule's prerequisites. Also adds the related integrations badge to the Rules table ({kib-pull}131475[#131475]). [discrete] [[bug-fixes-8.4.0]] ==== Bug fixes and enhancements -* Updates the Network page's UI to match the Hosts and Users pages ({pull}137541[#137541], {pull}136913[#136913]). -* Improves the experience of bulk editing index patterns on rules by warning users early that machine learning rules can’t be edited ({pull}134664[#134664]). -* Enhances rule previews with configurable rule intervals and look-back times ({pull}137102[#137102]). -* Enhances the `status pending` badge for endpoint actions with a detailed status when you hover on it ({pull}136966[#136966]). -* Turns grouped navigation on by default ({pull}136819[#136819]). -* Improves the experience of bulk exporting rules by informing users early which rules can and cannot be exported ({pull}136418[#136418]). -* Adds index pattern information to the Inspect panel ({pull}136407[#136407]). -* Adds a custom dashboards table to the Dashboards page ({pull}136221[#136221], {pull}136671[#136671]). -* Fixes a performance issue with creating alerts from source documents that contain a large number of fields ({pull}135956[#135956]). -* Updates the rule exceptions UI ({pull}135255[#135255]). -* Fixes performance issues with rules management ({pull}135311[#135311]). -* Allows you to disable `@timestamp` as a fallback timestamp field when you've defined a timestamp override ({pull}135116[#135116]). -* Enhances the host risk score UI ({pull}133708[#133708]). -* Updates the lists index template to use new logic ({pull}133067[#133067]). -* Adds event filters to event correlation rules ({pull}132507[#132507]). -* Allows you to define a data view as the rule's data source, making runtime fields available for rule configuration ({pull}130929[#130929]). -* Creates a single visualization pane on the Alerts page, and adds a treemap visualization that shows the distribution of alerts as nested, proportionally-sized tiles ({pull}126896[#126896]). -* Fixes an incorrect counter for exported rules ({pull}138598[#138598]). -* Fixes event filters based on OS version ({pull}138517[#138517]). -* Fixes a bug that could change the batch size for event search in indicator rules ({pull}138356[#138356]). -* Fixes a bug that prevented users from accessing alert details if they didn't have the appropriate privileges to view the internal index `.internal.alerts-security.alerts-`. Now, the Alert details flyout correctly uses the public alias index `.alerts-security.alerts-` ({pull}138331[#138331]). -* Fixes the preview button for {ml} rules ({pull}137878[#137878]). -* Fixes a bug that could crash the Endpoints list when a policy ID was missing ({pull}137788[#137788]). -* Fixes a bug that could interfere with opening host or user details pages ({pull}137719[#137719]). -* Fixes several bugs related to refreshing the Alerts page ({pull}137620[#137620]). -* Fixes a bug that prevented threshold rules' Timeline templates from being respected during investigations ({pull}137233[#137233]). -* Fixes a permissions bug related to the **Save Timeline** button ({pull}136724[#136724]). -* Fixes a bug with selecting Timeline templates with the same name ({pull}135694[#135694]). -* Fixes field aliases to `signal-threshold_result.*` ({pull}135565[#135565]). -* Fixes a bug that lost track of which rules you had selected after refreshing the Rules page ({pull}135533[#135533]). -* Fixes a bug that lost track of which rules you had selected after applying a bulk action on the Rules page ({pull}135291[#135291]). -* Fixes a bug that prevented the Rules table from pausing auto-refresh while bulk actions were being applied ({pull}135208[135208]). -* Fixes a bug that could cause queries with nested fields to fail when opened ({pull}134866[#134866]). -* Fixes a bug that slowed down the display of network details ({pull}133539[#133539]). -* Various minor bug fixes and enhancements ({pull}133079[#133079], {pull}138135[#138135], {pull}137588[#137588], {pull}137511[#137511], {pull}137492[#137492], {pull}135907[#135907], {pull}135426[#135426]). +* Updates the Network page's UI to match the Hosts and Users pages ({kib-pull}137541[#137541], {kib-pull}136913[#136913]). +* Improves the experience of bulk editing index patterns on rules by warning users early that machine learning rules can’t be edited ({kib-pull}134664[#134664]). +* Enhances rule previews with configurable rule intervals and look-back times ({kib-pull}137102[#137102]). +* Enhances the `status pending` badge for endpoint actions with a detailed status when you hover on it ({kib-pull}136966[#136966]). +* Turns grouped navigation on by default ({kib-pull}136819[#136819]). +* Improves the experience of bulk exporting rules by informing users early which rules can and cannot be exported ({kib-pull}136418[#136418]). +* Adds index pattern information to the Inspect panel ({kib-pull}136407[#136407]). +* Adds a custom dashboards table to the Dashboards page ({kib-pull}136221[#136221], {kib-pull}136671[#136671]). +* Fixes a performance issue with creating alerts from source documents that contain a large number of fields ({kib-pull}135956[#135956]). +* Updates the rule exceptions UI ({kib-pull}135255[#135255]). +* Fixes performance issues with rules management ({kib-pull}135311[#135311]). +* Allows you to disable `@timestamp` as a fallback timestamp field when you've defined a timestamp override ({kib-pull}135116[#135116]). +* Enhances the host risk score UI ({kib-pull}133708[#133708]). +* Updates the lists index template to use new logic ({kib-pull}133067[#133067]). +* Adds event filters to event correlation rules ({kib-pull}132507[#132507]). +* Allows you to define a data view as the rule's data source, making runtime fields available for rule configuration ({kib-pull}130929[#130929]). +* Creates a single visualization pane on the Alerts page, and adds a treemap visualization that shows the distribution of alerts as nested, proportionally-sized tiles ({kib-pull}126896[#126896]). +* Fixes an incorrect counter for exported rules ({kib-pull}138598[#138598]). +* Fixes event filters based on OS version ({kib-pull}138517[#138517]). +* Fixes a bug that could change the batch size for event search in indicator rules ({kib-pull}138356[#138356]). +* Fixes a bug that prevented users from accessing alert details if they didn't have the appropriate privileges to view the internal index `.internal.alerts-security.alerts-`. Now, the Alert details flyout correctly uses the public alias index `.alerts-security.alerts-` ({kib-pull}138331[#138331]). +* Fixes the preview button for {ml} rules ({kib-pull}137878[#137878]). +* Fixes a bug that could crash the Endpoints list when a policy ID was missing ({kib-pull}137788[#137788]). +* Fixes a bug that could interfere with opening host or user details pages ({kib-pull}137719[#137719]). +* Fixes several bugs related to refreshing the Alerts page ({kib-pull}137620[#137620]). +* Fixes a bug that prevented threshold rules' Timeline templates from being respected during investigations ({kib-pull}137233[#137233]). +* Fixes a permissions bug related to the **Save Timeline** button ({kib-pull}136724[#136724]). +* Fixes a bug with selecting Timeline templates with the same name ({kib-pull}135694[#135694]). +* Fixes field aliases to `signal-threshold_result.*` ({kib-pull}135565[#135565]). +* Fixes a bug that lost track of which rules you had selected after refreshing the Rules page ({kib-pull}135533[#135533]). +* Fixes a bug that lost track of which rules you had selected after applying a bulk action on the Rules page ({kib-pull}135291[#135291]). +* Fixes a bug that prevented the Rules table from pausing auto-refresh while bulk actions were being applied ({kib-pull}135208[135208]). +* Fixes a bug that could cause queries with nested fields to fail when opened ({kib-pull}134866[#134866]). +* Fixes a bug that slowed down the display of network details ({kib-pull}133539[#133539]). +* Various minor bug fixes and enhancements ({kib-pull}133079[#133079], {kib-pull}138135[#138135], {kib-pull}137588[#137588], {kib-pull}137511[#137511], {kib-pull}137492[#137492], {kib-pull}135907[#135907], {kib-pull}135426[#135426]). * Fixes an {endpoint-cloud-sec} bug on macOS and Linux that could cause CPU spikes if malware protection is enabled on an {endpoint-cloud-sec} integration policy (https://github.com/elastic/endpoint/issues/22[#22]). * Fixes a bug that could cause {endpoint-cloud-sec} to crash when outputting log data to {ls}. * Allows {endpoint-cloud-sec} to be added to agents running on Ubuntu 22.04 and Debian 11. diff --git a/docs/release-notes/8.5.asciidoc b/docs/release-notes/8.5.asciidoc index 918081f420..2355f915d9 100644 --- a/docs/release-notes/8.5.asciidoc +++ b/docs/release-notes/8.5.asciidoc @@ -16,8 +16,8 @@ Upgrading to 8.6 or higher resolves this issue. If you’d prefer to stay on 8.5 [[bug-fixes-8.5.3]] ==== Bug fixes and enhancements * Fixes a bug that caused {elastic-endpoint} to crash when running on busy Linux systems, and when network event collection or malicious behavior protection was enabled. -* Fixes a bug that prevented Osquery packs from being ran outside of the default {kib} space ({pull}146410[#146410]). -* Improves the "permissions required" message that appears on Cloud Posture pages for users without necessary permissions ({pull}145794[#145794]). +* Fixes a bug that prevented Osquery packs from being ran outside of the default {kib} space ({kib-pull}146410[#146410]). +* Improves the "permissions required" message that appears on Cloud Posture pages for users without necessary permissions ({kib-pull}145794[#145794]). [discrete] [[release-notes-8.5.2]] @@ -50,13 +50,13 @@ Upgrading to 8.6 or higher resolves this issue. If you’d prefer to stay on 8.5 [[bug-fixes-8.5.1]] ==== Bug fixes and enhancements * Fixes a bug that caused {elastic-endpoint}s running on Linux systems with many CPUs to sometimes become unhealthy (https://github.com/elastic/endpoint/issues/34[#34]). -* Fixes a bug that caused incorrect alerts to display in Timeline when investigating alerts from the Detection & Response dashboard ({pull}144319[#144319]). -* Updates the User authentication area chart so it can be opened in Lens ({pull}144011[#144011]). -* Fixes the {jira} connector icon for users with a Basic license ({pull}143916[#143916]). -* Updates the link in the machine learning rule type card to direct users towards the Elastic licensing page ({pull}143836[#143836]). -* Turns off the option to edit machine learning rules if users don’t have the Machine Learning privilege in Kibana set to `All` ({pull}143260[#143260]). -* Removes the ability to enable and disable machine learning rules from the UI for users without the Machine Learning privilege in Kibana set to `All` ({pull}143252[#143252]). -* Fixes bug that caused the Indicators page to crash ({pull}144348[#144348], {pull}144651[#144651]). +* Fixes a bug that caused incorrect alerts to display in Timeline when investigating alerts from the Detection & Response dashboard ({kib-pull}144319[#144319]). +* Updates the User authentication area chart so it can be opened in Lens ({kib-pull}144011[#144011]). +* Fixes the {jira} connector icon for users with a Basic license ({kib-pull}143916[#143916]). +* Updates the link in the machine learning rule type card to direct users towards the Elastic licensing page ({kib-pull}143836[#143836]). +* Turns off the option to edit machine learning rules if users don’t have the Machine Learning privilege in Kibana set to `All` ({kib-pull}143260[#143260]). +* Removes the ability to enable and disable machine learning rules from the UI for users without the Machine Learning privilege in Kibana set to `All` ({kib-pull}143252[#143252]). +* Fixes bug that caused the Indicators page to crash ({kib-pull}144348[#144348], {kib-pull}144651[#144651]). [discrete] [[release-notes-8.5.0]] @@ -65,7 +65,7 @@ Upgrading to 8.6 or higher resolves this issue. If you’d prefer to stay on 8.5 [discrete] [[known-issue-8.5.0]] ==== Known issues -* Users might experience slightly longer installation and upgrade times for the user and host risk score features ({pull}142434[#142434]). +* Users might experience slightly longer installation and upgrade times for the user and host risk score features ({kib-pull}142434[#142434]). * Version 8.5.0 {elastic-endpoint}s running on Linux systems with many CPUs may become unhealthy. For a workaround refer to https://github.com/elastic/endpoint/issues/34[issue #34]. * The rule details page and **Edit rule settings** page load indefinitely if you edit a rule that has the `saved_id` property configured. All rule types, except for the custom query rule, are affected. + @@ -75,74 +75,74 @@ Upgrading to 8.6 or higher resolves this issue. If you’d prefer to stay on 8.5 [[breaking-changes-8.5.0]] ==== Breaking changes -* Host and user risk score features that were installed in 8.4 or earlier are not ECS-compatible and, therefore, cannot generate new risk scores in 8.5. Before upgrading, users can archive their existing risk indices if they want to keep their old host and user risk scores. Otherwise, new risk indices will be generated once users upgrade host and user risk score features ({pull}140377[#140377]). +* Host and user risk score features that were installed in 8.4 or earlier are not ECS-compatible and, therefore, cannot generate new risk scores in 8.5. Before upgrading, users can archive their existing risk indices if they want to keep their old host and user risk scores. Otherwise, new risk indices will be generated once users upgrade host and user risk score features ({kib-pull}140377[#140377]). [discrete] [[deprecations-8.5.0]] ==== Deprecations -* Deprecates the risk score index and displays the **Upgrade** button in host and user risk score cards on the Entity Analytics dashboard ({pull}140143[#140143]). +* Deprecates the risk score index and displays the **Upgrade** button in host and user risk score cards on the Entity Analytics dashboard ({kib-pull}140143[#140143]). [discrete] [[features-8.5.0]] ==== Features -* Endpoint response actions history can be filtered and searched ({pull}134520[#134520], {pull}140259[#140259], {pull}138982[#138982], {pull}140975[#140975]). -* Endpoint response actions history has a standalone page for all endpoints ({pull}140306[#140306]). -* Introduces the Entity Analytics dashboard, which showcases host and user risk scores and anomalies. Also adds host and user risk data to the user and host detail pages. These features require a Platinum license or higher. ({pull}137688[#137688], {pull}140270[#140270], {pull}139462[#139462]). -* Updates the *Anomalies* tab to display the same quantity of anomalies when navigating from the Entity Analytics dashboard ({pull}139910[#139910]). -* Enriches alerts with host and user risk scores ({pull}139478[#139478]). -* Enables the Indicators page by default if users have an https://www.elastic.co/pricing[Enterprise subscription] and makes the functionality generally available ({pull}141117[#141117]). -* Allows indicator data to be investigated in Timeline by including the *Add to Timeline* button throughout the Indicators table ({pull}138836[#138836], {pull}140496[#140496]). -* Removes the Host risk score card from the Overview dashboard ({pull}140177[#140177]). -* Adds the option to bulk edit rule schedules to the bulk actions menu in the Rules table ({pull}140166[#140166]). -* Adds the option to bulk edit rule actions to the bulk actions menu in the Rules table ({pull}138900[#138900]). -* Adds an alert count card to the User, Host, and Network detail pages. The card shows alerts per rule and can be filtered by alert status ({pull}140150[#140150]). -* Allows users to examine alerts associated with events and enables the Alerts related by process ancestry section by default if they have a https://www.elastic.co/pricing[Platinum or Enterprise subscription] ({pull}140006[#140006]). -* Enables the Alerts related by session ID section by default. It appears in the Alert details flyout if users have a https://www.elastic.co/pricing[Platinum or Enterprise subscription] ({pull}140006[#140006]). -* Renames the Elastic Endpoint and Cloud Security integration to the Elastic Defend integration ({pull}139517[#139517]). -* Adds preconfigured use cases to the setup wizard for the {elastic-defend} integration (formerly known as Endpoint and Cloud Security), each with different default settings ({pull}139230[#139230]). -* Updates the UI for the rule details page's *Exceptions* tab ({pull}138770[#138770]). -* Enables the Osquery Response Action on custom query detection rules, and adds an *Osquery Results* tab to the Alert details flyout. Users can use the Osquery Response Action to immediately query hosts that generate alerts ({pull}133279[#133279]). -* Enables rule exceptions to reference value lists, regardless of rule type. One caveat is that text type value lists still do not work for EQL and threshold rules ({pull}133254[#133254]). -* Introduces the new alert renderer, which concisely displays a detailed summary of the `kibana.alert.reason` field. It appears in Timeline, throughout the Alerts page, and on the Alert details flyout ({pull}140825[#140825]). +* Endpoint response actions history can be filtered and searched ({kib-pull}134520[#134520], {kib-pull}140259[#140259], {kib-pull}138982[#138982], {kib-pull}140975[#140975]). +* Endpoint response actions history has a standalone page for all endpoints ({kib-pull}140306[#140306]). +* Introduces the Entity Analytics dashboard, which showcases host and user risk scores and anomalies. Also adds host and user risk data to the user and host detail pages. These features require a Platinum license or higher. ({kib-pull}137688[#137688], {kib-pull}140270[#140270], {kib-pull}139462[#139462]). +* Updates the *Anomalies* tab to display the same quantity of anomalies when navigating from the Entity Analytics dashboard ({kib-pull}139910[#139910]). +* Enriches alerts with host and user risk scores ({kib-pull}139478[#139478]). +* Enables the Indicators page by default if users have an https://www.elastic.co/pricing[Enterprise subscription] and makes the functionality generally available ({kib-pull}141117[#141117]). +* Allows indicator data to be investigated in Timeline by including the *Add to Timeline* button throughout the Indicators table ({kib-pull}138836[#138836], {kib-pull}140496[#140496]). +* Removes the Host risk score card from the Overview dashboard ({kib-pull}140177[#140177]). +* Adds the option to bulk edit rule schedules to the bulk actions menu in the Rules table ({kib-pull}140166[#140166]). +* Adds the option to bulk edit rule actions to the bulk actions menu in the Rules table ({kib-pull}138900[#138900]). +* Adds an alert count card to the User, Host, and Network detail pages. The card shows alerts per rule and can be filtered by alert status ({kib-pull}140150[#140150]). +* Allows users to examine alerts associated with events and enables the Alerts related by process ancestry section by default if they have a https://www.elastic.co/pricing[Platinum or Enterprise subscription] ({kib-pull}140006[#140006]). +* Enables the Alerts related by session ID section by default. It appears in the Alert details flyout if users have a https://www.elastic.co/pricing[Platinum or Enterprise subscription] ({kib-pull}140006[#140006]). +* Renames the Elastic Endpoint and Cloud Security integration to the Elastic Defend integration ({kib-pull}139517[#139517]). +* Adds preconfigured use cases to the setup wizard for the {elastic-defend} integration (formerly known as Endpoint and Cloud Security), each with different default settings ({kib-pull}139230[#139230]). +* Updates the UI for the rule details page's *Exceptions* tab ({kib-pull}138770[#138770]). +* Enables the Osquery Response Action on custom query detection rules, and adds an *Osquery Results* tab to the Alert details flyout. Users can use the Osquery Response Action to immediately query hosts that generate alerts ({kib-pull}133279[#133279]). +* Enables rule exceptions to reference value lists, regardless of rule type. One caveat is that text type value lists still do not work for EQL and threshold rules ({kib-pull}133254[#133254]). +* Introduces the new alert renderer, which concisely displays a detailed summary of the `kibana.alert.reason` field. It appears in Timeline, throughout the Alerts page, and on the Alert details flyout ({kib-pull}140825[#140825]). * Introduces the <> (KSPM) integration as GA. You can now use it to monitor the security posture of your self-managed and Amazon EKS clusters, in addition to unmanaged clusters. -* Adds a status filter to the Endpoints Response actions page ({pull}139982[#139982]). -* Shows host names on the Endpoints Response actions page ({pull}139379[#139379]). +* Adds a status filter to the Endpoints Response actions page ({kib-pull}139982[#139982]). +* Shows host names on the Endpoints Response actions page ({kib-pull}139379[#139379]). [discrete] [[bug-fixes-8.5.0]] ==== Bug fixes and enhancements -* Endpoint response actions console UI indicates if response action commands aren't supported by the installed version of {agent} ({pull}138662[#138662]). +* Endpoint response actions console UI indicates if response action commands aren't supported by the installed version of {agent} ({kib-pull}138662[#138662]). * Fixes a bug that sometimes caused event correlation rule (EQL) errors whenever rule queries contained regular expressions using wildcard fields and predefined character classes (for example, `\w`, `\s`, `\d`) (https://github.com/elastic/elasticsearch/pull/90064[#90064]). * Adds the `has_guide` tag to all prebuilt rules with investigation guides. Users can filter the Rules table by this tag to quickly find prebuilt rules with investigation guides (https://github.com/elastic/detection-rules/pull/2297[#2297]). -* Informs users when the event analyzer's current time range is too narrow to include event data ({pull}140831[#140831]). -* Lets users inspect bar charts and data grids, as with other data visualizations ({pull}140810[#140810]). -* Makes the Indicators table sortable by any column ({pull}140582[#140582]). -* Provides the ability to add fields to Indicators table ({pull}138882[#138882]). -* Updates the rule preview UI to be available at any step of creating or editing a detection rule. Rule previews are also now available for Elastic prebuilt rules, and include exceptions and field overrides ({pull}140221[#140221]). -* Adds an overview tab to the Indicator details flyout ({pull}140073[#140073]). -* Improves the UI for saved rule queries ({pull}140064[#140064]). -* Computes `threat.indicator.name` on the {es} server instead of on the client ({pull}139814[#139814]). -* Makes the state of tables throughout {elastic-sec} persist; for example, when users toggle between table view and grid view ({pull}139696[#139696]). -* Lets users enable multiple filters using various plus `+` and minus `-` buttons. Previously, adding a new filter in this way could remove the existing filters ({pull}139616[#139616]). -* Updates rule details page URLs to specify which tab to focus ({pull}139592[#139592]). -* Simplifies the process of adding a rule exception ({pull}138169[#138169]). -* Hides the process ancestry insights interface when data is unavailable ({pull}141751[#141751]). -* Formats the Rules table's `Last Gap` column in a human readable way ({pull}141363[#141363]). -* Introduces fuzzy search for user names in the Actions Log ({pull}141239[#141239]). -* Improves the layout for the *Add Field* menu ({pull}141084[#141084]). -* Restores users' ability to create exceptions with leading or trailing white space ({pull}139617[#139617]). -* Fixes two minor bugs with the *Overwrite existing rules* option for rule import ({pull}138758[#138758], {pull}139470[#139470]). -* Fixes a bug that made the `binary` field type appear usable in Exception entries despite not being supported ({pull}139370[#139370]). -* Fixes a bug that prevented a toast message from appearing after users export a rule from the rule details page ({pull}139209[#139209]). -* Fixes sorting and pagination bugs on the *Import value lists* menu ({pull}138381[#138381]). -* Mimics native link behavior for single-page application links ({pull}142304[#142304]). -* Fixes validation issues within the rule Actions tab ({pull}141811[#141811]). -* Fixes a bug with visualization types on the Hosts, Network, Users page ({pull}141235[#141235]). -* Updates the documentation link on the Trusted applications page ({pull}142467[#142467]). -* Provides the ability to run Osquery from a rule's investigation guide ({pull}95149[#95149]). -* Improves Timeline’s performance when users investigate alerts related by process ancestry ({pull}142805[#142805]). -* Fixes a rule import bug that removed references to exception lists ({pull}143882[#143882]). -* Fixes a bug that prevented the authentication area chart on the Users page to be opened in Lens ({pull}144011[#144011]). -* Shows the Host isolation exceptions page if users have a https://www.elastic.co/pricing[Platinum or Enterprise subscription] ({pull}143362[#143362]). -* Fixes displayed commands in the Endpoint response actions log ({pull}140378[#140378]). -* Updates the pagination header color in the Endpoint response actions history table ({pull}141847[#141847]). +* Informs users when the event analyzer's current time range is too narrow to include event data ({kib-pull}140831[#140831]). +* Lets users inspect bar charts and data grids, as with other data visualizations ({kib-pull}140810[#140810]). +* Makes the Indicators table sortable by any column ({kib-pull}140582[#140582]). +* Provides the ability to add fields to Indicators table ({kib-pull}138882[#138882]). +* Updates the rule preview UI to be available at any step of creating or editing a detection rule. Rule previews are also now available for Elastic prebuilt rules, and include exceptions and field overrides ({kib-pull}140221[#140221]). +* Adds an overview tab to the Indicator details flyout ({kib-pull}140073[#140073]). +* Improves the UI for saved rule queries ({kib-pull}140064[#140064]). +* Computes `threat.indicator.name` on the {es} server instead of on the client ({kib-pull}139814[#139814]). +* Makes the state of tables throughout {elastic-sec} persist; for example, when users toggle between table view and grid view ({kib-pull}139696[#139696]). +* Lets users enable multiple filters using various plus `+` and minus `-` buttons. Previously, adding a new filter in this way could remove the existing filters ({kib-pull}139616[#139616]). +* Updates rule details page URLs to specify which tab to focus ({kib-pull}139592[#139592]). +* Simplifies the process of adding a rule exception ({kib-pull}138169[#138169]). +* Hides the process ancestry insights interface when data is unavailable ({kib-pull}141751[#141751]). +* Formats the Rules table's `Last Gap` column in a human readable way ({kib-pull}141363[#141363]). +* Introduces fuzzy search for user names in the Actions Log ({kib-pull}141239[#141239]). +* Improves the layout for the *Add Field* menu ({kib-pull}141084[#141084]). +* Restores users' ability to create exceptions with leading or trailing white space ({kib-pull}139617[#139617]). +* Fixes two minor bugs with the *Overwrite existing rules* option for rule import ({kib-pull}138758[#138758], {kib-pull}139470[#139470]). +* Fixes a bug that made the `binary` field type appear usable in Exception entries despite not being supported ({kib-pull}139370[#139370]). +* Fixes a bug that prevented a toast message from appearing after users export a rule from the rule details page ({kib-pull}139209[#139209]). +* Fixes sorting and pagination bugs on the *Import value lists* menu ({kib-pull}138381[#138381]). +* Mimics native link behavior for single-page application links ({kib-pull}142304[#142304]). +* Fixes validation issues within the rule Actions tab ({kib-pull}141811[#141811]). +* Fixes a bug with visualization types on the Hosts, Network, Users page ({kib-pull}141235[#141235]). +* Updates the documentation link on the Trusted applications page ({kib-pull}142467[#142467]). +* Provides the ability to run Osquery from a rule's investigation guide ({kib-pull}95149[#95149]). +* Improves Timeline’s performance when users investigate alerts related by process ancestry ({kib-pull}142805[#142805]). +* Fixes a rule import bug that removed references to exception lists ({kib-pull}143882[#143882]). +* Fixes a bug that prevented the authentication area chart on the Users page to be opened in Lens ({kib-pull}144011[#144011]). +* Shows the Host isolation exceptions page if users have a https://www.elastic.co/pricing[Platinum or Enterprise subscription] ({kib-pull}143362[#143362]). +* Fixes displayed commands in the Endpoint response actions log ({kib-pull}140378[#140378]). +* Updates the pagination header color in the Endpoint response actions history table ({kib-pull}141847[#141847]). diff --git a/docs/release-notes/8.6.asciidoc b/docs/release-notes/8.6.asciidoc index fe3340760d..b42340cd08 100644 --- a/docs/release-notes/8.6.asciidoc +++ b/docs/release-notes/8.6.asciidoc @@ -13,7 +13,7 @@ [discrete] [[bug-fixes-8.6.2]] ==== Bug fixes and enhancements -* Fixes a bug that prevented related alerts from closing when the *Close all alerts that match this exception* option was selected on an exception ({pull}150765[#150765]). +* Fixes a bug that prevented related alerts from closing when the *Close all alerts that match this exception* option was selected on an exception ({kib-pull}150765[#150765]). * Ensures {elastic-endpoint} sends intermediate certificates to the server for SSL validation. [discrete] @@ -29,8 +29,8 @@ [[bug-fixes-8.6.1]] ==== Bug fixes and enhancements * Fixes a bug that prevented Osquery results from being viewed in {kib} when using the Osquery Manager integration with {agent}. Upgrade to {stack} version 8.6.1 and {agent} 8.6.1 to apply this fix to your deployment (https://github.com/elastic/beats/issues/34250[#34250]). -* Fixes a bug that impacted the way Osquery results were displayed in Lens and Discover ({pull}148260[#148260]). -* Adds an advanced setting to the {elastic-defend} policy that allows users to enable or disable host isolation on Linux endpoints ({pull}149177[#149177]). +* Fixes a bug that impacted the way Osquery results were displayed in Lens and Discover ({kib-pull}148260[#148260]). +* Adds an advanced setting to the {elastic-defend} policy that allows users to enable or disable host isolation on Linux endpoints ({kib-pull}149177[#149177]). [discrete] [[release-notes-8.6.0]] @@ -58,71 +58,71 @@ There are no deprecations in 8.6.0. [discrete] [[features-8.6.0]] ==== Features -* Allows you to add indicators to new or existing cases ({pull}145121[#145121]). -* Adds the `is one of` operator to the *Add field* menu in Timeline ({pull}144988[#144988]). -* Adds an "Add to timeline investigation" button to the User Risk Scores and Host Risk Scores cards on the Entity Analytics dashboard ({pull}144819[#144819]). -* Provides the option to duplicate rules and their exceptions or rules only ({pull}144782[#144782]). -* Improves the Shared Exception Lists page and allows you to export read-only exception lists ({pull}144383[#144383]). -* Enables you to build runtime queries using alert data or hard-coded literal values. (Technical preview only). ({pull}145240[#145240]). -* Creates a new connector for Tines ({pull}143505[#143505]). -* Updates the UI for adding and editing exceptions ({pull}143127[#143127]). -* Creates a Shared Exception Lists page for creating, viewing, and modifying shared exception lists ({pull}143041[#143041]). -* Enables you to bulk-add up to 4000 events to Timeline ({pull}142737[#142737]). -* Enables alert suppression per rule execution for custom query rules ({pull}142686[#142686]). -* Improves role-based access controls for {kib} users performing response actions ({pull}142825[#142825]). +* Allows you to add indicators to new or existing cases ({kib-pull}145121[#145121]). +* Adds the `is one of` operator to the *Add field* menu in Timeline ({kib-pull}144988[#144988]). +* Adds an "Add to timeline investigation" button to the User Risk Scores and Host Risk Scores cards on the Entity Analytics dashboard ({kib-pull}144819[#144819]). +* Provides the option to duplicate rules and their exceptions or rules only ({kib-pull}144782[#144782]). +* Improves the Shared Exception Lists page and allows you to export read-only exception lists ({kib-pull}144383[#144383]). +* Enables you to build runtime queries using alert data or hard-coded literal values. (Technical preview only). ({kib-pull}145240[#145240]). +* Creates a new connector for Tines ({kib-pull}143505[#143505]). +* Updates the UI for adding and editing exceptions ({kib-pull}143127[#143127]). +* Creates a Shared Exception Lists page for creating, viewing, and modifying shared exception lists ({kib-pull}143041[#143041]). +* Enables you to bulk-add up to 4000 events to Timeline ({kib-pull}142737[#142737]). +* Enables alert suppression per rule execution for custom query rules ({kib-pull}142686[#142686]). +* Improves role-based access controls for {kib} users performing response actions ({kib-pull}142825[#142825]). [discrete] [[bug-fixes-8.6.0]] ==== Bug fixes and enhancements -* Adds the *View indicators* button to the Threat Intelligence card ({pull}145125[#145125]). -* Improves the interface for creating rule exceptions and shared exception lists ({pull}144575[#144575]). -* Adds cases metadata in the Cases panel on the alert details page ({pull}144430[#144430]). -* Improves the UX for managing {ml} jobs while managing {ml} rules ({pull}144080[#144080]). -* Enables you to run {ml} jobs from the Notable Anomalies table ({pull}142861[#142861]). -* Updates the take action UI for charts on the Hosts, Users, and Network pages ({pull}138369[#138369]). -* Adds a *Respond* button to the Host Details page for hosts with an {agent} installed ({pull}143988[#143988]). -* Allows you to add up to three new terms to New Terms rule queries, enabling you to create alerts when multiple new terms appear in the same event ({pull}143943[#143943]). -* Allows you to launch Timeline from the Entity Analytics dashboard by clicking alert counts ({pull}143841[#143841]). -* Adds missing TLP Marking badges to the Indicators table and Indicator details flyout ({pull}143431[#143431]). -* Ensures the empty state of the Indicators page does not appear when threat intelligence integrations are installed ({pull}143328[#143328]). -* Turns the anomalies count on the Entity Analytics dashboard into a link that goes to the Anomalies table ({pull}143085[#143085]). -* Pre-selects the `threat` category when you open the Fields browser ({pull}142698[#142698]). -* Adds a `copy to clipboard` action for indicators in the Indicators table ({pull}142675[#142675]). -* Adds a `User risk classification` column to the Users table ({pull}142610[#142610]). -* Adds a label to the Indicators page that states when it was last updated ({pull}142560[#142560]). -* Specifies that links from the Threat Intelligence page to the Integrations page should open the Threat Intelligence integrations category ({pull}142538[#142538]). -* Enables full-screen mode on the Indicators table ({pull}142519[#142519]). -* Implements the standard search bar and date picker on the Threat Intelligence page ({pull}142336[#142336]). -* Updates the design of the Shared Exception Lists page ({pull}142289[#142289]). -* Displays comments for expanded items in the Action history page ({pull}141938[#141938]). -* Adds HTTP 409 conflict response status codes to error messages for several API requests ({pull}146389[#146389]). +* Adds the *View indicators* button to the Threat Intelligence card ({kib-pull}145125[#145125]). +* Improves the interface for creating rule exceptions and shared exception lists ({kib-pull}144575[#144575]). +* Adds cases metadata in the Cases panel on the alert details page ({kib-pull}144430[#144430]). +* Improves the UX for managing {ml} jobs while managing {ml} rules ({kib-pull}144080[#144080]). +* Enables you to run {ml} jobs from the Notable Anomalies table ({kib-pull}142861[#142861]). +* Updates the take action UI for charts on the Hosts, Users, and Network pages ({kib-pull}138369[#138369]). +* Adds a *Respond* button to the Host Details page for hosts with an {agent} installed ({kib-pull}143988[#143988]). +* Allows you to add up to three new terms to New Terms rule queries, enabling you to create alerts when multiple new terms appear in the same event ({kib-pull}143943[#143943]). +* Allows you to launch Timeline from the Entity Analytics dashboard by clicking alert counts ({kib-pull}143841[#143841]). +* Adds missing TLP Marking badges to the Indicators table and Indicator details flyout ({kib-pull}143431[#143431]). +* Ensures the empty state of the Indicators page does not appear when threat intelligence integrations are installed ({kib-pull}143328[#143328]). +* Turns the anomalies count on the Entity Analytics dashboard into a link that goes to the Anomalies table ({kib-pull}143085[#143085]). +* Pre-selects the `threat` category when you open the Fields browser ({kib-pull}142698[#142698]). +* Adds a `copy to clipboard` action for indicators in the Indicators table ({kib-pull}142675[#142675]). +* Adds a `User risk classification` column to the Users table ({kib-pull}142610[#142610]). +* Adds a label to the Indicators page that states when it was last updated ({kib-pull}142560[#142560]). +* Specifies that links from the Threat Intelligence page to the Integrations page should open the Threat Intelligence integrations category ({kib-pull}142538[#142538]). +* Enables full-screen mode on the Indicators table ({kib-pull}142519[#142519]). +* Implements the standard search bar and date picker on the Threat Intelligence page ({kib-pull}142336[#142336]). +* Updates the design of the Shared Exception Lists page ({kib-pull}142289[#142289]). +* Displays comments for expanded items in the Action history page ({kib-pull}141938[#141938]). +* Adds HTTP 409 conflict response status codes to error messages for several API requests ({kib-pull}146389[#146389]). * Adds the new Data Exfiltration Detection (DED) integration package (https://github.com/elastic/integrations/pull/4486[#4486]). * Renames the sorting toggle on the Rules page from *Technical preview* to *Advanced sorting* (https://github.com/elastic/kibana/pull/144733[#144733]). // Items below this line were labeled as "bugfixes" rather than "enhancements" -* Replaces the *Run job* button with a *Stop job* button when the job is running ({pull}146407[#146407]). -* Fixes a bug that prevented you from editing an exception while adding a comment to it from the Rules details flyout ({pull}145575[#145575]). -* Fixes a bug that could cause rule previews for New Terms rules to fail ({pull}145707[#145707]). -* Fixes a bug that could cause a "Page not found" error when you navigated to a shared exception list ({pull}145833[#145833]). -* Fixes a bug with the loading indicator that appears when bulk actions are pending ({pull}145905[#145905]). -* Fixes a bug with the linked rules count for shared exception lists ({pull}145976[#145976]). -* Fixes a bug that prevented you from editing policies created before {stack} version 8.3.0 if you had a basic license ({pull}146050[#146050]). -* Fixes a bug that sometimes prevented the Rules table from updating as expected ({pull}146271[#146271]). -* Fixes a bug that sometimes prevented the display of rule preview graphs for custom rules ({pull}142120[#142120]). -* Removes the `Optional` label from the `Additional look-back time` rule setting ({pull}142375[#142375]). -* Fixes a bug that could result in duplicate entries in the Host's page's Events table query ({pull}143239[#143239]). -* Fixes a bug that could interfere with Platinum users' access to the Host Isolation page ({pull}143366[#143366]). -* Fixes a bug that prevented the event analyzer's state from persisting when you switched tabs on the Alerts page ({pull}144291[#144291]). -* Fixes a bug that sometimes caused a page crash when you searched for an indicator ID on the Intelligence page ({pull}144344[#144344]). -* Fixes a bug that prevented newly imported rules from appearing on the Rules page before the page was refreshed ({pull}144359[#144359]). -* Fixes a bug with the toast message for successful bulk editing of rules ({pull}144497[#144497]). -* Fixes a bug that prevented the Event Analyzer from opening in Timeline when the *Show only detection alerts* option is enabled ({pull}144705[#144705]). -* Fixes bugs that affected the display and persistence of event action menus ({pull}145025[#145025]). -* Fixes a bug that limited the display of breadcrumbs on the Shared Exception Lists page ({pull}145605[#145605]). -* Fixes various minor UI bugs on the Shared Exception Lists page ({pull}145334[#145334]). -* Improves the "permissions required" message that appears on Cloud Posture pages for users without necessary permissions ({pull}145794[#145794]). -* Fixes a bug that could cause a "Page not found" error when navigating to an exception list without a description ({pull}145833[#145833]). -* Fixes a visual bug with the fullscreen view of rule preview results ({pull}146687[#146687]). -* Fixes a visual bug with the fullscreen view of Osquery results ({pull}147076[#147076]). -* Fixes a bug with the refresh indicator on the Rule details page ({pull}147806[#147806]). +* Replaces the *Run job* button with a *Stop job* button when the job is running ({kib-pull}146407[#146407]). +* Fixes a bug that prevented you from editing an exception while adding a comment to it from the Rules details flyout ({kib-pull}145575[#145575]). +* Fixes a bug that could cause rule previews for New Terms rules to fail ({kib-pull}145707[#145707]). +* Fixes a bug that could cause a "Page not found" error when you navigated to a shared exception list ({kib-pull}145833[#145833]). +* Fixes a bug with the loading indicator that appears when bulk actions are pending ({kib-pull}145905[#145905]). +* Fixes a bug with the linked rules count for shared exception lists ({kib-pull}145976[#145976]). +* Fixes a bug that prevented you from editing policies created before {stack} version 8.3.0 if you had a basic license ({kib-pull}146050[#146050]). +* Fixes a bug that sometimes prevented the Rules table from updating as expected ({kib-pull}146271[#146271]). +* Fixes a bug that sometimes prevented the display of rule preview graphs for custom rules ({kib-pull}142120[#142120]). +* Removes the `Optional` label from the `Additional look-back time` rule setting ({kib-pull}142375[#142375]). +* Fixes a bug that could result in duplicate entries in the Host's page's Events table query ({kib-pull}143239[#143239]). +* Fixes a bug that could interfere with Platinum users' access to the Host Isolation page ({kib-pull}143366[#143366]). +* Fixes a bug that prevented the event analyzer's state from persisting when you switched tabs on the Alerts page ({kib-pull}144291[#144291]). +* Fixes a bug that sometimes caused a page crash when you searched for an indicator ID on the Intelligence page ({kib-pull}144344[#144344]). +* Fixes a bug that prevented newly imported rules from appearing on the Rules page before the page was refreshed ({kib-pull}144359[#144359]). +* Fixes a bug with the toast message for successful bulk editing of rules ({kib-pull}144497[#144497]). +* Fixes a bug that prevented the Event Analyzer from opening in Timeline when the *Show only detection alerts* option is enabled ({kib-pull}144705[#144705]). +* Fixes bugs that affected the display and persistence of event action menus ({kib-pull}145025[#145025]). +* Fixes a bug that limited the display of breadcrumbs on the Shared Exception Lists page ({kib-pull}145605[#145605]). +* Fixes various minor UI bugs on the Shared Exception Lists page ({kib-pull}145334[#145334]). +* Improves the "permissions required" message that appears on Cloud Posture pages for users without necessary permissions ({kib-pull}145794[#145794]). +* Fixes a bug that could cause a "Page not found" error when navigating to an exception list without a description ({kib-pull}145833[#145833]). +* Fixes a visual bug with the fullscreen view of rule preview results ({kib-pull}146687[#146687]). +* Fixes a visual bug with the fullscreen view of Osquery results ({kib-pull}147076[#147076]). +* Fixes a bug with the refresh indicator on the Rule details page ({kib-pull}147806[#147806]). * Reenables ransomware canary files. * Fixes a bug that caused the rule details page and the **Edit rule settings** page to load indefinitely if you edited a rule that had the `saved_id` property configured. \ No newline at end of file diff --git a/docs/release-notes/8.7.asciidoc b/docs/release-notes/8.7.asciidoc index 93b51035a4..fb418c3956 100644 --- a/docs/release-notes/8.7.asciidoc +++ b/docs/release-notes/8.7.asciidoc @@ -109,10 +109,10 @@ If you already upgraded your {agents} and they're stuck in the `Updating` state, ===== -* Fixes a UI bug that affected the rule details page when rules had long queries ({pull}153338[#153338]). -* Fixes exception operator logic for mapping field conflicts ({pull}155071[#155071]). +* Fixes a UI bug that affected the rule details page when rules had long queries ({kib-pull}153338[#153338]). +* Fixes exception operator logic for mapping field conflicts ({kib-pull}155071[#155071]). * Fixes a bug that stopped {elastic-defend} from working when malware protection was enabled on Linux hosts. -* Fixes a bug that prevented policy artifacts from being properly updated after being added to the `.fleet-artifacts` index ({pull}154810[#154810]). +* Fixes a bug that prevented policy artifacts from being properly updated after being added to the `.fleet-artifacts` index ({kib-pull}154810[#154810]). + [NOTE] @@ -244,61 +244,61 @@ There are no deprecations in 8.7.0. [[features-8.7.0]] ==== New features -* Creates a new dashboard, Data Quality, which highlights any issues in your ECS field mappings ({pull}150063[#150063]). +* Creates a new dashboard, Data Quality, which highlights any issues in your ECS field mappings ({kib-pull}150063[#150063]). * Introduces a new event type (`Credential access`) to represent credential dumping attempts on Windows using tools like Mimikatz or fgdump. -* Creates a Torq connector that can trigger Torq workflows. You must have at least a https://www.elastic.co/pricing[Platinum subscription] to use this connector ({pull}149405[#149405]). -* Adds more key performance indicator charts to the Alerts page ({pull}150242[#150242], {pull}149173[#149173], and {pull}146938[#146938]). -* Allows you to set expiration dates for rule exceptions and choose whether to include expired exceptions when you export shared exception lists ({pull}145180[#145180]). -* Adds two more inline actions (*Copy to clipboard* and *Add to timeline investigation*) to chart legends and tables ({pull}146779[#146779]). -* Allows you to include connectors when exporting and importing rules ({pull}148703[#148703]). -* Adds "Group by" functionality to the Alerts table (technical preview only)({pull}149145[#149145]). -* Improves the UI for building an Investigation Guide query ({pull}150363[#150363]). -* Adds the ability to create a rule from a Timeline ({pull}143020[#143020]). -* Adds the option to suppress custom query rule alerts during a specific time window. Duplicate alerts within that time window will be grouped ({pull}148868[#148868]). +* Creates a Torq connector that can trigger Torq workflows. You must have at least a https://www.elastic.co/pricing[Platinum subscription] to use this connector ({kib-pull}149405[#149405]). +* Adds more key performance indicator charts to the Alerts page ({kib-pull}150242[#150242], {kib-pull}149173[#149173], and {kib-pull}146938[#146938]). +* Allows you to set expiration dates for rule exceptions and choose whether to include expired exceptions when you export shared exception lists ({kib-pull}145180[#145180]). +* Adds two more inline actions (*Copy to clipboard* and *Add to timeline investigation*) to chart legends and tables ({kib-pull}146779[#146779]). +* Allows you to include connectors when exporting and importing rules ({kib-pull}148703[#148703]). +* Adds "Group by" functionality to the Alerts table (technical preview only)({kib-pull}149145[#149145]). +* Improves the UI for building an Investigation Guide query ({kib-pull}150363[#150363]). +* Adds the ability to create a rule from a Timeline ({kib-pull}143020[#143020]). +* Adds the option to suppress custom query rule alerts during a specific time window. Duplicate alerts within that time window will be grouped ({kib-pull}148868[#148868]). * Introduces the <>, which detects misconfigured cloud resources in AWS accounts. [discrete] [[enhancements-8.7.0]] ==== Enhancements -* Improves the formatting and readability of machine learning job names ({pull}148974[#148974], {pull}148780[#148780]). -* Improves sorting of the Rules table: allows you to sort it by any column, removes the *Advanced sorting* toggle, and removes the `Version` column ({pull}149840[#149840]). -* Adds a *Clear table filters* button to the Rules page so you can clear all filters in one click ({pull}150059[#150059]). -* Warns you about type conflicts and unmapped indices when creating rule exceptions ({pull}149149[#149149]). -* Adds buttons to the Rules page that allow you to view only enabled or disabled rules ({pull}150153[#150153]). -* The *Related alerts by process ancestry* section of the alert details flyout is now generally available (GA) ({pull}152011[#152011]). -* Adds the option to suppress custom query rule alerts during a specific time window. Duplicate alerts within that time window will be grouped ({pull}148868[#148868]). -* Reduces alert creation errors by stopping the detection engine from writing non-ECS-compliant fields to alerts from source events ({pull}147628[#147628]). -* Simplifies the interface for navigating from a rule's details page back to the Rules page ({pull}147357[#147357]). -* Allows you to resize the Rule preview panel ({pull}147351[#147351]). -* Improves the Bulk Edit API by adding a `skipped` property to rules that weren't updated, and updates the toast message to show which were skipped ({pull}147345[#147345]). -* Allows placeholder fields in Osquery queries ({pull}146598[#146598]). -* Allows the Rules table state to persist even after you refresh or navigate to another page ({pull}145111[#145111]). -* Improves data fetch performance throughout {elastic-sec}, especially for deployments with large indices and multiple integrations ({pull}142904[#142904]). -* Introduces cross-cluster search support for Indicator Match rules by improving rule performance ({pull}149113[#149113]). -* Improves the toast message that appears when you export an exception list ({pull}152301[#152301]). +* Improves the formatting and readability of machine learning job names ({kib-pull}148974[#148974], {kib-pull}148780[#148780]). +* Improves sorting of the Rules table: allows you to sort it by any column, removes the *Advanced sorting* toggle, and removes the `Version` column ({kib-pull}149840[#149840]). +* Adds a *Clear table filters* button to the Rules page so you can clear all filters in one click ({kib-pull}150059[#150059]). +* Warns you about type conflicts and unmapped indices when creating rule exceptions ({kib-pull}149149[#149149]). +* Adds buttons to the Rules page that allow you to view only enabled or disabled rules ({kib-pull}150153[#150153]). +* The *Related alerts by process ancestry* section of the alert details flyout is now generally available (GA) ({kib-pull}152011[#152011]). +* Adds the option to suppress custom query rule alerts during a specific time window. Duplicate alerts within that time window will be grouped ({kib-pull}148868[#148868]). +* Reduces alert creation errors by stopping the detection engine from writing non-ECS-compliant fields to alerts from source events ({kib-pull}147628[#147628]). +* Simplifies the interface for navigating from a rule's details page back to the Rules page ({kib-pull}147357[#147357]). +* Allows you to resize the Rule preview panel ({kib-pull}147351[#147351]). +* Improves the Bulk Edit API by adding a `skipped` property to rules that weren't updated, and updates the toast message to show which were skipped ({kib-pull}147345[#147345]). +* Allows placeholder fields in Osquery queries ({kib-pull}146598[#146598]). +* Allows the Rules table state to persist even after you refresh or navigate to another page ({kib-pull}145111[#145111]). +* Improves data fetch performance throughout {elastic-sec}, especially for deployments with large indices and multiple integrations ({kib-pull}142904[#142904]). +* Introduces cross-cluster search support for Indicator Match rules by improving rule performance ({kib-pull}149113[#149113]). +* Improves the toast message that appears when you export an exception list ({kib-pull}152301[#152301]). [discrete] [[bug-fixes-8.7.0]] ==== Bug fixes -* Various bug fixes and UX enhancements for the Alerts page ({pull}152402[#152402]). -* Fixes a bug that could cause your cursor to jump to the end of the text field when editing a rule action message ({pull}150823[#150823]). -* Fixes a bug that could result in incorrect links to machine learning jobs from search results ({pull}150881[#150881]). -* Fixes a bug that caused a fade in and out effect on rule descriptions ({pull}150998[#150998]). -* Fixes a bug that caused the Alerts page to default to the wrong chart type ({pull}151073[#151073]). -* Fixes a bug that could hide some shared exception lists when you changed the number of rows in the exceptions lists view ({pull}151393[#151393]). -* Removes a blank option from the *Field* browser in the Add rule exception flyout ({pull}151398[#151398]). -* Fixes a UI text bug that conflated Endpoint exceptions with regular rule exceptions ({pull}151532[#151532]). -* Fixes a bug that could cause an unnecessary warning to display in the Add rule exception flyout ({pull}151570[#151570]). -* Fixes a bug with the empty state that appears when your exception lists search yields no results ({pull}151530[#151530]). -* Fixes a bug that sometimes prevented a Timeline from saving when it was created using the *Investigate in timeline* action on an alert ({pull}151616[#151616]). -* Fixes a bug that could cause unnecessary validation errors in text entry fields in the Add rule exception flyout ({pull}151654[#151654]). -* Fixes a bug that caused some module names to be partially hidden on the Overview dashboard ({pull}151843[#151843]). -* Fixes a visual bug that affected empty rule previews ({pull}151869[#151869]). -* Fixes a bug that could cause a rule's related integrations to incorrectly appear as not installed on the Rules table and the rule details page ({pull}152055[#152055], {pull}149646[#149646]). -* Changes the *Import list* button name to *Import value list* ({pull}152281[#152281]). -* Fixes a bug that broke the visual analyzer for sysmon data ingested via {agent} ({pull}152418[#152418]). -* Fixes a bug that incorrectly allowed you to use custom fields in the Add Endpoint Exception flyout ({pull}152619[#152619]). -* Fixes a bug where the two breadcrumbs on shared exception lists pages did not use the same text ({pull}152629[#152629]). -* Fixes an issue in the Update exception item API that incorrectly merged existing objects with updated objects ({pull}151952[#151952]). -* Fixes a bug that affected the rule status refresh loading indicator ({pull}147806[#147806]). \ No newline at end of file +* Various bug fixes and UX enhancements for the Alerts page ({kib-pull}152402[#152402]). +* Fixes a bug that could cause your cursor to jump to the end of the text field when editing a rule action message ({kib-pull}150823[#150823]). +* Fixes a bug that could result in incorrect links to machine learning jobs from search results ({kib-pull}150881[#150881]). +* Fixes a bug that caused a fade in and out effect on rule descriptions ({kib-pull}150998[#150998]). +* Fixes a bug that caused the Alerts page to default to the wrong chart type ({kib-pull}151073[#151073]). +* Fixes a bug that could hide some shared exception lists when you changed the number of rows in the exceptions lists view ({kib-pull}151393[#151393]). +* Removes a blank option from the *Field* browser in the Add rule exception flyout ({kib-pull}151398[#151398]). +* Fixes a UI text bug that conflated Endpoint exceptions with regular rule exceptions ({kib-pull}151532[#151532]). +* Fixes a bug that could cause an unnecessary warning to display in the Add rule exception flyout ({kib-pull}151570[#151570]). +* Fixes a bug with the empty state that appears when your exception lists search yields no results ({kib-pull}151530[#151530]). +* Fixes a bug that sometimes prevented a Timeline from saving when it was created using the *Investigate in timeline* action on an alert ({kib-pull}151616[#151616]). +* Fixes a bug that could cause unnecessary validation errors in text entry fields in the Add rule exception flyout ({kib-pull}151654[#151654]). +* Fixes a bug that caused some module names to be partially hidden on the Overview dashboard ({kib-pull}151843[#151843]). +* Fixes a visual bug that affected empty rule previews ({kib-pull}151869[#151869]). +* Fixes a bug that could cause a rule's related integrations to incorrectly appear as not installed on the Rules table and the rule details page ({kib-pull}152055[#152055], {kib-pull}149646[#149646]). +* Changes the *Import list* button name to *Import value list* ({kib-pull}152281[#152281]). +* Fixes a bug that broke the visual analyzer for sysmon data ingested via {agent} ({kib-pull}152418[#152418]). +* Fixes a bug that incorrectly allowed you to use custom fields in the Add Endpoint Exception flyout ({kib-pull}152619[#152619]). +* Fixes a bug where the two breadcrumbs on shared exception lists pages did not use the same text ({kib-pull}152629[#152629]). +* Fixes an issue in the Update exception item API that incorrectly merged existing objects with updated objects ({kib-pull}151952[#151952]). +* Fixes a bug that affected the rule status refresh loading indicator ({kib-pull}147806[#147806]). \ No newline at end of file diff --git a/docs/release-notes/8.8.asciidoc b/docs/release-notes/8.8.asciidoc index cca1e64a1d..34357a8048 100644 --- a/docs/release-notes/8.8.asciidoc +++ b/docs/release-notes/8.8.asciidoc @@ -67,16 +67,16 @@ There are no user-facing changes in 8.8.2. [discrete] [[bug-fixes-8.8.2]] ==== Bug fixes -* Fixes a bug that affected links to {kib} results generated by actions on rules from non-default {kib} spaces ({pull}159966[#159966]). -* Fixes a bug that prevented users from saving a Timeline after adding a `number` field ({pull}159723[#159723]). -* Fixes a bug that caused error messages to wrongfully display if users selected uninstalled {ml} jobs while creating a {ml} rule ({pull}159316[#159316]). -* Removes hover actions from tables within the Detection & Response dashboard when the alert count is zero ({pull}158902[#158902]). -* Fixes bugs in the Anomalies table that left {ml} jobs greyed out after they were installed ({pull}158821[#158821]) and that stopped some job counts from appearing ({pull}158739[#158739]). -* Fixes a bug that caused the **Add exceptions flyout** to load indefinitely and display an out of memory error when a rule had a large number of unmapped fields in multiple indices ({pull}159216[#159216]). -* Fixes a bug that prevented cell actions on fields with multiple values in the Alerts table ({pull}158060[#158060]). -* Fixes a bug that caused the Alerts page to query unnecessary indices ({pull}157286[#157286]). -* Fixes a bug that broke the mustache syntax for variables in rule actions ({pull}160446[#160446]). -* Fixes a bug that caused exception items to be erroneously duplicated if you modified an exception item using the <> API and _only_ specified its `item_id` ({pull}159223[#159223]). +* Fixes a bug that affected links to {kib} results generated by actions on rules from non-default {kib} spaces ({kib-pull}159966[#159966]). +* Fixes a bug that prevented users from saving a Timeline after adding a `number` field ({kib-pull}159723[#159723]). +* Fixes a bug that caused error messages to wrongfully display if users selected uninstalled {ml} jobs while creating a {ml} rule ({kib-pull}159316[#159316]). +* Removes hover actions from tables within the Detection & Response dashboard when the alert count is zero ({kib-pull}158902[#158902]). +* Fixes bugs in the Anomalies table that left {ml} jobs greyed out after they were installed ({kib-pull}158821[#158821]) and that stopped some job counts from appearing ({kib-pull}158739[#158739]). +* Fixes a bug that caused the **Add exceptions flyout** to load indefinitely and display an out of memory error when a rule had a large number of unmapped fields in multiple indices ({kib-pull}159216[#159216]). +* Fixes a bug that prevented cell actions on fields with multiple values in the Alerts table ({kib-pull}158060[#158060]). +* Fixes a bug that caused the Alerts page to query unnecessary indices ({kib-pull}157286[#157286]). +* Fixes a bug that broke the mustache syntax for variables in rule actions ({kib-pull}160446[#160446]). +* Fixes a bug that caused exception items to be erroneously duplicated if you modified an exception item using the <> API and _only_ specified its `item_id` ({kib-pull}159223[#159223]). + NOTE: If you've already encountered this issue and want to find erroneously duplicated exceptions, use the queries provided below. @@ -286,18 +286,18 @@ There are no breaking changes in 8.8.1. [[features-8.8.1]] ==== New features -* Introduces the Generative AI connector and <> for {elastic-sec} ({pull}157228[#157228], {pull}156933[#156933]). +* Introduces the Generative AI connector and <> for {elastic-sec} ({kib-pull}157228[#157228], {kib-pull}156933[#156933]). [discrete] [[bug-fixes-8.8.1]] ==== Bug fixes -* Fixes a bug that made field types appear as `unknown` within the **Fields** browser and when examining alert or event details ({pull}158594[#158594]). -* Fixes a bug that caused all field types in the **Fields** browser to appear as `unknown` ({pull}158594[#158594]). -* Fixes a bug that caused the **Add rule exception** flyout to load indefinitely when index fields couldn't be retrieved ({pull}158371[#158371]). -* Provides support for using field names with wildcards in rule queries ({pull}157981[#157981]). -* Fixes CSS style issues on the rule details page ({pull}157935[#157935]). -* Fixes a bug that caused the `A-Z` option to incorrectly display on Alerts table sorting menus ({pull}157653[#157653]). -* Allows users to scroll through long error messages on the rule details page ({pull}157271[#157271]). +* Fixes a bug that made field types appear as `unknown` within the **Fields** browser and when examining alert or event details ({kib-pull}158594[#158594]). +* Fixes a bug that caused all field types in the **Fields** browser to appear as `unknown` ({kib-pull}158594[#158594]). +* Fixes a bug that caused the **Add rule exception** flyout to load indefinitely when index fields couldn't be retrieved ({kib-pull}158371[#158371]). +* Provides support for using field names with wildcards in rule queries ({kib-pull}157981[#157981]). +* Fixes CSS style issues on the rule details page ({kib-pull}157935[#157935]). +* Fixes a bug that caused the `A-Z` option to incorrectly display on Alerts table sorting menus ({kib-pull}157653[#157653]). +* Allows users to scroll through long error messages on the rule details page ({kib-pull}157271[#157271]). [discrete] [[release-notes-8.8.0]] @@ -434,7 +434,7 @@ NOTE: To avoid further issues, _do not_ re-add the `file.name` field to the tabl [[breaking-changes-8.8.0]] ==== Breaking changes -* The privileges for attaching alerts to cases have changed. Now, you need at least `Read` privileges for Security and `All` privileges for Cases ({pull}147985[#147985]). +* The privileges for attaching alerts to cases have changed. Now, you need at least `Read` privileges for Security and `All` privileges for Cases ({kib-pull}147985[#147985]). * Adds conditional actions to the rules API. In {elastic-sec} 8.7 and earlier, action frequencies were set on a rule level by defining the `throttle` field. In 8.8 and later, action frequencies are set at the action level, and the `throttle` field is replaced by the `frequency` and `alert_filters` fields. The following APIs are affected: ** https://www.elastic.co/guide/en/security/8.8/rules-api-get.html[Get rule] ** https://www.elastic.co/guide/en/security/8.8/rules-api-find.html[Find rules] @@ -452,57 +452,57 @@ NOTE: To avoid further issues, _do not_ re-add the `file.name` field to the tabl [[features-8.8.0]] ==== New features -* Introduces <>, which scans your cloud VMs for vulnerabilities, and adds a tab to the Findings page that displays vulnerabilities ({pull}154388[#154388], {pull}154873[#154873], {pull}155045[#155045]). +* Introduces <>, which scans your cloud VMs for vulnerabilities, and adds a tab to the Findings page that displays vulnerabilities ({kib-pull}154388[#154388], {kib-pull}154873[#154873], {kib-pull}155045[#155045]). * Introduces <>, which allows you to monitor and protect your Kubernetes workloads. -* Adds a new response action that allows you to execute commands on a selected host ({pull}150202[#150202]). -* Adds the `kibana.alert.url` field to alert documents. This field provides a shareable URL for the alert ({pull}155069[#155069]). -* Adds the ability to duplicate a shared exception list ({pull}154991[#154991]). -* Allows Timeline notes to be deleted ({pull}154834[#154834]). -* Allows you to specify conditions for when rule actions should run ({pull}154680[#154680]). -* Adds the ability to snooze rule notifications from the Rules table, the rule details page, or the Actions tab when editing a rule ({pull}153083[#153083], {pull}155407[#155407], {pull}155612[#155612]). -* Adds controls to the Alerts page that allow you to customize which filters appear at the top of the page ({pull}152450[#152450]). +* Adds a new response action that allows you to execute commands on a selected host ({kib-pull}150202[#150202]). +* Adds the `kibana.alert.url` field to alert documents. This field provides a shareable URL for the alert ({kib-pull}155069[#155069]). +* Adds the ability to duplicate a shared exception list ({kib-pull}154991[#154991]). +* Allows Timeline notes to be deleted ({kib-pull}154834[#154834]). +* Allows you to specify conditions for when rule actions should run ({kib-pull}154680[#154680]). +* Adds the ability to snooze rule notifications from the Rules table, the rule details page, or the Actions tab when editing a rule ({kib-pull}153083[#153083], {kib-pull}155407[#155407], {kib-pull}155612[#155612]). +* Adds controls to the Alerts page that allow you to customize which filters appear at the top of the page ({kib-pull}152450[#152450]). [discrete] [[enhancements-8.8.0]] ==== Enhancements -* Renames the Notable Anomalies section in the Entity Analytics dashboard to Anomalies ({pull}155687[#155687]). -* Displays additional {ml} anomaly jobs on the Entity Analytics dashboard ({pull}155520[#155520]). -* Makes alert count links on the Entity Analytics dashboard navigate to the Alerts page instead of opening in Timeline ({pull}153372[#153372]). -* Updates the Data Quality dashboard to include a new tree map and storage size metrics for each index ({pull}155581[#155581]). -* Adds cloud infrastructure-related fields to the alert details flyout highlighted fields section ({pull}155247[#155247]). -* Allows you to specify how to handle alert suppression for alerts with missing fields ({pull}155055[#155055]). -* Gives users more control over how they receive alert notifications and lets them define conditions that must be met for a notification to occur ({pull}154526[#154526]). -* Adds a warning message to tell you when a rule has reached the maximum number of alerts limit ({pull}154112[#154112]). -* Updates how browser field descriptions are provided to {kib} ({pull}153498[#153498]). -* Enables multi-level grouping for alerts on the Alerts page, based on various fields ({pull}152862[#152862]). -* Adds links to the Detection & Response and Entity Analytics dashboards that jump to the Alerts page with filters enabled ({pull}152714[#152714]). -* Updates the visualizations throughout {elastic-sec} to Lens visualizations ({pull}150531[#150531]). -* Adds a *Share alert* link to the alert details flyout ({pull}148800[#148800]). -* Adds a warning message to the Rules page when a maintenance window is running ({pull}155386[#155386]). -* Adds a global search bar to the Detections and Response and Entity Analytics dashboards ({pull}156832[#156832]). -* Adds the "Investigate in timeline" inline action to alert counts on the Detections and Response and Entity Analytics dashboards ({pull}154299[#154299]). -* Session view: Makes the row representing the session leader remain visible when you scroll past it, and adds a button to this row that allows you to collapse child processes ({pull}154982[#154982]). -* Reduces Linux process event volume by about 50% by combining `fork`, `exec`, and `end` events when they occur around the same time (does not affect queries of this data) ({pull}153213[#153213]). -* Updates where the technical preview tags appear for host risk score features ({pull}156659[#156659], {pull}156514[#156514]). +* Renames the Notable Anomalies section in the Entity Analytics dashboard to Anomalies ({kib-pull}155687[#155687]). +* Displays additional {ml} anomaly jobs on the Entity Analytics dashboard ({kib-pull}155520[#155520]). +* Makes alert count links on the Entity Analytics dashboard navigate to the Alerts page instead of opening in Timeline ({kib-pull}153372[#153372]). +* Updates the Data Quality dashboard to include a new tree map and storage size metrics for each index ({kib-pull}155581[#155581]). +* Adds cloud infrastructure-related fields to the alert details flyout highlighted fields section ({kib-pull}155247[#155247]). +* Allows you to specify how to handle alert suppression for alerts with missing fields ({kib-pull}155055[#155055]). +* Gives users more control over how they receive alert notifications and lets them define conditions that must be met for a notification to occur ({kib-pull}154526[#154526]). +* Adds a warning message to tell you when a rule has reached the maximum number of alerts limit ({kib-pull}154112[#154112]). +* Updates how browser field descriptions are provided to {kib} ({kib-pull}153498[#153498]). +* Enables multi-level grouping for alerts on the Alerts page, based on various fields ({kib-pull}152862[#152862]). +* Adds links to the Detection & Response and Entity Analytics dashboards that jump to the Alerts page with filters enabled ({kib-pull}152714[#152714]). +* Updates the visualizations throughout {elastic-sec} to Lens visualizations ({kib-pull}150531[#150531]). +* Adds a *Share alert* link to the alert details flyout ({kib-pull}148800[#148800]). +* Adds a warning message to the Rules page when a maintenance window is running ({kib-pull}155386[#155386]). +* Adds a global search bar to the Detections and Response and Entity Analytics dashboards ({kib-pull}156832[#156832]). +* Adds the "Investigate in timeline" inline action to alert counts on the Detections and Response and Entity Analytics dashboards ({kib-pull}154299[#154299]). +* Session view: Makes the row representing the session leader remain visible when you scroll past it, and adds a button to this row that allows you to collapse child processes ({kib-pull}154982[#154982]). +* Reduces Linux process event volume by about 50% by combining `fork`, `exec`, and `end` events when they occur around the same time (does not affect queries of this data) ({kib-pull}153213[#153213]). +* Updates where the technical preview tags appear for host risk score features ({kib-pull}156659[#156659], {kib-pull}156514[#156514]). * Allows you to use fully qualified domain names (FQDNs) for hosts. To learn how to enable the FQDN feature flag, refer to {fleet-guide}/elastic-agent-standalone-feature-flags.html[Configure feature flags for standalone {agents}]. To learn how to set host names in {fleet}, refer to {fleet-guide}/fleet-settings.html#fleet-agent-hostname-format-settings[Agent Binary Download {fleet} settings]. [discrete] [[bug-fixes-8.8.0]] ==== Bug fixes -* Fixes a bug that interfered with the default time range when you opened an alert in Timeline ({pull}156884[#156884]). -* Fixes a bug that could cause the Alerts page to become unresponsive after entering an invalid query ({pull}156542[#156542]). -* Updates the colors used for entity analytic graphs to match those used for alert graphs ({pull}156383[#156383]). -* Fixes a bug that caused errors on the Data Quality dashboard when a `basePath` was configured ({pull}156233[#156233]). -* Fixes a bug that could cause problems when different users simultaneously edited a Timeline ({pull}155663[#155663]). -* Fixes a bug that could cause the wrong number of rules to appear in the modal for duplicating rules ({pull}155959[#155959]). -* Fixes a bug that could cause a blank option to appear in the Create rule exception form ({pull}155221[#155221]). -* Fixes issues that affected tags in the Add rule exception component of the Shared Exception Lists page ({pull}155219[#155219]). -* Fixes a bug that displayed an outdated count of affected rules on the Shared Exception Lists page ({pull}155108[#155108]). -* Improves performance for rendering indicator match alerts on the Alerts page ({pull}154821[#154821]). -* Fixes a bug that could affect alert prevalence counts on the Alerts page ({pull}154544[#154544]). -* Fixes a bug that could prevent you from using breadcrumbs to return to the Rules page ({pull}150322[#150322]). -* Fixes a bug that could prevent the *View all open alerts* button on the Detection and Response dashboard from applying the correct filters ({pull}156893[#156893]). -* Fixes several bugs related to session view and and Kubernetes dashboard ({pull}154982[#154982]). +* Fixes a bug that interfered with the default time range when you opened an alert in Timeline ({kib-pull}156884[#156884]). +* Fixes a bug that could cause the Alerts page to become unresponsive after entering an invalid query ({kib-pull}156542[#156542]). +* Updates the colors used for entity analytic graphs to match those used for alert graphs ({kib-pull}156383[#156383]). +* Fixes a bug that caused errors on the Data Quality dashboard when a `basePath` was configured ({kib-pull}156233[#156233]). +* Fixes a bug that could cause problems when different users simultaneously edited a Timeline ({kib-pull}155663[#155663]). +* Fixes a bug that could cause the wrong number of rules to appear in the modal for duplicating rules ({kib-pull}155959[#155959]). +* Fixes a bug that could cause a blank option to appear in the Create rule exception form ({kib-pull}155221[#155221]). +* Fixes issues that affected tags in the Add rule exception component of the Shared Exception Lists page ({kib-pull}155219[#155219]). +* Fixes a bug that displayed an outdated count of affected rules on the Shared Exception Lists page ({kib-pull}155108[#155108]). +* Improves performance for rendering indicator match alerts on the Alerts page ({kib-pull}154821[#154821]). +* Fixes a bug that could affect alert prevalence counts on the Alerts page ({kib-pull}154544[#154544]). +* Fixes a bug that could prevent you from using breadcrumbs to return to the Rules page ({kib-pull}150322[#150322]). +* Fixes a bug that could prevent the *View all open alerts* button on the Detection and Response dashboard from applying the correct filters ({kib-pull}156893[#156893]). +* Fixes several bugs related to session view and and Kubernetes dashboard ({kib-pull}154982[#154982]). * Fixes the delete index API so it only removes {elastic-sec} 7.x signals indices (`.siem-signals-`), index templates, and ILMs and doesn't delete 8.x alert indices (`.alerts-security.alerts-`). diff --git a/docs/release-notes/8.9.asciidoc b/docs/release-notes/8.9.asciidoc index d92e0c37f5..6c385e7796 100644 --- a/docs/release-notes/8.9.asciidoc +++ b/docs/release-notes/8.9.asciidoc @@ -9,11 +9,11 @@ [[bug-fixes-8.9.2]] ==== Bug fixes -* Fixes a bug that prevented inline actions on the Alerts page from completing ({pull}165099[#165099]). -* Fixes a bug that prevented blocklist file path entries for Windows and macOS applications from being passed as case insensitive ({pull}164200[#164200]). -* Fixes a bug in the confirmation message that appears when duplicating a single rule ({pull}163908[#163908]). -* Fixes a bug on the rule details page that showed the **Data view** label twice if you were viewing a rule using a data view ({pull}164494[#164494]). -* Fixes a bug that affected Timeline when you investigated an alert created from a rule with exceptions ({pull}162190[#162190]). +* Fixes a bug that prevented inline actions on the Alerts page from completing ({kib-pull}165099[#165099]). +* Fixes a bug that prevented blocklist file path entries for Windows and macOS applications from being passed as case insensitive ({kib-pull}164200[#164200]). +* Fixes a bug in the confirmation message that appears when duplicating a single rule ({kib-pull}163908[#163908]). +* Fixes a bug on the rule details page that showed the **Data view** label twice if you were viewing a rule using a data view ({kib-pull}164494[#164494]). +* Fixes a bug that affected Timeline when you investigated an alert created from a rule with exceptions ({kib-pull}162190[#162190]). [discrete] [[release-notes-8.9.1]] @@ -74,10 +74,10 @@ NOTE: To avoid further issues, _do not_ re-add the `file.name` field to the tabl [[bug-fixes-8.9.1]] ==== Bug fixes -* Fixes a copy to clipboard bug that affected non-ECS fields ({pull}162883[#162883]). -* Fixes number rounding issues in the *Top alerts by* table on the Alerts page ({pull}162647[#162647]). -* Fixes bug that prevented controls from being rendered on {elastic-sec} dashboards ({pull}162514[#162514]). -* Fixes a bug that prevented rule changes from being saved if a rule's action frequency was shorter than the rule run interval ({pull}160798[#160798]). +* Fixes a copy to clipboard bug that affected non-ECS fields ({kib-pull}162883[#162883]). +* Fixes number rounding issues in the *Top alerts by* table on the Alerts page ({kib-pull}162647[#162647]). +* Fixes bug that prevented controls from being rendered on {elastic-sec} dashboards ({kib-pull}162514[#162514]). +* Fixes a bug that prevented rule changes from being saved if a rule's action frequency was shorter than the rule run interval ({kib-pull}160798[#160798]). [discrete] [[release-notes-8.9.0]] @@ -141,47 +141,47 @@ There are no breaking changes in 8.9.0. [discrete] [[deprecations-8.9.0]] ==== Deprecations -* Removes the option to use the legacy navigation menu ({pull}158094[#158094]). +* Removes the option to use the legacy navigation menu ({kib-pull}158094[#158094]). * General prebuilt threat indicator match rules were deprecated and replaced with improved indicator-type rules. [discrete] [[features-8.9.0]] ==== New features * Introduces the `top` command for MacOS and Linux, which shows active processes that {elastic-endpoint} is monitoring and recording. Processes are sorted by how much CPU they are causing {elastic-endpoint} to consume. Learn more about the `top` command by referring to the (https://www.github.com/elastic/endpoint/blob/main/EndpointTopCommand.md[readme]). -* Allows you to install the Cloud Security Posture Management (CSPM) integration via CloudFormation ({pull}159994[#159994]). -* Creates a new dashboard, Cloud Native Vulnerability Management, that provides an overview of vulnerabilities on your cloud hosts ({pull}159699[#159699]). -* Allows you to group vulnerabilities by resource (host) on the Vulnerabilities Findings page, and creates a Resource flyout that displays detailed vulnerability findings for individual hosts ({pull}159873[#159873], {pull}158987[#158987]). -* Adds a new custom dashboard, "Detection rule monitoring" ({pull}159875[#159875]). -* Allows you to anonymize event field values sent to AI Assistant ({pull}159857[#159857]). -* Adds a *Chat* button that opens AI Assistant to the alert details flyout ({pull}159633[#159633]). -* Updates AI Assistant to let you create and delete custom system prompts and default conversations ({pull}159365[#159365]). -* Allows you to add alert tags ({pull}157786[#157786]). -* Adds the ability to automatically isolate a host through a rule’s endpoint response action ({pull}152424[#152424]). +* Allows you to install the Cloud Security Posture Management (CSPM) integration via CloudFormation ({kib-pull}159994[#159994]). +* Creates a new dashboard, Cloud Native Vulnerability Management, that provides an overview of vulnerabilities on your cloud hosts ({kib-pull}159699[#159699]). +* Allows you to group vulnerabilities by resource (host) on the Vulnerabilities Findings page, and creates a Resource flyout that displays detailed vulnerability findings for individual hosts ({kib-pull}159873[#159873], {kib-pull}158987[#158987]). +* Adds a new custom dashboard, "Detection rule monitoring" ({kib-pull}159875[#159875]). +* Allows you to anonymize event field values sent to AI Assistant ({kib-pull}159857[#159857]). +* Adds a *Chat* button that opens AI Assistant to the alert details flyout ({kib-pull}159633[#159633]). +* Updates AI Assistant to let you create and delete custom system prompts and default conversations ({kib-pull}159365[#159365]). +* Allows you to add alert tags ({kib-pull}157786[#157786]). +* Adds the ability to automatically isolate a host through a rule’s endpoint response action ({kib-pull}152424[#152424]). * Moves response actions to General Availability. -* Adds a new response action that allows you to upload files to an endpoint that has {elastic-endpoint} installed ({pull}157208[#157208]). +* Adds a new response action that allows you to upload files to an endpoint that has {elastic-endpoint} installed ({kib-pull}157208[#157208]). * Makes the Lateral Movement Detection advanced analytics package General Availability, and adds the ability to detect malicious activities in Windows RDP events (https://github.com/elastic/integrations/pull/6588[#6588]). [discrete] [[enhancements-8.9.0]] ==== Enhancements -* Makes it easier to set up exceptions by auto-populating exception conditions and values with relevant alert data ({pull}159075[#159075]). -* Adds a *Last response* dropdown menu to the Rules table that allows you to filter rules by the status of their last execution ("Succeeded", "Warning", or "Failed") ({pull}159865[#159865]). -* Creates a Lens dashboard for monitoring the use of tokens by AI Assistant ({pull}159075[#159075]). -* Creates a connector for D3 Security ({pull}158569[#158569]). -* Improves the interface for installing and upgrading Elastic prebuilt rules ({pull}158450[#158450]). -* Shows a rule's actions on its details page ({pull}158189[#158189]). -* Allows you to add Lens visualizations to cases from the visualization's *More actions* menu ({pull}154918[#154918]). -* Adds a tooltip to snoozed rules that shows exactly when alerting will resume ({pull}157407[#157407]). +* Makes it easier to set up exceptions by auto-populating exception conditions and values with relevant alert data ({kib-pull}159075[#159075]). +* Adds a *Last response* dropdown menu to the Rules table that allows you to filter rules by the status of their last execution ("Succeeded", "Warning", or "Failed") ({kib-pull}159865[#159865]). +* Creates a Lens dashboard for monitoring the use of tokens by AI Assistant ({kib-pull}159075[#159075]). +* Creates a connector for D3 Security ({kib-pull}158569[#158569]). +* Improves the interface for installing and upgrading Elastic prebuilt rules ({kib-pull}158450[#158450]). +* Shows a rule's actions on its details page ({kib-pull}158189[#158189]). +* Allows you to add Lens visualizations to cases from the visualization's *More actions* menu ({kib-pull}154918[#154918]). +* Adds a tooltip to snoozed rules that shows exactly when alerting will resume ({kib-pull}157407[#157407]). * Enhances the Data Exfiltration Detection package by adding the ability to detect exfiltration anomalies through USB devices and Airdrop (https://github.com/elastic/integrations/pull/6577[#6577]). [discrete] [[bug-fixes-8.9.0]] ==== Bug fixes -* Fixes a bug that caused Elastic prebuilt rules to be erroneously duplicated after you upgraded them ({pull}161331[#161331]). -* Fixes a bug that prevented rule exceptions from being auto-populated when you created a new exception from an alert's **Take action** menu ({pull}159908[#159908]). +* Fixes a bug that caused Elastic prebuilt rules to be erroneously duplicated after you upgraded them ({kib-pull}161331[#161331]). +* Fixes a bug that prevented rule exceptions from being auto-populated when you created a new exception from an alert's **Take action** menu ({kib-pull}159908[#159908]). * Fixes a UI bug that overlaid **Default Risk score** values as you created a new rule. -* Fixes a bug that restricted the number of cloud accounts that could appear on the Cloud Security Posture dashboard to 10 ({pull}157233[#157233]). -* Fixes a bug that allowed you to save a rule with an alert filter missing a query ({pull}159690[#159690]). -* Fixes unexpected filtering behavior on the Alerts page. Now, when you select a filter that excludes all alerts, an empty table now appears as expected ({pull}160374[#160374]). -* Fixes a UI bug where the **Label** field in the Investigation Guide form incorrectly turns red when the entered value is correct ({pull}160574[#160574], {pull}160577[#160577]). -* Fixes a bug that caused rules to snooze longer than specified ({pull}152873[#152873]). +* Fixes a bug that restricted the number of cloud accounts that could appear on the Cloud Security Posture dashboard to 10 ({kib-pull}157233[#157233]). +* Fixes a bug that allowed you to save a rule with an alert filter missing a query ({kib-pull}159690[#159690]). +* Fixes unexpected filtering behavior on the Alerts page. Now, when you select a filter that excludes all alerts, an empty table now appears as expected ({kib-pull}160374[#160374]). +* Fixes a UI bug where the **Label** field in the Investigation Guide form incorrectly turns red when the entered value is correct ({kib-pull}160574[#160574], {kib-pull}160577[#160577]). +* Fixes a bug that caused rules to snooze longer than specified ({kib-pull}152873[#152873]). From beb56f35b67adb1892c9c6b914aeacbc201214c3 Mon Sep 17 00:00:00 2001 From: Joe Peeples Date: Fri, 22 Mar 2024 12:05:42 -0400 Subject: [PATCH 2/5] change from `issue` to `kib-issue` --- docs/release-notes/8.11.asciidoc | 8 ++++---- docs/release-notes/8.2.asciidoc | 2 +- docs/release-notes/8.3.asciidoc | 6 +++--- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/docs/release-notes/8.11.asciidoc b/docs/release-notes/8.11.asciidoc index cc5ff74040..e0ac6f3cf0 100644 --- a/docs/release-notes/8.11.asciidoc +++ b/docs/release-notes/8.11.asciidoc @@ -62,10 +62,10 @@ [discrete] [[known-issue-8.11.0]] ==== Known issues -* MITRE ATT&CK® technique cells show duplicate rules ({issue}167929[#167929]). -* MITRE ATT&CK® tactic cells show an incorrect rule count ({issue}167930[#167930]). -* An incorrect MITRE ATT&CK® sub-technique is applied after you save a rule ({issue}170347[#170347]). -* When using {elastic-defend}'s protection updates feature, if you turn off automatic updates and select the current day as your deployed artifacts version, it's possible that the set of protections has not been released for that day yet. As a result, {agent} could fail to download the artifacts and be set to an Unhealthy state. To avoid this issue, pick a date previous to the current one ({issue}170847[#170847]). +* MITRE ATT&CK® technique cells show duplicate rules ({kib-issue}167929[#167929]). +* MITRE ATT&CK® tactic cells show an incorrect rule count ({kib-issue}167930[#167930]). +* An incorrect MITRE ATT&CK® sub-technique is applied after you save a rule ({kib-issue}170347[#170347]). +* When using {elastic-defend}'s protection updates feature, if you turn off automatic updates and select the current day as your deployed artifacts version, it's possible that the set of protections has not been released for that day yet. As a result, {agent} could fail to download the artifacts and be set to an Unhealthy state. To avoid this issue, pick a date previous to the current one ({kib-issue}170847[#170847]). [discrete] [[breaking-changes-8.11.0]] diff --git a/docs/release-notes/8.2.asciidoc b/docs/release-notes/8.2.asciidoc index 98a2812aee..d998422d26 100644 --- a/docs/release-notes/8.2.asciidoc +++ b/docs/release-notes/8.2.asciidoc @@ -56,7 +56,7 @@ ==== Known issues * On macOS versions before 12.4, if {elastic-endpoint} is used with other products that monitor or manage network traffic (such as antivirus programs, firewalls, or VPNs), users might experience network connection issues. To resolve this issue, upgrade to macOS 12.4 or later. * Indicator match rules cannot use the `.items-*` system index and will encounter execution errors when run. Avoid using indices populated from value lists for indicator match rules ({kib-pull}133457[#133457]). -* The `matches` operator in the *Add Rule Exception* flyout does not work because wildcard matches are not supported for rule exceptions. Using the `matches` operator will cause rule exceptions and their associated rules to fail. You can restore failed rules by deleting unsupported exceptions and refreshing the rules ({issue}136340[#136340]). +* The `matches` operator in the *Add Rule Exception* flyout does not work because wildcard matches are not supported for rule exceptions. Using the `matches` operator will cause rule exceptions and their associated rules to fail. You can restore failed rules by deleting unsupported exceptions and refreshing the rules ({kib-issue}136340[#136340]). * A new Lucene 9 validation change may cause event correlation (EQL) rule errors whenever rule queries contain regular expressions using wildcard fields and predefined character classes (for example, `\w`, `\s`, `\d`). [discrete] diff --git a/docs/release-notes/8.3.asciidoc b/docs/release-notes/8.3.asciidoc index fb758edf6f..910271974a 100644 --- a/docs/release-notes/8.3.asciidoc +++ b/docs/release-notes/8.3.asciidoc @@ -25,7 +25,7 @@ [discrete] [[known-issue-8.3.2]] ==== Known issue -* The `matches` operator in the *Add Rule Exception* flyout does not work because wildcard matches are not supported for rule exceptions. Using the `matches` operator will cause rule exceptions and their associated rules to fail. You can restore failed rules by deleting unsupported exceptions and refreshing the rules ({issue}136340[#136340]). +* The `matches` operator in the *Add Rule Exception* flyout does not work because wildcard matches are not supported for rule exceptions. Using the `matches` operator will cause rule exceptions and their associated rules to fail. You can restore failed rules by deleting unsupported exceptions and refreshing the rules ({kib-issue}136340[#136340]). * A new Lucene 9 validation change may cause event correlation (EQL) rule errors whenever rule queries contain regular expressions using wildcard fields and predefined character classes (for example, `\w`, `\s`, `\d`). [discrete] @@ -99,7 +99,7 @@ On the next scheduled rule execution, the *Last Response* value for the rule wil *The `matches` operator is not supported for rule exceptions* -The `matches` operator in the *Add Rule Exception* flyout does not work because wildcard matches are not supported for rule exceptions. Using the `matches` operator will cause rule exceptions and their associated rules to fail. You can restore failed rules by deleting the unsupported exceptions and refreshing the rules ({issue}136340[#136340]). +The `matches` operator in the *Add Rule Exception* flyout does not work because wildcard matches are not supported for rule exceptions. Using the `matches` operator will cause rule exceptions and their associated rules to fail. You can restore failed rules by deleting the unsupported exceptions and refreshing the rules ({kib-issue}136340[#136340]). *Lucene 9 validation change might affect event correlation rules* @@ -161,7 +161,7 @@ On the next scheduled rule execution, the *Last Response* value for the rule wil *The `matches` operator is not supported for rule exceptions* -The `matches` operator in the *Add Rule Exception* flyout does not work because wildcard matches are not supported for rule exceptions. Using the `matches` operator will cause rule exceptions and their associated rules to fail. You can restore failed rules by deleting the unsupported exceptions and refreshing the rules ({issue}136340[#136340]). +The `matches` operator in the *Add Rule Exception* flyout does not work because wildcard matches are not supported for rule exceptions. Using the `matches` operator will cause rule exceptions and their associated rules to fail. You can restore failed rules by deleting the unsupported exceptions and refreshing the rules ({kib-issue}136340[#136340]). *Lucene 9 validation change might affect event correlation rules* From d4e5e1018ed3f29ad18d435364a2f6b0c214d2b9 Mon Sep 17 00:00:00 2001 From: Joe Peeples Date: Fri, 22 Mar 2024 12:06:07 -0400 Subject: [PATCH 3/5] Remove section-scoped attribute definitions --- docs/release-notes.asciidoc | 5 ----- 1 file changed, 5 deletions(-) diff --git a/docs/release-notes.asciidoc b/docs/release-notes.asciidoc index 2dc95a7bf3..ab429b27e1 100644 --- a/docs/release-notes.asciidoc +++ b/docs/release-notes.asciidoc @@ -51,11 +51,6 @@ This section summarizes the changes in each release. * <> * <> -// Use these for links to issue and pulls. Note issues and pulls redirect one to -// each other on Github, so don't worry too much on using the right prefix. -:issue: https://github.com/elastic/kibana/issues/ -:pull: https://github.com/elastic/kibana/pull/ - include::release-notes/8.12.asciidoc[] include::release-notes/8.11.asciidoc[] include::release-notes/8.10.asciidoc[] From 4fea72f2ddcc698354cb19637946167cf530eb37 Mon Sep 17 00:00:00 2001 From: Joe Peeples Date: Fri, 22 Mar 2024 12:28:26 -0400 Subject: [PATCH 4/5] Minor content change to trigger preview --- docs/whats-new.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/whats-new.asciidoc b/docs/whats-new.asciidoc index d3ef4d53fa..10faf48a7b 100644 --- a/docs/whats-new.asciidoc +++ b/docs/whats-new.asciidoc @@ -13,7 +13,7 @@ Other versions: {security-guide-all}/8.11/whats-new.html[8.11] | {security-guide [float] == Retrieval-augmented generation for alerts in Elastic AI Assistant -Elastic AI Assistant now supports {security-guide}/security-assistant.html#rag-for-alerts[retrieval-augmented generation (RAG) for alerts]. Using this feature, you can provide information about multiple alerts to AI Assistant, so that it can answer a broader scope of questions relating to alerts in your environment. +Elastic AI Assistant now supports {security-guide}/security-assistant.html#rag-for-alerts[retrieval-augmented generation (RAG) for alerts]. With this feature, you can provide information about multiple alerts to AI Assistant, so that it can answer a broader scope of questions relating to alerts in your environment. [float] == Detection rules and alerts enhancements From 4d8398891ce717fed0fecac2997fd9cda6761789 Mon Sep 17 00:00:00 2001 From: Joe Peeples Date: Fri, 22 Mar 2024 15:12:52 -0400 Subject: [PATCH 5/5] from `kib-` to `kibana-` --- docs/release-notes/8.0.asciidoc | 76 +++++++++--------- docs/release-notes/8.1.asciidoc | 44 +++++------ docs/release-notes/8.10.asciidoc | 58 +++++++------- docs/release-notes/8.11.asciidoc | 84 ++++++++++---------- docs/release-notes/8.12.asciidoc | 108 ++++++++++++------------- docs/release-notes/8.2.asciidoc | 96 +++++++++++----------- docs/release-notes/8.3.asciidoc | 104 ++++++++++++------------ docs/release-notes/8.4.asciidoc | 110 +++++++++++++------------- docs/release-notes/8.5.asciidoc | 132 +++++++++++++++---------------- docs/release-notes/8.6.asciidoc | 124 ++++++++++++++--------------- docs/release-notes/8.7.asciidoc | 100 +++++++++++------------ docs/release-notes/8.8.asciidoc | 120 ++++++++++++++-------------- docs/release-notes/8.9.asciidoc | 70 ++++++++-------- 13 files changed, 613 insertions(+), 613 deletions(-) diff --git a/docs/release-notes/8.0.asciidoc b/docs/release-notes/8.0.asciidoc index 781f543744..ef1c459e4a 100644 --- a/docs/release-notes/8.0.asciidoc +++ b/docs/release-notes/8.0.asciidoc @@ -14,14 +14,14 @@ [discrete] [[bug-fixes-8.0.1]] ==== Bug fixes and enhancements -* Fixes a bug that prevented the `kibana.alert.uuid` field from being populated in event correlation sequence shell alerts ({kib-pull}125890[#125890]). -* Applies updated field aliases to mappings in legacy indices ({kib-pull}125888[#125888]). -* Updates prebuilt detection rules ({kib-pull}125316[#125316]). -* Truncates long rule exception descriptions when viewing exception items in rule details ({kib-pull}125145[#125145]). -* Fixes a bug that caused the import process to fail if an exception list contained an exception item with comments ({kib-pull}124909[#124909]). -* Fixes a bug that duplicated the navigation button in the *Security news* section on the Overview page ({kib-pull}124356[#124356]). -* Fixes a bug that caused Timeline to appear if users had access to cases, but not {elastic-sec} ({kib-pull}123775[#123775]). -* Enforces privilege requirements for displaying the map on the *Network* page and allows users with `Read` or `All` Map feature privileges to expand or hide the map ({kib-pull}123336[#123336]). +* Fixes a bug that prevented the `kibana.alert.uuid` field from being populated in event correlation sequence shell alerts ({kibana-pull}125890[#125890]). +* Applies updated field aliases to mappings in legacy indices ({kibana-pull}125888[#125888]). +* Updates prebuilt detection rules ({kibana-pull}125316[#125316]). +* Truncates long rule exception descriptions when viewing exception items in rule details ({kibana-pull}125145[#125145]). +* Fixes a bug that caused the import process to fail if an exception list contained an exception item with comments ({kibana-pull}124909[#124909]). +* Fixes a bug that duplicated the navigation button in the *Security news* section on the Overview page ({kibana-pull}124356[#124356]). +* Fixes a bug that caused Timeline to appear if users had access to cases, but not {elastic-sec} ({kibana-pull}123775[#123775]). +* Enforces privilege requirements for displaying the map on the *Network* page and allows users with `Read` or `All` Map feature privileges to expand or hide the map ({kibana-pull}123336[#123336]). [discrete] [[release-notes-8.0.0]] @@ -37,7 +37,7 @@ Before you upgrade, review the <> for ==== Known issues *Case migration errors might be logged when upgrading* -You might find the `Failed to migrate user action alerts` error message in your {kib} migration logs when upgrading to {stack} version 8.0.0. This error is incorrectly logged when migrating cases and can be ignored ({kib-pull}124950[#124950]). +You might find the `Failed to migrate user action alerts` error message in your {kib} migration logs when upgrading to {stack} version 8.0.0. This error is incorrectly logged when migrating cases and can be ignored ({kibana-pull}124950[#124950]). Here is an example of an error message you might encounter: @@ -48,11 +48,11 @@ Here is an example of an error message you might encounter: *Existing or new rules that use the legacy alerts index may temporarily fail after upgrading* -After you upgrade to {stack} version 8.0.0, existing and new rules might fail to execute if their source index is configured to use a legacy alert index pattern created in {stack} version 7.x (`.siem-signals-`). Rule failures will likely cause detection gaps, which will be proportional in time to the scheduled interval of the rule. Rules will start to successfully execute after legacy alerts are no longer within the scheduled time period queried by the rule. Despite this automatic correction, coverage gaps might still remain ({kib-pull}124327[#124327]). +After you upgrade to {stack} version 8.0.0, existing and new rules might fail to execute if their source index is configured to use a legacy alert index pattern created in {stack} version 7.x (`.siem-signals-`). Rule failures will likely cause detection gaps, which will be proportional in time to the scheduled interval of the rule. Rules will start to successfully execute after legacy alerts are no longer within the scheduled time period queried by the rule. Despite this automatic correction, coverage gaps might still remain ({kibana-pull}124327[#124327]). *The Threat Intel Filebeat Module (v8.x) Indicator Match rule query is misconfigured* -The indicator index query of the prebuilt rule is misconfigured and will prevent the rule from generating alerts ({kib-pull}121045[#121045], {kib-pull}1560[#1560]). To resolve this, duplicate the rule and update its settings: +The indicator index query of the prebuilt rule is misconfigured and will prevent the rule from generating alerts ({kibana-pull}121045[#121045], {kibana-pull}1560[#1560]). To resolve this, duplicate the rule and update its settings: . Go to the Rules table (*Detect -> Rules*). . Locate the Threat Intel Filebeat Module (v8.x) Indicator Match prebuilt rule. @@ -75,7 +75,7 @@ TIP: You can search for the rule by entering the rule name in the Rule table's s *The import process fails for rules with exception comments* -Comments on rule exceptions cause the import process to fail because the following system-generated fields cannot be validated for exception comments ({kib-pull}124742[#124742]): +Comments on rule exceptions cause the import process to fail because the following system-generated fields cannot be validated for exception comments ({kibana-pull}124742[#124742]): * `created_at` * `created_by` @@ -103,9 +103,9 @@ A new Lucene 9 validation change may cause event correlation (EQL) rule errors w [[breaking-changes-8.0.0]] ==== Breaking Changes -* Removes the trusted application API. The trusted application interface retains current functionality, but now uses the exception list API ({kib-pull}120134[#120134]). -* Removes the list endpoint metadata API ({kib-pull}119401[#119401]). -* Lets you grant privileges for cases separately from {elastic-sec} privileges ({kib-pull}113573[#113573], {kib-pull}112980[#112980]). As a result of this change, you must update case privileges for existing roles _before_ upgrading to {stack} 8.0.0. Follow these steps: +* Removes the trusted application API. The trusted application interface retains current functionality, but now uses the exception list API ({kibana-pull}120134[#120134]). +* Removes the list endpoint metadata API ({kibana-pull}119401[#119401]). +* Lets you grant privileges for cases separately from {elastic-sec} privileges ({kibana-pull}113573[#113573], {kibana-pull}112980[#112980]). As a result of this change, you must update case privileges for existing roles _before_ upgrading to {stack} 8.0.0. Follow these steps: . Open the main menu and click *Management -> Stack Management -> Stack -> Upgrade Assistant*. . From the Upgrade Assistant page, review the Kibana deprecation warnings. A message prompts you to update role privileges because of changes to the {elastic-sec} Cases feature. . Click the message to open it, then click *Quick resolve*. @@ -119,31 +119,31 @@ A new Lucene 9 validation change may cause event correlation (EQL) rule errors w [discrete] [[new-features-8.0.0]] ==== Features -* Shows all historical alerts for a given rule on the rule details page, including those associated with previous versions of the rule ({kib-pull}120053[#120053]). -* Enhances the UI and functionality for the Rules and Rule Monitoring tables and enables actions on the Rule Monitoring table ({kib-pull}119644[#119644]). -* The Threat Intelligence view supports {agent}, {filebeat}, and custom integrations ({kib-pull}116175[#116175]). -* Allows exception lists to be exported and imported with detection rules ({kib-pull}115144[#115144], {kib-pull}118816[#118816]). +* Shows all historical alerts for a given rule on the rule details page, including those associated with previous versions of the rule ({kibana-pull}120053[#120053]). +* Enhances the UI and functionality for the Rules and Rule Monitoring tables and enables actions on the Rule Monitoring table ({kibana-pull}119644[#119644]). +* The Threat Intelligence view supports {agent}, {filebeat}, and custom integrations ({kibana-pull}116175[#116175]). +* Allows exception lists to be exported and imported with detection rules ({kibana-pull}115144[#115144], {kibana-pull}118816[#118816]). [discrete] [[bug-fixes-8.0.0]] ==== Bug fixes and enhancements -* Enhances the UI for the Exceptions table; improves how dates are displayed in the Rules and Exceptions tables ({kib-pull}117643[#117643], {kib-pull}118940[#118940]). -* Updates the mappings of the rule registry to ECS version 8.0.0 so that detection rules can process ECS version 8.0.0 data ({kib-pull}123012[#123012]). -* Allows you to create and add runtime fields from the Alert and Timeline tables ({kib-pull}117627[#117627], {kib-pull}114806[#114806]). -* Enhances the Data view selection UI and hides the Data view dropdown when no data is present ({kib-pull}117601[#117601], {kib-pull}119956[#119956]). -* Enhances previews and error flagging during rule creation ({kib-pull}116374[#116374]). -* Updates rule actions to use `kibana.alert.*` fields instead of `signals.*` fields ({kib-pull}116491[#116491]). -* Changes the insufficient permissions message type from an error to a warning ({kib-pull}123777[#123777]). -* Fixes typos in the success messages that appear after you close Timelines or Timeline templates ({kib-pull}123258[#123258]). -* Updates the Exceptions table header and Export button ({kib-pull}122870[#122870]). -* Fixes a bug that could break a rule’s details page after you edited, activated, or deactivated the rule ({kib-pull}122024[#122024]). -* Fixes an overlap between the rule query text field and Timeline banner ({kib-pull}121967[#121967], {kib-pull}121127[#121127]). -* Adds support for the `threat.feed.name` field in the alert details flyout and Timeline view ({kib-pull}120250[#120250]). -* Adds the default threat indicator path (`threat_indicator_path`) to indicator match rules where it was missing ({kib-pull}118962[#118962]). -* Adds a default value for the threat indicator path that indicator match rules use when creating indicator match rules from the {security-app} UI or the create rule API ({kib-pull}118821[#118821]). -* Enhances the Endpoint details flyout UI ({kib-pull}117987[#117987]). -* Fixes a bug that prevented you from clearing a connector’s `Additional comments` field ({kib-pull}117901[#117901]). -* Allows you to modify the default threat indicator path for the Threat Intel Filebeat Module (v7.x) Indicator Match prebuilt rule ({kib-pull}116583[#116583]). +* Enhances the UI for the Exceptions table; improves how dates are displayed in the Rules and Exceptions tables ({kibana-pull}117643[#117643], {kibana-pull}118940[#118940]). +* Updates the mappings of the rule registry to ECS version 8.0.0 so that detection rules can process ECS version 8.0.0 data ({kibana-pull}123012[#123012]). +* Allows you to create and add runtime fields from the Alert and Timeline tables ({kibana-pull}117627[#117627], {kibana-pull}114806[#114806]). +* Enhances the Data view selection UI and hides the Data view dropdown when no data is present ({kibana-pull}117601[#117601], {kibana-pull}119956[#119956]). +* Enhances previews and error flagging during rule creation ({kibana-pull}116374[#116374]). +* Updates rule actions to use `kibana.alert.*` fields instead of `signals.*` fields ({kibana-pull}116491[#116491]). +* Changes the insufficient permissions message type from an error to a warning ({kibana-pull}123777[#123777]). +* Fixes typos in the success messages that appear after you close Timelines or Timeline templates ({kibana-pull}123258[#123258]). +* Updates the Exceptions table header and Export button ({kibana-pull}122870[#122870]). +* Fixes a bug that could break a rule’s details page after you edited, activated, or deactivated the rule ({kibana-pull}122024[#122024]). +* Fixes an overlap between the rule query text field and Timeline banner ({kibana-pull}121967[#121967], {kibana-pull}121127[#121127]). +* Adds support for the `threat.feed.name` field in the alert details flyout and Timeline view ({kibana-pull}120250[#120250]). +* Adds the default threat indicator path (`threat_indicator_path`) to indicator match rules where it was missing ({kibana-pull}118962[#118962]). +* Adds a default value for the threat indicator path that indicator match rules use when creating indicator match rules from the {security-app} UI or the create rule API ({kibana-pull}118821[#118821]). +* Enhances the Endpoint details flyout UI ({kibana-pull}117987[#117987]). +* Fixes a bug that prevented you from clearing a connector’s `Additional comments` field ({kibana-pull}117901[#117901]). +* Allows you to modify the default threat indicator path for the Threat Intel Filebeat Module (v7.x) Indicator Match prebuilt rule ({kibana-pull}116583[#116583]). [discrete] [[release-notes-8.0.0-rc2]] @@ -155,7 +155,7 @@ A new Lucene 9 validation change may cause event correlation (EQL) rule errors w *The Data view option might not display in upgraded environments with legacy alerts* -To make the *Data view* option appear, a user with elevated role privileges must visit the {security-app}, open a page that displays alert data (such as the Overview page), then refresh the page ({kib-pull}121390[#121390]). +To make the *Data view* option appear, a user with elevated role privileges must visit the {security-app}, open a page that displays alert data (such as the Overview page), then refresh the page ({kibana-pull}121390[#121390]). The role must have the following privileges: @@ -175,7 +175,7 @@ NOTE: If new alerts are generated in an upgraded environment without legacy aler *Detection rules may not generate alerts after upgrading to {stack} 8.0.0* -Rules are automatically disabled during the upgrade process and must be manually re-enabled after the process completes. Failure to do so could cause a gap in rule coverage ({kib-pull}120906[#120906]). +Rules are automatically disabled during the upgrade process and must be manually re-enabled after the process completes. Failure to do so could cause a gap in rule coverage ({kibana-pull}120906[#120906]). Before upgrading, use the <> API to retrieve a list of enabled detection rules in your environment. You can reference this list when re-enabling rules after you upgrade. diff --git a/docs/release-notes/8.1.asciidoc b/docs/release-notes/8.1.asciidoc index b745b94554..8dbaa66fea 100644 --- a/docs/release-notes/8.1.asciidoc +++ b/docs/release-notes/8.1.asciidoc @@ -13,8 +13,8 @@ [discrete] [[bug-fixes-8.1.3]] ==== Bug fixes and enhancements -* Improves UI performance in environments with a high number of field mappings ({kib-pull}129862[#129862], {kib-pull}128928[#128928], {kib-pull}128885[#128885], {kib-pull}128909[#128909], {kib-pull}128774[#128774]). -* Fixes a bug on the *Host* and *Network* pages that forced table behavior to persist after users updated the pages’ time range ({kib-pull}130024[#130024]). +* Improves UI performance in environments with a high number of field mappings ({kibana-pull}129862[#129862], {kibana-pull}128928[#128928], {kibana-pull}128885[#128885], {kibana-pull}128909[#128909], {kibana-pull}128774[#128774]). +* Fixes a bug on the *Host* and *Network* pages that forced table behavior to persist after users updated the pages’ time range ({kibana-pull}130024[#130024]). [discrete] [[release-notes-8.1.2]] @@ -45,9 +45,9 @@ [[bug-fixes-8.1.1]] ==== Bug fixes and enhancements * Fixes an {endpoint-sec} integration bug that prevented benign Windows files from being deleted under certain circumstances. -* Adds a notification to the **Exception lists** page that informs users if they are lacking certain role privileges ({kib-pull}126874[#126874]). -* Turns off the **Upload value lists** option on the **Rules** page if users have `Read` Security privileges only ({kib-pull}126829[#126829]). -* Removes the option to select rules in the All Rules table if users have `Read` Security privileges only ({kib-pull}126827[#126827]). +* Adds a notification to the **Exception lists** page that informs users if they are lacking certain role privileges ({kibana-pull}126874[#126874]). +* Turns off the **Upload value lists** option on the **Rules** page if users have `Read` Security privileges only ({kibana-pull}126829[#126829]). +* Removes the option to select rules in the All Rules table if users have `Read` Security privileges only ({kibana-pull}126827[#126827]). [discrete] [[release-notes-8.1.0]] @@ -58,7 +58,7 @@ ==== Known issues * An {endpoint-sec} integration bug prevents benign Windows files from being deleted under certain circumstances. * On macOS versions before 12.4, if {elastic-endpoint} is used with other products that monitor or manage network traffic (such as antivirus programs, firewalls, or VPNs), users might experience network connection issues. To resolve this issue, upgrade to macOS 12.4 or later. -* Indicator match rules cannot use the `.items-*` system index and will encounter execution errors when run. Avoid using indices populated from value lists for indicator match rules ({kib-pull}133457[#133457]). +* Indicator match rules cannot use the `.items-*` system index and will encounter execution errors when run. Avoid using indices populated from value lists for indicator match rules ({kibana-pull}133457[#133457]). * A new Lucene 9 validation change may cause event correlation (EQL) rule errors whenever rule queries contain regular expressions using wildcard fields and predefined character classes (for example, `\w`, `\s`, `\d`). [discrete] @@ -70,24 +70,24 @@ There are no breaking changes in 8.1.0. [discrete] [[features-8.1.0]] ==== Features -* Adds a *Technical preview* toggle above the Rules table which, when enabled, allows users to sort on all rule management columns ({kib-pull}119611[#119611]). -* Introduces a new *Host risk classification* column in the All hosts table on the *Hosts* page. In addition, a new *Host by risk* tab has been added to the *Hosts* page and host detail pages. From the *Host by risk* tab, you can access an explanation of how a host’s risk is calculated and scored ({kib-pull}122980[#122980], {kib-pull}122586[#122586], {kib-pull}122018[#122018], {kib-pull}121075[#121075], {kib-pull}120487[#120487], {kib-pull}119734[#119734]). -* Introduces the ability to bulk edit rule index patterns and tags ({kib-pull}122635[#122635]). -* Expands Endpoint per-policy artifact assignment to include endpoint event filters and host isolation IP exceptions ({kib-pull}121879[#121879], {kib-pull}121632[#121632]). -* Adds the rule execution UUID field to alerts. In addition, the `kibana.alert.rule.execution.uuid` field is now part of the alert data schema and can be found in the field browser in the Alerts table.({kib-pull}113058[#113058]). -* Introduces case metrics that summarize alert information and response times ({kib-pull}121336[#121336]). -* Improves copy for the privilege check on the Endpoints page ({kib-pull}124118[#124118]). +* Adds a *Technical preview* toggle above the Rules table which, when enabled, allows users to sort on all rule management columns ({kibana-pull}119611[#119611]). +* Introduces a new *Host risk classification* column in the All hosts table on the *Hosts* page. In addition, a new *Host by risk* tab has been added to the *Hosts* page and host detail pages. From the *Host by risk* tab, you can access an explanation of how a host’s risk is calculated and scored ({kibana-pull}122980[#122980], {kibana-pull}122586[#122586], {kibana-pull}122018[#122018], {kibana-pull}121075[#121075], {kibana-pull}120487[#120487], {kibana-pull}119734[#119734]). +* Introduces the ability to bulk edit rule index patterns and tags ({kibana-pull}122635[#122635]). +* Expands Endpoint per-policy artifact assignment to include endpoint event filters and host isolation IP exceptions ({kibana-pull}121879[#121879], {kibana-pull}121632[#121632]). +* Adds the rule execution UUID field to alerts. In addition, the `kibana.alert.rule.execution.uuid` field is now part of the alert data schema and can be found in the field browser in the Alerts table.({kibana-pull}113058[#113058]). +* Introduces case metrics that summarize alert information and response times ({kibana-pull}121336[#121336]). +* Improves copy for the privilege check on the Endpoints page ({kibana-pull}124118[#124118]). [discrete] [[bug-fixes-8.1.0]] ==== Bug fixes and enhancements -* Improves the performance of indicator match rules ({kib-pull}123882[#123882], {kib-pull}123677[#123677]). -* Changes the default indicator index query of custom and prebuilt indicator match rules to `@timestamp >= "now-30d/d"` ({kib-pull}123590[#123590]). -* Improves the exceptions interface by replacing the exceptions modal with a flyout ({kib-pull}123408[#123408]). +* Improves the performance of indicator match rules ({kibana-pull}123882[#123882], {kibana-pull}123677[#123677]). +* Changes the default indicator index query of custom and prebuilt indicator match rules to `@timestamp >= "now-30d/d"` ({kibana-pull}123590[#123590]). +* Improves the exceptions interface by replacing the exceptions modal with a flyout ({kibana-pull}123408[#123408]). * Alert details flyout enhancements: -** Shows different highlighted fields in an alert’s details flyout based on its type, category, and code ({kib-pull}123239[#123239]). -** Adds overview cards with key data to the alert details flyout ({kib-pull}120347[#120347]). -* Allows users to aggregate alert data based on a larger selection of ECS fields instead of just 10 preset options ({kib-pull}120610[#120610]). -* Enriches threshold-related alert data from correct fields ({kib-pull}125376[#125376]). -* Hides the delete button for disabled exception lists ({kib-pull}122844[#122844]). -* Fixes various minor UX bugs ({kib-pull}121410[#121410]). +** Shows different highlighted fields in an alert’s details flyout based on its type, category, and code ({kibana-pull}123239[#123239]). +** Adds overview cards with key data to the alert details flyout ({kibana-pull}120347[#120347]). +* Allows users to aggregate alert data based on a larger selection of ECS fields instead of just 10 preset options ({kibana-pull}120610[#120610]). +* Enriches threshold-related alert data from correct fields ({kibana-pull}125376[#125376]). +* Hides the delete button for disabled exception lists ({kibana-pull}122844[#122844]). +* Fixes various minor UX bugs ({kibana-pull}121410[#121410]). diff --git a/docs/release-notes/8.10.asciidoc b/docs/release-notes/8.10.asciidoc index 403fe10864..bf15a30606 100644 --- a/docs/release-notes/8.10.asciidoc +++ b/docs/release-notes/8.10.asciidoc @@ -20,8 +20,8 @@ announcement]. [discrete] [[bug-fixes-8.10.4]] ==== Bug fixes -* Fixes a bug in Timeline that prevented the **Show top _x_** action from showing results ({kib-pull}168339[#168339]). -* Fixes a bug that caused outdated or incorrect data to display on the MITRE ATT&CK® Coverage page ({kib-pull}167917[#167917]). +* Fixes a bug in Timeline that prevented the **Show top _x_** action from showing results ({kibana-pull}168339[#168339]). +* Fixes a bug that caused outdated or incorrect data to display on the MITRE ATT&CK® Coverage page ({kibana-pull}167917[#167917]). [discrete] [[release-notes-8.10.3]] @@ -30,16 +30,16 @@ announcement]. [discrete] [[enhancements-8.10.3]] ==== Enhancements -* Updates the MITRE ATT&CK® framework to `v13.1` ({kib-pull}166536[#166536]). +* Updates the MITRE ATT&CK® framework to `v13.1` ({kibana-pull}166536[#166536]). [discrete] [[bug-fixes-8.10.3]] ==== Bug fixes -* Increases the line height of the session view preview in the alert details flyout ({kib-pull}166932[#166932]). -* Adds tooltips to the Correlations table in the alert details flyout ({kib-pull}166913[#166913]). -* Fixes a bug that prevented the prevalence query from considering fields with multiple values ({kib-pull}166891[#166891]). -* Fixes an alert details flyout bug that affected the way prevalence data was fetched ({kib-pull}166694[#166694]). -* Fixes a bug in Timeline that prevented the **Show top _x_** action from using the Timeline query ({kib-pull}165109[#165109]). +* Increases the line height of the session view preview in the alert details flyout ({kibana-pull}166932[#166932]). +* Adds tooltips to the Correlations table in the alert details flyout ({kibana-pull}166913[#166913]). +* Fixes a bug that prevented the prevalence query from considering fields with multiple values ({kibana-pull}166891[#166891]). +* Fixes an alert details flyout bug that affected the way prevalence data was fetched ({kibana-pull}166694[#166694]). +* Fixes a bug in Timeline that prevented the **Show top _x_** action from using the Timeline query ({kibana-pull}165109[#165109]). [discrete] [[release-notes-8.10.2]] @@ -71,7 +71,7 @@ There are no user-facing changes in 8.10.2. [[bug-fixes-8.10.1]] ==== Bug fixes -* Updates the Elastic AI Assistant response schema ({kib-pull}166300[#166300], {kib-pull}166495[#166495]). +* Updates the Elastic AI Assistant response schema ({kibana-pull}166300[#166300], {kibana-pull}166495[#166495]). [discrete] [[release-notes-8.10.0]] @@ -92,31 +92,31 @@ There are no breaking changes in 8.10.0. [[features-8.10.0]] ==== New features * Introduces a redesigned alert details flyout that enhances your investigative flows (https://github.com/elastic/security-docs/pull/3816[#3816], https://github.com/elastic/security-docs/pull/3854[#3854]). -* Adds the MITRE ATT&CK® coverage page, which shows how well your active detection rules protect against adversary tactics and techniques ({kib-pull}161556[#161556], {kib-pull}163498[#163498], {kib-pull}164613[#164613], {kib-pull}164986[#164986]). -* Adds a component under the Elastic AI Assistant header that allows you to select a different connector ({kib-pull}163666[#163666]). -* Adds role-based access control for the Elastic AI Assistant ({kib-pull}163031[#163031]). -* Adds a flyout that allows you to examine rule details when installing or updating a prebuilt rule ({kib-pull}163304[#163304]). -* Adds the ability to specify custom highlighted fields for an alert ({kib-pull}163235[#163235]). -* Adds the **Reputation service** option to the malicious behavior protection setting on the Elastic Defend integration policy ({kib-pull}161617[#161617]). +* Adds the MITRE ATT&CK® coverage page, which shows how well your active detection rules protect against adversary tactics and techniques ({kibana-pull}161556[#161556], {kibana-pull}163498[#163498], {kibana-pull}164613[#164613], {kibana-pull}164986[#164986]). +* Adds a component under the Elastic AI Assistant header that allows you to select a different connector ({kibana-pull}163666[#163666]). +* Adds role-based access control for the Elastic AI Assistant ({kibana-pull}163031[#163031]). +* Adds a flyout that allows you to examine rule details when installing or updating a prebuilt rule ({kibana-pull}163304[#163304]). +* Adds the ability to specify custom highlighted fields for an alert ({kibana-pull}163235[#163235]). +* Adds the **Reputation service** option to the malicious behavior protection setting on the Elastic Defend integration policy ({kibana-pull}161617[#161617]). [discrete] [[enhancements-8.10.0]] ==== Enhancements -* Modifies the {elastic-sec} main menu by adding the Rules main page and landing page, and shifting the order of the Cases and Explore pages ({kib-pull}165061[#165061], {kib-pull}163102[#163102], {kib-pull}161667[#161667]). -* Adds a `resource.id` column to the "Top 10 vulnerable resources" table on the Cloud Native Vulnerability Management dashboard ({kib-pull}162668[#162668]). -* Shows the most relevant tab when you open the Findings page, instead of always showing the Misconfigurations tab ({kib-pull}162289[#162289]). -* Adds the **Building block** label to the rule details page for building block rules ({kib-pull}162233[#162233]). -* Removes a filter that restricted the fields you could choose from when creating an Endpoint exception or event filter ({kib-pull}162193[#162193]). -* Shows a confirmation message on the Rules page and rule details page when you delete rules ({kib-pull}162477[#162477]). +* Modifies the {elastic-sec} main menu by adding the Rules main page and landing page, and shifting the order of the Cases and Explore pages ({kibana-pull}165061[#165061], {kibana-pull}163102[#163102], {kibana-pull}161667[#161667]). +* Adds a `resource.id` column to the "Top 10 vulnerable resources" table on the Cloud Native Vulnerability Management dashboard ({kibana-pull}162668[#162668]). +* Shows the most relevant tab when you open the Findings page, instead of always showing the Misconfigurations tab ({kibana-pull}162289[#162289]). +* Adds the **Building block** label to the rule details page for building block rules ({kibana-pull}162233[#162233]). +* Removes a filter that restricted the fields you could choose from when creating an Endpoint exception or event filter ({kibana-pull}162193[#162193]). +* Shows a confirmation message on the Rules page and rule details page when you delete rules ({kibana-pull}162477[#162477]). [discrete] [[bug-fixes-8.10.0]] ==== Bug fixes -* Fixes a UI bug that caused the rule preview to break when you closed it ({kib-pull}164973[#164973]). -* Fixes a bug that stopped pre-configured connectors from working with the Elastic AI Assistant ({kib-pull}164900[#164900]). -* Adds the new Elastic AI Assistant logo and global header menu item ({kib-pull}164763[#164763]). -* Ensures that users see the appropriate message in the Elastic AI Assistant UI if they don't have the necessary connector and action privileges ({kib-pull}164382[#164382]). -* Prevents threshold rule error messages from concealing shard failure messages ({kib-pull}164231[#164231]). -* Removes filter in and out inline actions from the Alerts table on the case details page, and fixes issues with the **Top alerts by** inline action ({kib-pull}161150[#161150]). -* Uses the {agent} `last_checkin` status for endpoints' `last seen` status ({kib-pull}160506[#160506]). -* Hides the **Top alerts by** inline action for nested fields ({kib-pull}159645[#159645]). \ No newline at end of file +* Fixes a UI bug that caused the rule preview to break when you closed it ({kibana-pull}164973[#164973]). +* Fixes a bug that stopped pre-configured connectors from working with the Elastic AI Assistant ({kibana-pull}164900[#164900]). +* Adds the new Elastic AI Assistant logo and global header menu item ({kibana-pull}164763[#164763]). +* Ensures that users see the appropriate message in the Elastic AI Assistant UI if they don't have the necessary connector and action privileges ({kibana-pull}164382[#164382]). +* Prevents threshold rule error messages from concealing shard failure messages ({kibana-pull}164231[#164231]). +* Removes filter in and out inline actions from the Alerts table on the case details page, and fixes issues with the **Top alerts by** inline action ({kibana-pull}161150[#161150]). +* Uses the {agent} `last_checkin` status for endpoints' `last seen` status ({kibana-pull}160506[#160506]). +* Hides the **Top alerts by** inline action for nested fields ({kibana-pull}159645[#159645]). \ No newline at end of file diff --git a/docs/release-notes/8.11.asciidoc b/docs/release-notes/8.11.asciidoc index e0ac6f3cf0..41f3fbf86d 100644 --- a/docs/release-notes/8.11.asciidoc +++ b/docs/release-notes/8.11.asciidoc @@ -8,10 +8,10 @@ [discrete] [[bug-fixes-8.11.4]] ==== Bug fixes -* Stops the **{esql}** tab from rendering until you click on it in Timeline ({kib-pull}173484[#173484]). -* Adds a feature flag (`timelineEsqlTabDisabled`) to hide the **{esql}** tab in Timeline ({kib-pull}174029[#174029]). -* Removes the default query from the **{esql}** tab in Timeline ({kib-pull}174393[#174393]). -* Fixes a bug that caused the **Add to Case** action to fail if you didn't add a comment before isolating and releasing a host ({kib-pull}172912[#172912]). +* Stops the **{esql}** tab from rendering until you click on it in Timeline ({kibana-pull}173484[#173484]). +* Adds a feature flag (`timelineEsqlTabDisabled`) to hide the **{esql}** tab in Timeline ({kibana-pull}174029[#174029]). +* Removes the default query from the **{esql}** tab in Timeline ({kibana-pull}174393[#174393]). +* Fixes a bug that caused the **Add to Case** action to fail if you didn't add a comment before isolating and releasing a host ({kibana-pull}172912[#172912]). [discrete] [[release-notes-8.11.3]] @@ -20,7 +20,7 @@ [discrete] [[bug-fixes-8.11.3]] ==== Bug fixes -* Fixes a bug that caused the **Add to Case** action to fail if you didn't add a comment before isolating and releasing a host ({kib-pull}172912[#172912]). +* Fixes a bug that caused the **Add to Case** action to fail if you didn't add a comment before isolating and releasing a host ({kibana-pull}172912[#172912]). [discrete] [[release-notes-8.11.2]] @@ -29,15 +29,15 @@ [discrete] [[enhancements-8.11.2]] ==== Enhancements -* Updates references on the Entity Risk Score management page ({kib-pull}171089[#171089]). +* Updates references on the Entity Risk Score management page ({kibana-pull}171089[#171089]). [discrete] [[bug-fixes-8.11.2]] ==== Bug fixes -* Fixes a bug that caused the Alerts page to crash if you reloaded it while the preview panel in the alert details flyout was open ({kib-pull}172323[#172323]). -* Fixes the event analyzer panel width ({kib-pull}172026[#172026]). -* Applies page filters to MITRE ATT&CK® sub-technique cells when displaying rules ({kib-pull}170988[#170988]). -* Fixes a bug with the **Investigate in timeline** action for Elastic AI Assistant that caused {esql} queries to open in the KQL query bar within Timeline ({kib-pull}170542[#170542]). +* Fixes a bug that caused the Alerts page to crash if you reloaded it while the preview panel in the alert details flyout was open ({kibana-pull}172323[#172323]). +* Fixes the event analyzer panel width ({kibana-pull}172026[#172026]). +* Applies page filters to MITRE ATT&CK® sub-technique cells when displaying rules ({kibana-pull}170988[#170988]). +* Fixes a bug with the **Investigate in timeline** action for Elastic AI Assistant that caused {esql} queries to open in the KQL query bar within Timeline ({kibana-pull}170542[#170542]). [discrete] [[release-notes-8.11.1]] @@ -46,14 +46,14 @@ [discrete] [[enhancements-8.11.1]] ==== Enhancements -* Allows user and host risk score tables to be filtered by time range ({kib-pull}168826[#168826]). +* Allows user and host risk score tables to be filtered by time range ({kibana-pull}168826[#168826]). [discrete] [[bug-fixes-8.11.1]] ==== Bug fixes -* Fixes a bug that caused MITRE ATT&CK® technique cells to show duplicate rules ({kib-pull}169708[#169708]). -* Fixes a bug that caused the incorrect MITRE ATT&CK® sub-technique to be applied after you saved a rule ({kib-pull}170465[#170465]). -* Adds a privilege check for bulk-changing alert statuses ({kib-pull}170584[#170584]). +* Fixes a bug that caused MITRE ATT&CK® technique cells to show duplicate rules ({kibana-pull}169708[#169708]). +* Fixes a bug that caused the incorrect MITRE ATT&CK® sub-technique to be applied after you saved a rule ({kibana-pull}170465[#170465]). +* Adds a privilege check for bulk-changing alert statuses ({kibana-pull}170584[#170584]). [discrete] [[release-notes-8.11.0]] @@ -62,33 +62,33 @@ [discrete] [[known-issue-8.11.0]] ==== Known issues -* MITRE ATT&CK® technique cells show duplicate rules ({kib-issue}167929[#167929]). -* MITRE ATT&CK® tactic cells show an incorrect rule count ({kib-issue}167930[#167930]). -* An incorrect MITRE ATT&CK® sub-technique is applied after you save a rule ({kib-issue}170347[#170347]). -* When using {elastic-defend}'s protection updates feature, if you turn off automatic updates and select the current day as your deployed artifacts version, it's possible that the set of protections has not been released for that day yet. As a result, {agent} could fail to download the artifacts and be set to an Unhealthy state. To avoid this issue, pick a date previous to the current one ({kib-issue}170847[#170847]). +* MITRE ATT&CK® technique cells show duplicate rules ({kibana-issue}167929[#167929]). +* MITRE ATT&CK® tactic cells show an incorrect rule count ({kibana-issue}167930[#167930]). +* An incorrect MITRE ATT&CK® sub-technique is applied after you save a rule ({kibana-issue}170347[#170347]). +* When using {elastic-defend}'s protection updates feature, if you turn off automatic updates and select the current day as your deployed artifacts version, it's possible that the set of protections has not been released for that day yet. As a result, {agent} could fail to download the artifacts and be set to an Unhealthy state. To avoid this issue, pick a date previous to the current one ({kibana-issue}170847[#170847]). [discrete] [[breaking-changes-8.11.0]] ==== Breaking changes -* Ends support for the `filterQuery` field of the `getLiveQueryResults` and `findLiveQuery` APIs, and replaces it with the KQL field `kuery`. Requests to those APIs that used the `filterQuery` field should replace it with `kuery` ({kib-pull}161806[#161806]). +* Ends support for the `filterQuery` field of the `getLiveQueryResults` and `findLiveQuery` APIs, and replaces it with the KQL field `kuery`. Requests to those APIs that used the `filterQuery` field should replace it with `kuery` ({kibana-pull}161806[#161806]). * In 8.11, rule APIs will only support `investigation_fields` as `{ field_names: string[] }`. If you've added this field to your rules in 8.10, you don't need to do anything when you import your rules. [discrete] [[deprecations-8.11.0]] ==== Deprecations -* Deprecates the `doc_root.vulnerability.package` and replaces it with the `doc_root.package` ECS package ({kib-pull}164651[#164651]). +* Deprecates the `doc_root.vulnerability.package` and replaces it with the `doc_root.package` ECS package ({kibana-pull}164651[#164651]). [discrete] [[features-8.11.0]] ==== New features * Upgrades {elastic-defend} to capture a new Windows event type: ETW Threat Intelligence (ETW-TI). Renames the Windows events policy `Credential access` category to `API` in the UI (but not in the `.yaml`, maintaining backwards compatibility). Adds two new advanced options: `windows.advanced.events.api_disabled` and -`windows.advanced.events.api_verbose` ({kib-pull}167549[#167549]). -* Adds the `Same family` category and tab to the Data Quality dashboard. Fields with mappings in the same family have the same search behavior as the type specified by ECS, but may have different space usage or performance characteristics ({kib-pull}167480[#167480]). -* Updates the exceptions flyout's `match_any` operator to accept duplicate values that differ in case ({kib-pull}167208[#167208]). -* beta:[] Enables the Elastic AI Assistant to answer questions about Elasticsearch Query Language (ES|QL) by allowing it to query, via ELSER, an ES|QL knowledge base. Refer to <> to enable the knowledge base ({kib-pull}167097[#167097]). -* Enables ES|QL in Timeline (technical preview) ({kib-pull}166764[#166764]). -* Adds the new ES|QL rule type (technical preview) ({kib-pull}165450[#165450]). -* Updates the Endpoint policy UI (**Manage -> Policies**) to include a `Protection updates` tab, a new column called `Deployed version`, and a banner that highlights outdated policies ({kib-pull}165256[#165256], {kib-pull}162719[#162719]). +`windows.advanced.events.api_verbose` ({kibana-pull}167549[#167549]). +* Adds the `Same family` category and tab to the Data Quality dashboard. Fields with mappings in the same family have the same search behavior as the type specified by ECS, but may have different space usage or performance characteristics ({kibana-pull}167480[#167480]). +* Updates the exceptions flyout's `match_any` operator to accept duplicate values that differ in case ({kibana-pull}167208[#167208]). +* beta:[] Enables the Elastic AI Assistant to answer questions about Elasticsearch Query Language (ES|QL) by allowing it to query, via ELSER, an ES|QL knowledge base. Refer to <> to enable the knowledge base ({kibana-pull}167097[#167097]). +* Enables ES|QL in Timeline (technical preview) ({kibana-pull}166764[#166764]). +* Adds the new ES|QL rule type (technical preview) ({kibana-pull}165450[#165450]). +* Updates the Endpoint policy UI (**Manage -> Policies**) to include a `Protection updates` tab, a new column called `Deployed version`, and a banner that highlights outdated policies ({kibana-pull}165256[#165256], {kibana-pull}162719[#162719]). * Introduces full support for {elastic-endpoint} on macOS Sonoma. * Updates {elastic-defend} to support AlmaLinux 9 and Rocky Linux 9. * Adds a new optional parameter to {elastic-endpoint}'s `top` command. The `--limit` parameter specifies how many times to refresh the command's output before a graceful exit. @@ -97,23 +97,23 @@ [discrete] [[enhancements-8.11.0]] ==== Enhancements -* Adds a new Generative AI connector, Amazon Bedrock, for use with Elastic AI Assistant ({kib-pull}166662[#166662]). -* Renames the Generative AI connector to OpenAI, since Generative AI is now a category of connectors that include OpenAI and Amazon Bedrock ({kib-pull}167677[#167677]). -* Adds the `id`, `severity`, and `status` fields to the Webhook - Case Management connector ({kib-pull}166295[#166295]). -* Updates the order of items on {kib}'s left-side navigation menu to match the order in {elastic-sec}'s left-side navigation menu ({kib-pull}164268[#164268]). -* Adds tooltips to overview section titles in the alert details flyout ({kib-pull}166737[#166737]). -* Updates the `.lists` and `.items` indices to data streams ({kib-pull}162508[#162508]). +* Adds a new Generative AI connector, Amazon Bedrock, for use with Elastic AI Assistant ({kibana-pull}166662[#166662]). +* Renames the Generative AI connector to OpenAI, since Generative AI is now a category of connectors that include OpenAI and Amazon Bedrock ({kibana-pull}167677[#167677]). +* Adds the `id`, `severity`, and `status` fields to the Webhook - Case Management connector ({kibana-pull}166295[#166295]). +* Updates the order of items on {kib}'s left-side navigation menu to match the order in {elastic-sec}'s left-side navigation menu ({kibana-pull}164268[#164268]). +* Adds tooltips to overview section titles in the alert details flyout ({kibana-pull}166737[#166737]). +* Updates the `.lists` and `.items` indices to data streams ({kibana-pull}162508[#162508]). [discrete] [[bug-fixes-8.11.0]] ==== Bug fixes -* Updates the Entity Risk Score error message to list the necessary permissions ({kib-pull}169216[#169216]). -* Displays more descriptive errors for Generative AI connectors ({kib-pull}167674[#167674]). -* Adds metrics to some rule execution warning messages ({kib-pull}167551[#167551]). -* Fixes a bug that could cause the exceptions flyout to reload unnecessarily in response to rule updates ({kib-pull}166914[#166914]). -* Fixes a bug that could cause EQL shell alerts to not include certain common fields ({kib-pull}166751[#166751]). -* Sets the date and time picker to full width in the expanded Prevalence view within the alert details flyout ({kib-pull}166714[#166714]). -* Fixes a bug that could prevent the **Install Cloud Native Vulnerability Management** button on the empty state of the Findings page from working ({kib-pull}166335[#166335]). -* Fixes a bug that could cause an error when you edited a rule's filter ({kib-pull}165262[#165262]). -* Fixes a bug that caused the Rules table to auto-refresh when auto-refresh was disabled ({kib-pull}165250[#165250]). \ No newline at end of file +* Updates the Entity Risk Score error message to list the necessary permissions ({kibana-pull}169216[#169216]). +* Displays more descriptive errors for Generative AI connectors ({kibana-pull}167674[#167674]). +* Adds metrics to some rule execution warning messages ({kibana-pull}167551[#167551]). +* Fixes a bug that could cause the exceptions flyout to reload unnecessarily in response to rule updates ({kibana-pull}166914[#166914]). +* Fixes a bug that could cause EQL shell alerts to not include certain common fields ({kibana-pull}166751[#166751]). +* Sets the date and time picker to full width in the expanded Prevalence view within the alert details flyout ({kibana-pull}166714[#166714]). +* Fixes a bug that could prevent the **Install Cloud Native Vulnerability Management** button on the empty state of the Findings page from working ({kibana-pull}166335[#166335]). +* Fixes a bug that could cause an error when you edited a rule's filter ({kibana-pull}165262[#165262]). +* Fixes a bug that caused the Rules table to auto-refresh when auto-refresh was disabled ({kibana-pull}165250[#165250]). \ No newline at end of file diff --git a/docs/release-notes/8.12.asciidoc b/docs/release-notes/8.12.asciidoc index ff9b74a2d6..0320441d59 100644 --- a/docs/release-notes/8.12.asciidoc +++ b/docs/release-notes/8.12.asciidoc @@ -24,15 +24,15 @@ To resolve this issue, upgrade to 8.13 or later. [discrete] [[bug-fixes-8.12.2]] ==== Bug fixes -* Fixes long-running queries in Timeline and Events tables within Explore pages ({kib-pull}176838[#176838]). -* Updates the default {bedrock} connector API URL ({kib-pull}176090[#176090]). -* Ensures the risk score query only searches through alerts associated with the current user ({kib-pull}175903[#175903]). -* Fixes a bug that prevented scheduled query packs from running if a pack's ID was composed of numbers ({kib-pull}176507[#176507]). -* Fixes a bug that affected the rule details page layout if rule filters were extremely long. Also fixes a bug that incorrectly caused rule filters to display instead of their custom labels ({kib-pull}176590[#176590]). -* Fixes a bug that prevented rules from being successfully imported if any rules referenced preconfigured connectors ({kib-pull}176284[#176284]). -* Fixes a bug that prevented rules from being successfully exported if you exported more than 1000 rules ({kib-pull}175979[#175979]). -* Turns off the option to install rules if you don't have the appropriate privileges ({kib-pull}176598[#176598]). -* Fixes a bug that caused data to be lost when you upgraded a prebuilt rule to a new version with a different rule type ({kib-pull}176421[#176421]). +* Fixes long-running queries in Timeline and Events tables within Explore pages ({kibana-pull}176838[#176838]). +* Updates the default {bedrock} connector API URL ({kibana-pull}176090[#176090]). +* Ensures the risk score query only searches through alerts associated with the current user ({kibana-pull}175903[#175903]). +* Fixes a bug that prevented scheduled query packs from running if a pack's ID was composed of numbers ({kibana-pull}176507[#176507]). +* Fixes a bug that affected the rule details page layout if rule filters were extremely long. Also fixes a bug that incorrectly caused rule filters to display instead of their custom labels ({kibana-pull}176590[#176590]). +* Fixes a bug that prevented rules from being successfully imported if any rules referenced preconfigured connectors ({kibana-pull}176284[#176284]). +* Fixes a bug that prevented rules from being successfully exported if you exported more than 1000 rules ({kibana-pull}175979[#175979]). +* Turns off the option to install rules if you don't have the appropriate privileges ({kibana-pull}176598[#176598]). +* Fixes a bug that caused data to be lost when you upgraded a prebuilt rule to a new version with a different rule type ({kibana-pull}176421[#176421]). [discrete] [[release-notes-8.12.1]] @@ -58,20 +58,20 @@ To resolve this issue, upgrade to 8.13 or later. [[enhancements-8.12.1]] ==== Enhancements -* Provides performance improvements related to image load and registry write events ({kib-pull}175486[#175486]). +* Provides performance improvements related to image load and registry write events ({kibana-pull}175486[#175486]). [discrete] [[bug-fixes-8.12.1]] ==== Bug fixes -* Fixes misaligned elements in the top navigation bar ({kib-pull}175516[#175516]). -* Fixes a bug that affected search results when you entered an agent name that included a dash (`-`) ({kib-pull}175134[#175134]). -* Fixes a UI bug that hid frequency options for rule actions when you created or edited a rule ({kib-pull}175050[#175050]). -* Removes the option to select a data view when modifying a rule's filter ({kib-pull}174922[#174922]). -* Hides the technical and runtime fields that shouldn't appear in the JSON diff view when you're upgrading a rule ({kib-pull}174789[#174789]). -* Ensures the current user is used when querying threshold rule history ({kib-pull}174723[#174723]). -* Updates the document ID used for the visual event analyzer preview and the related by ancestry section of the alert details flyout ({kib-pull}174651[#174651]). -* Deletes saved searches that are associated with deleted Timelines, and prevents saved searches from being created twice ({kib-pull}174562[#174562]). -* Fixes a bug that prevented the assignee column from appearing in the Alerts table after upgrading to 8.12.0 ({kib-pull}174370[#174370]). +* Fixes misaligned elements in the top navigation bar ({kibana-pull}175516[#175516]). +* Fixes a bug that affected search results when you entered an agent name that included a dash (`-`) ({kibana-pull}175134[#175134]). +* Fixes a UI bug that hid frequency options for rule actions when you created or edited a rule ({kibana-pull}175050[#175050]). +* Removes the option to select a data view when modifying a rule's filter ({kibana-pull}174922[#174922]). +* Hides the technical and runtime fields that shouldn't appear in the JSON diff view when you're upgrading a rule ({kibana-pull}174789[#174789]). +* Ensures the current user is used when querying threshold rule history ({kibana-pull}174723[#174723]). +* Updates the document ID used for the visual event analyzer preview and the related by ancestry section of the alert details flyout ({kibana-pull}174651[#174651]). +* Deletes saved searches that are associated with deleted Timelines, and prevents saved searches from being created twice ({kibana-pull}174562[#174562]). +* Fixes a bug that prevented the assignee column from appearing in the Alerts table after upgrading to 8.12.0 ({kibana-pull}174370[#174370]). [discrete] [[release-notes-8.12.0]] @@ -140,53 +140,53 @@ There are no deprecations in 8.12.0. [[features-8.12.0]] ==== New features -* Introduces the ability to assign alerts to specific users ({kib-pull}170579[#170579], {kib-pull}171589[#171589]). -* Introduces Retrieval Augmented Generation (RAG) for Alerts, allowing you to give Elastic AI Assistant context about more alerts in your environment ({kib-pull}172542[#172542]). -* Enables alert suppression for threshold rules ({kib-pull}171423[#171423]). -* Adds an *Updates* tab to the prebuilt rules upgrade flyout to show differences between the installed and updated versions ({kib-pull}172535[#172535], {kib-pull}173187[#173187]). -* Adds a setting that lets you exclude cold and frozen tiers from visual event analyzer queries ({kib-pull}172162[#172162]). -* Adds a tour to guide users through Timelines UI changes ({kib-pull}172030[#172030]). -* Adds a timeout option for Osquery queries, so you can customize the maximum time each query should run before timing out ({kib-pull}169925[#169925]). -* Introduces new grouping capabilities for CSPM and KSPM Findings data ({kib-pull}169884[#169884]). -* Adds the expandable alert details flyout to the rule preview panel ({kib-pull}167902[#167902]). +* Introduces the ability to assign alerts to specific users ({kibana-pull}170579[#170579], {kibana-pull}171589[#171589]). +* Introduces Retrieval Augmented Generation (RAG) for Alerts, allowing you to give Elastic AI Assistant context about more alerts in your environment ({kibana-pull}172542[#172542]). +* Enables alert suppression for threshold rules ({kibana-pull}171423[#171423]). +* Adds an *Updates* tab to the prebuilt rules upgrade flyout to show differences between the installed and updated versions ({kibana-pull}172535[#172535], {kibana-pull}173187[#173187]). +* Adds a setting that lets you exclude cold and frozen tiers from visual event analyzer queries ({kibana-pull}172162[#172162]). +* Adds a tour to guide users through Timelines UI changes ({kibana-pull}172030[#172030]). +* Adds a timeout option for Osquery queries, so you can customize the maximum time each query should run before timing out ({kibana-pull}169925[#169925]). +* Introduces new grouping capabilities for CSPM and KSPM Findings data ({kibana-pull}169884[#169884]). +* Adds the expandable alert details flyout to the rule preview panel ({kibana-pull}167902[#167902]). * Introduces bidirectional response actions to isolate and release SentinelOne-protected hosts (technical preview). [discrete] [[enhancements-8.12.0]] ==== Enhancements -* Refactors the timeline UI — various minor updates ({kib-pull}168230[#168230]). -* Introduces manual saving for Timeline ({kib-pull}171027[#171027], {kib-pull}169239[#169239]). -* Improves forward-compatibility for the rule schema ({kib-pull}170861[#170861]). -* Simplifies the format of risk engine API error responses ({kib-pull}170645[#170645]). -* Makes various UI improvements to the alert details flyout ({kib-pull}170279[#170279], {kib-pull}169035[#169035], {kib-pull}173399[#173399], {kib-pull}170078[#170078], {kib-pull}168297[#168297]). -* Saves the state of the alert details flyout in the browser. For example, after you use the flyout's *Investigate in timeline* button, you can click your browser's back button to return to the flyout ({kib-pull}169661[#169661]). -* Adds a button to rule execution error messages that lets you ask AI Assistant to diagnose errors ({kib-pull}166778[#166778]). +* Refactors the timeline UI — various minor updates ({kibana-pull}168230[#168230]). +* Introduces manual saving for Timeline ({kibana-pull}171027[#171027], {kibana-pull}169239[#169239]). +* Improves forward-compatibility for the rule schema ({kibana-pull}170861[#170861]). +* Simplifies the format of risk engine API error responses ({kibana-pull}170645[#170645]). +* Makes various UI improvements to the alert details flyout ({kibana-pull}170279[#170279], {kibana-pull}169035[#169035], {kibana-pull}173399[#173399], {kibana-pull}170078[#170078], {kibana-pull}168297[#168297]). +* Saves the state of the alert details flyout in the browser. For example, after you use the flyout's *Investigate in timeline* button, you can click your browser's back button to return to the flyout ({kibana-pull}169661[#169661]). +* Adds a button to rule execution error messages that lets you ask AI Assistant to diagnose errors ({kibana-pull}166778[#166778]). * Integrates a new Event Tracing for Windows (ETW) provider (Microsoft-Windows-Win32k) to create new event types that can be used by prebuilt endpoint rules to detect keylogging activity. * Allows for acting and target memory region buffers within behavior alerts to be scanned against {elastic-sec}'s collection of YARA signatures when collected. Detections are added to alerts. * Adds a new ReadProcessMemory (lsass) event that can be used by prebuilt endpoint rules to detect credential dumping. -* Adds a link to the Amazon Bedrock connector edit UI that opens the token tracking dashboard ({kib-pull}172115[#172115]). -* Allows you to use the `matches` and `does not match` operators when defining endpoint exceptions and event filters ({kib-pull}166002[#166002], {kib-pull}170495[#170495]). +* Adds a link to the Amazon Bedrock connector edit UI that opens the token tracking dashboard ({kibana-pull}172115[#172115]). +* Allows you to use the `matches` and `does not match` operators when defining endpoint exceptions and event filters ({kibana-pull}166002[#166002], {kibana-pull}170495[#170495]). * Adds support for Kafka as an output type for Endpoint. [discrete] [[bug-fixes-8.12.0]] ==== Bug fixes -* Fixes response action bugs by mapping the `unisolate` command to the `release` command and the `running-processes` command to the `processes` command ({kib-pull}173831[#173831]). -* Fixes the dark theme for the alert details flyout footer ({kib-pull}173577[#173577]). -* Makes the Timeline tour compatible with the Timeline template page ({kib-pull}173526[#173526]). -* Stops the **{esql}** tab from rendering until you click on it in Timeline ({kib-pull}173484[#173484]). -* Adds a feature flag (`timelineEsqlTabDisabled`) to show or hide the **{esql}** tab in Timeline ({kib-pull}174029[#174029]). -* Removes the default query in the **{esql}** tab in Timeline ({kib-pull}174393[#174393]). -* Fixes a bug that caused {ml} fetch jobs to fail when the default data view (`securitySolution:defaultIndex`) contained special characters ({kib-pull}173426[#173426]). -* Remove the **Assignees** field from the event details flyout ({kib-pull}173314[#173314]). -* Fixes a bug that caused the **Add to Case** action to fail if you didn't add a comment before isolating and releasing a host ({kib-pull}172912[#172912]). -* Fixes a UI bug that overlaid **Default Risk score** values as you created a new rule ({kib-pull}172677[#172677]). -* Fixes a bug that cleared configured fields in the exceptions flyout after the flyout reloaded and refocused ({kib-pull}172666[#172666]). -* Limits the character length for exception comments to 3000 characters, and makes the error message more descriptive if the limit's exceeded ({kib-pull}170764[#170764]). -* Re-adds the missing alerts index filtration to Data views ({kib-pull}170484[#170484]). -* Fixes a bug that didn't allow exceptions to be created or edited after an error displayed ({kib-pull}169801[#169801]). -* Stops {security-app} pages from crashing when there's a fields error in the **Stack by** component ({kib-pull}168411[#168411]). -* Deletes saved searches that are associated with deleted Timelines and prevents saved searches from being created twice ({kib-pull}174562[#174562]). -* Fixes a bug with the **Share alert** feature in the alert details flyout ({kib-pull}174005[#174005]). \ No newline at end of file +* Fixes response action bugs by mapping the `unisolate` command to the `release` command and the `running-processes` command to the `processes` command ({kibana-pull}173831[#173831]). +* Fixes the dark theme for the alert details flyout footer ({kibana-pull}173577[#173577]). +* Makes the Timeline tour compatible with the Timeline template page ({kibana-pull}173526[#173526]). +* Stops the **{esql}** tab from rendering until you click on it in Timeline ({kibana-pull}173484[#173484]). +* Adds a feature flag (`timelineEsqlTabDisabled`) to show or hide the **{esql}** tab in Timeline ({kibana-pull}174029[#174029]). +* Removes the default query in the **{esql}** tab in Timeline ({kibana-pull}174393[#174393]). +* Fixes a bug that caused {ml} fetch jobs to fail when the default data view (`securitySolution:defaultIndex`) contained special characters ({kibana-pull}173426[#173426]). +* Remove the **Assignees** field from the event details flyout ({kibana-pull}173314[#173314]). +* Fixes a bug that caused the **Add to Case** action to fail if you didn't add a comment before isolating and releasing a host ({kibana-pull}172912[#172912]). +* Fixes a UI bug that overlaid **Default Risk score** values as you created a new rule ({kibana-pull}172677[#172677]). +* Fixes a bug that cleared configured fields in the exceptions flyout after the flyout reloaded and refocused ({kibana-pull}172666[#172666]). +* Limits the character length for exception comments to 3000 characters, and makes the error message more descriptive if the limit's exceeded ({kibana-pull}170764[#170764]). +* Re-adds the missing alerts index filtration to Data views ({kibana-pull}170484[#170484]). +* Fixes a bug that didn't allow exceptions to be created or edited after an error displayed ({kibana-pull}169801[#169801]). +* Stops {security-app} pages from crashing when there's a fields error in the **Stack by** component ({kibana-pull}168411[#168411]). +* Deletes saved searches that are associated with deleted Timelines and prevents saved searches from being created twice ({kibana-pull}174562[#174562]). +* Fixes a bug with the **Share alert** feature in the alert details flyout ({kibana-pull}174005[#174005]). \ No newline at end of file diff --git a/docs/release-notes/8.2.asciidoc b/docs/release-notes/8.2.asciidoc index d998422d26..303d004aea 100644 --- a/docs/release-notes/8.2.asciidoc +++ b/docs/release-notes/8.2.asciidoc @@ -13,7 +13,7 @@ [discrete] [[bug-fixes-8.2.3]] ==== Bug fixes and enhancements -* Fixes a bug that caused incorrect enrichment data to be attached to alerts ({kib-pull}133591[#133591]). +* Fixes a bug that caused incorrect enrichment data to be attached to alerts ({kibana-pull}133591[#133591]). [discrete] [[release-notes-8.2.2]] @@ -27,7 +27,7 @@ [discrete] [[bug-fixes-8.2.2]] ==== Bug fixes and enhancements -* Fixes a sorting and tooltip issue in Timeline for non-ECS fields that don’t have nested values ({kib-pull}132570[#132570]). +* Fixes a sorting and tooltip issue in Timeline for non-ECS fields that don’t have nested values ({kibana-pull}132570[#132570]). [discrete] [[release-notes-8.2.1]] @@ -41,11 +41,11 @@ [discrete] [[bug-fixes-8.2.1]] ==== Bug fixes and enhancements -* Allows {kibana-ref}/pre-configured-connectors.html[preconfigured connectors] to be used with cases ({kib-pull}130372[#130372]). -* Adds pagination to the *Table* tab on the Alert details flyout to fix a performance issue on the Timelines page ({kib-pull}131358[#131358]). -* Fixes sorting issues that were related to unmapped fields ({kib-pull}132190[#132190]). -* Fixes a bug in the *Filter In*, *Filter Out*, and *Add to timeline investigation* inline actions that caused incorrect results to be retrieved ({kib-pull}132251[#132251]). -* Enhances performance by improving calculations for the top count function and hover action in data tables ({kib-pull}131363[#131363]). +* Allows {kibana-ref}/pre-configured-connectors.html[preconfigured connectors] to be used with cases ({kibana-pull}130372[#130372]). +* Adds pagination to the *Table* tab on the Alert details flyout to fix a performance issue on the Timelines page ({kibana-pull}131358[#131358]). +* Fixes sorting issues that were related to unmapped fields ({kibana-pull}132190[#132190]). +* Fixes a bug in the *Filter In*, *Filter Out*, and *Add to timeline investigation* inline actions that caused incorrect results to be retrieved ({kibana-pull}132251[#132251]). +* Enhances performance by improving calculations for the top count function and hover action in data tables ({kibana-pull}131363[#131363]). [discrete] [[release-notes-8.2.0]] @@ -55,14 +55,14 @@ [[known-issue-8.2.0]] ==== Known issues * On macOS versions before 12.4, if {elastic-endpoint} is used with other products that monitor or manage network traffic (such as antivirus programs, firewalls, or VPNs), users might experience network connection issues. To resolve this issue, upgrade to macOS 12.4 or later. -* Indicator match rules cannot use the `.items-*` system index and will encounter execution errors when run. Avoid using indices populated from value lists for indicator match rules ({kib-pull}133457[#133457]). -* The `matches` operator in the *Add Rule Exception* flyout does not work because wildcard matches are not supported for rule exceptions. Using the `matches` operator will cause rule exceptions and their associated rules to fail. You can restore failed rules by deleting unsupported exceptions and refreshing the rules ({kib-issue}136340[#136340]). +* Indicator match rules cannot use the `.items-*` system index and will encounter execution errors when run. Avoid using indices populated from value lists for indicator match rules ({kibana-pull}133457[#133457]). +* The `matches` operator in the *Add Rule Exception* flyout does not work because wildcard matches are not supported for rule exceptions. Using the `matches` operator will cause rule exceptions and their associated rules to fail. You can restore failed rules by deleting unsupported exceptions and refreshing the rules ({kibana-issue}136340[#136340]). * A new Lucene 9 validation change may cause event correlation (EQL) rule errors whenever rule queries contain regular expressions using wildcard fields and predefined character classes (for example, `\w`, `\s`, `\d`). [discrete] [[deprecations-8.2.0]] ==== Deprecations -The following endpoints are deprecated ({kib-pull}129448[#129448]) and will be removed in a future release. They will remain active for at least the next 18 months: +The following endpoints are deprecated ({kibana-pull}129448[#129448]) and will be removed in a future release. They will remain active for at least the next 18 months: * <> * <> @@ -79,46 +79,46 @@ There are no breaking changes in 8.2.0. [discrete] [[features-8.2.0]] ==== Features -* Enables rule previews for indicator match rules ({kib-pull}126651[#126651]). -* Displays the alerts table when previewing a rule ({kib-pull}127986[#127986]). -* Introduces a new beta feature, <>. Session view contextualizes and provides insight into Linux process data ({kib-pull}127828[#127828], {kib-pull}126997[#126997], {kib-pull}127520[#127520], {kib-pull}124575[#124575]). -* Creates a <> page under *Explore* to help you better understand authentication and usage information ({kib-pull}127617[#127617], {kib-pull}127953[#127953], {kib-pull}126434[#126434], {kib-pull}126079[#126079], {kib-pull}128375[#128375], {kib-pull}130030[#130030]). -* Creates a User details flyout ({kib-pull}127019[#127019]). -* Creates a <> that enables you to prevent applications from running on hosts ({kib-pull}127098[#127098], {kib-pull}127031[#127031], {kib-pull}126390[#126390]). -* Creates a *Policies* page, which lists all of the integration policies configured for {endpoint-sec}. Use the page to quickly view and manage your {endpoint-sec} integration policies ({kib-pull}123760[#123760]). -* Enables you to bulk-apply Timeline templates to rules ({kib-pull}128691[#128691]). -* Enables users to filter the rules management table by index pattern or MITRE ATT&CK tactic or technique (name or ID) ({kib-pull}128245[#128245]). -* Allows you to run Osquery searches from the **Take action** button on the Alert details flyout (**Alerts** and **Timelines** pages) ({kib-pull}128142[#128142]). -* Adds a list of linked cases to the alert details flyout ({kib-pull}128033[#128033]). -* Expands the actions you can take on visualizations throughout {elastic-sec} to *Inspect*, *Open in Lens*, *Add to new case*, and *Add to existing case* ({kib-pull}126507[#126507]). -* Adds rule execution logs to the rule details page to consolidate information about a rule's execution history ({kib-pull}126215[#126215]). -* Enables wildcard entries for `file.path.text` fields within event filters with the *matches* operator ({kib-pull}125202[#125202]). +* Enables rule previews for indicator match rules ({kibana-pull}126651[#126651]). +* Displays the alerts table when previewing a rule ({kibana-pull}127986[#127986]). +* Introduces a new beta feature, <>. Session view contextualizes and provides insight into Linux process data ({kibana-pull}127828[#127828], {kibana-pull}126997[#126997], {kibana-pull}127520[#127520], {kibana-pull}124575[#124575]). +* Creates a <> page under *Explore* to help you better understand authentication and usage information ({kibana-pull}127617[#127617], {kibana-pull}127953[#127953], {kibana-pull}126434[#126434], {kibana-pull}126079[#126079], {kibana-pull}128375[#128375], {kibana-pull}130030[#130030]). +* Creates a User details flyout ({kibana-pull}127019[#127019]). +* Creates a <> that enables you to prevent applications from running on hosts ({kibana-pull}127098[#127098], {kibana-pull}127031[#127031], {kibana-pull}126390[#126390]). +* Creates a *Policies* page, which lists all of the integration policies configured for {endpoint-sec}. Use the page to quickly view and manage your {endpoint-sec} integration policies ({kibana-pull}123760[#123760]). +* Enables you to bulk-apply Timeline templates to rules ({kibana-pull}128691[#128691]). +* Enables users to filter the rules management table by index pattern or MITRE ATT&CK tactic or technique (name or ID) ({kibana-pull}128245[#128245]). +* Allows you to run Osquery searches from the **Take action** button on the Alert details flyout (**Alerts** and **Timelines** pages) ({kibana-pull}128142[#128142]). +* Adds a list of linked cases to the alert details flyout ({kibana-pull}128033[#128033]). +* Expands the actions you can take on visualizations throughout {elastic-sec} to *Inspect*, *Open in Lens*, *Add to new case*, and *Add to existing case* ({kibana-pull}126507[#126507]). +* Adds rule execution logs to the rule details page to consolidate information about a rule's execution history ({kibana-pull}126215[#126215]). +* Enables wildcard entries for `file.path.text` fields within event filters with the *matches* operator ({kibana-pull}125202[#125202]). [discrete] [[bug-fixes-8.2.0]] ==== Bug fixes and enhancements * Performance enhancements for indicator match rules: -** Adds point in time (PIT) search ({kib-pull}128433[#128433]). -** Adds events-first (reverse) search ({kib-pull}127428[#127428]). -** Includes filters from indicator match rule mappings to reduce the search load when rules run ({kib-pull}127411[#127411]). -* Fixes a bug that affected the accuracy of rule preview results ({kib-pull}128003[#128003]). -* Adds event log telemetry for detection rules ({kib-pull}128216[#128216]). -* Adds support for Osquery pack integration assets ({kib-pull}128109[#128109]). -* Fixes minor Osquery issues on alerts ({kib-pull}128676[#128676]). -* Allows users to reduce resource usage by collapsing KPIs and table queries running on the *Hosts* and *Network* pages ({kib-pull}127930[#127930]). -* Adds the *Alert prevalence* column to the Highlighted fields table ({kib-pull}127599[#127599]). -* Introduces a new landing page that provides guidance for adding data ({kib-pull}127324[#127324]). -* Redesigns the *Fields* browser ({kib-pull}126105[#126105]). -* Allows runtime fields to be managed from the *Fields* browser ({kib-pull}127037[#127037]). -* Adds the *Blocklist enabled* toggle to Malware protection settings ({kib-pull}127031[#127031]). -* Updates MITRE ATT&CK mappings for detection rules to v10.1 ({kib-pull}126288[#126288]). -* Adds an Advanced Settings toggle to turn off `read` privilege warnings for detection rules using a remote cross-cluster search (CCS) index pattern ({kib-pull}124459[#124459]). -* Adds four new Timeline templates that are focused on key event categories to provide relevant alert data and assist with investigation and resolution efforts ({kib-pull}125172[#125172]). -* Excludes malware and ransomware alerts from detection rule telemetry ({kib-pull}130233[#130233]). -* Fixes alert and external alert filters on the *Hosts* page and *Users* page ({kib-pull}129451[#129451]). -* Passes threshold alert filters to the Timeline ({kib-pull}129405[#129405]). -* Displays a confirmation message when a user creates the first event filter ({kib-pull}128810[#128810]). -* Fixes a bug that ignored exceptions when loading the threshold alert count in a Timeline ({kib-pull}128495[#128495]). -* Adds a fallback mechanism to EQL rules so that rules fall back to `@timestamp` if `timestamp_override` doesn't exist ({kib-pull}127989[#127989]). -* Fixes a bug that stopped EQL rules from using a `max_signals` value greater than 100 ({kib-pull}127839[#127839]). -* Updates EQL rules to use the EQL method of the {es} client ({kib-pull}127684[#127684]). +** Adds point in time (PIT) search ({kibana-pull}128433[#128433]). +** Adds events-first (reverse) search ({kibana-pull}127428[#127428]). +** Includes filters from indicator match rule mappings to reduce the search load when rules run ({kibana-pull}127411[#127411]). +* Fixes a bug that affected the accuracy of rule preview results ({kibana-pull}128003[#128003]). +* Adds event log telemetry for detection rules ({kibana-pull}128216[#128216]). +* Adds support for Osquery pack integration assets ({kibana-pull}128109[#128109]). +* Fixes minor Osquery issues on alerts ({kibana-pull}128676[#128676]). +* Allows users to reduce resource usage by collapsing KPIs and table queries running on the *Hosts* and *Network* pages ({kibana-pull}127930[#127930]). +* Adds the *Alert prevalence* column to the Highlighted fields table ({kibana-pull}127599[#127599]). +* Introduces a new landing page that provides guidance for adding data ({kibana-pull}127324[#127324]). +* Redesigns the *Fields* browser ({kibana-pull}126105[#126105]). +* Allows runtime fields to be managed from the *Fields* browser ({kibana-pull}127037[#127037]). +* Adds the *Blocklist enabled* toggle to Malware protection settings ({kibana-pull}127031[#127031]). +* Updates MITRE ATT&CK mappings for detection rules to v10.1 ({kibana-pull}126288[#126288]). +* Adds an Advanced Settings toggle to turn off `read` privilege warnings for detection rules using a remote cross-cluster search (CCS) index pattern ({kibana-pull}124459[#124459]). +* Adds four new Timeline templates that are focused on key event categories to provide relevant alert data and assist with investigation and resolution efforts ({kibana-pull}125172[#125172]). +* Excludes malware and ransomware alerts from detection rule telemetry ({kibana-pull}130233[#130233]). +* Fixes alert and external alert filters on the *Hosts* page and *Users* page ({kibana-pull}129451[#129451]). +* Passes threshold alert filters to the Timeline ({kibana-pull}129405[#129405]). +* Displays a confirmation message when a user creates the first event filter ({kibana-pull}128810[#128810]). +* Fixes a bug that ignored exceptions when loading the threshold alert count in a Timeline ({kibana-pull}128495[#128495]). +* Adds a fallback mechanism to EQL rules so that rules fall back to `@timestamp` if `timestamp_override` doesn't exist ({kibana-pull}127989[#127989]). +* Fixes a bug that stopped EQL rules from using a `max_signals` value greater than 100 ({kibana-pull}127839[#127839]). +* Updates EQL rules to use the EQL method of the {es} client ({kibana-pull}127684[#127684]). diff --git a/docs/release-notes/8.3.asciidoc b/docs/release-notes/8.3.asciidoc index 910271974a..8b3cd82d9d 100644 --- a/docs/release-notes/8.3.asciidoc +++ b/docs/release-notes/8.3.asciidoc @@ -14,9 +14,9 @@ [discrete] [[bug-fixes-8.3.3]] ==== Bug fixes and enhancements -* Fixes a bug that prevented the *Create field* button from appearing in the Fields browser when you accessed it from a Timeline created using the Alerts page's *Open in timeline* button ({kib-pull}135842[#135842]). -* Removes the unsupported `matches` operator from the *Add Rule Exception* flyout ({kib-pull}136340[#136340]). -* Prevents rule execution log events from being wrongly ordered when the maximum number of events are reached and events are filtered by status ({kib-pull}131675[#131675]). +* Fixes a bug that prevented the *Create field* button from appearing in the Fields browser when you accessed it from a Timeline created using the Alerts page's *Open in timeline* button ({kibana-pull}135842[#135842]). +* Removes the unsupported `matches` operator from the *Add Rule Exception* flyout ({kibana-pull}136340[#136340]). +* Prevents rule execution log events from being wrongly ordered when the maximum number of events are reached and events are filtered by status ({kibana-pull}131675[#131675]). [discrete] [[release-notes-8.3.2]] @@ -25,14 +25,14 @@ [discrete] [[known-issue-8.3.2]] ==== Known issue -* The `matches` operator in the *Add Rule Exception* flyout does not work because wildcard matches are not supported for rule exceptions. Using the `matches` operator will cause rule exceptions and their associated rules to fail. You can restore failed rules by deleting unsupported exceptions and refreshing the rules ({kib-issue}136340[#136340]). +* The `matches` operator in the *Add Rule Exception* flyout does not work because wildcard matches are not supported for rule exceptions. Using the `matches` operator will cause rule exceptions and their associated rules to fail. You can restore failed rules by deleting unsupported exceptions and refreshing the rules ({kibana-issue}136340[#136340]). * A new Lucene 9 validation change may cause event correlation (EQL) rule errors whenever rule queries contain regular expressions using wildcard fields and predefined character classes (for example, `\w`, `\s`, `\d`). [discrete] [[bug-fixes-8.3.2]] ==== Bug fixes and enhancements -* Allows indices created from value lists to be used with indicator match rules ({kib-pull}135128[#135128]). -* Fixes an issue where detection rules that were created or edited in 8.2.x failed to execute after you upgraded to {stack} 8.3.0 or 8.3.1 ({kib-pull}135663[#135663]). +* Allows indices created from value lists to be used with indicator match rules ({kibana-pull}135128[#135128]). +* Fixes an issue where detection rules that were created or edited in 8.2.x failed to execute after you upgraded to {stack} 8.3.0 or 8.3.1 ({kibana-pull}135663[#135663]). ==== @@ -99,7 +99,7 @@ On the next scheduled rule execution, the *Last Response* value for the rule wil *The `matches` operator is not supported for rule exceptions* -The `matches` operator in the *Add Rule Exception* flyout does not work because wildcard matches are not supported for rule exceptions. Using the `matches` operator will cause rule exceptions and their associated rules to fail. You can restore failed rules by deleting the unsupported exceptions and refreshing the rules ({kib-issue}136340[#136340]). +The `matches` operator in the *Add Rule Exception* flyout does not work because wildcard matches are not supported for rule exceptions. Using the `matches` operator will cause rule exceptions and their associated rules to fail. You can restore failed rules by deleting the unsupported exceptions and refreshing the rules ({kibana-issue}136340[#136340]). *Lucene 9 validation change might affect event correlation rules* @@ -108,7 +108,7 @@ A new Lucene 9 validation change may cause event correlation rule (EQL) errors w [discrete] [[bug-fixes-8.3.1]] ==== Bug fixes and enhancements -* Fixes a bug that prevented the Cases widget in the Detection & Response dashboard from updating ({kib-pull}135128[#135128]). +* Fixes a bug that prevented the Cases widget in the Detection & Response dashboard from updating ({kibana-pull}135128[#135128]). [discrete] [[release-notes-8.3.0]] @@ -161,7 +161,7 @@ On the next scheduled rule execution, the *Last Response* value for the rule wil *The `matches` operator is not supported for rule exceptions* -The `matches` operator in the *Add Rule Exception* flyout does not work because wildcard matches are not supported for rule exceptions. Using the `matches` operator will cause rule exceptions and their associated rules to fail. You can restore failed rules by deleting the unsupported exceptions and refreshing the rules ({kib-issue}136340[#136340]). +The `matches` operator in the *Add Rule Exception* flyout does not work because wildcard matches are not supported for rule exceptions. Using the `matches` operator will cause rule exceptions and their associated rules to fail. You can restore failed rules by deleting the unsupported exceptions and refreshing the rules ({kibana-issue}136340[#136340]). *Lucene 9 validation change might affect event correlation rules* @@ -171,35 +171,35 @@ A new Lucene 9 validation change may cause event correlation rule (EQL) errors w [[breaking-changes-8.3.0]] ==== Breaking changes -* Updates Elastic prebuilt {ml} detection rules for some Windows and Linux anomalies with new `v3` {ml} jobs. A confirmation modal is displayed when updating rules if `v1`/`v2` jobs are installed. If you're using 8.2 or earlier versions of {beats} or {agent}, you may need to duplicate prebuilt rules or create new custom rules _before_ you update the prebuilt rules. Once you update the prebuilt rules, they will only use `v3` {ml} jobs. Refer to {security-guide}/alerts-ui-monitor.html#ml-job-compatibility[Troubleshoot missing alerts for machine learning jobs] for more information ({kib-pull}128334[#128334]). +* Updates Elastic prebuilt {ml} detection rules for some Windows and Linux anomalies with new `v3` {ml} jobs. A confirmation modal is displayed when updating rules if `v1`/`v2` jobs are installed. If you're using 8.2 or earlier versions of {beats} or {agent}, you may need to duplicate prebuilt rules or create new custom rules _before_ you update the prebuilt rules. Once you update the prebuilt rules, they will only use `v3` {ml} jobs. Refer to {security-guide}/alerts-ui-monitor.html#ml-job-compatibility[Troubleshoot missing alerts for machine learning jobs] for more information ({kibana-pull}128334[#128334]). [discrete] [[features-8.3.0]] ==== Features -* Renames Endpoint Security integration to "{endpoint-cloud-sec}" ({kib-pull}132752[#132752]). -* Adds a new {security-guide}/detection-response-dashboard.html[Detection & Response dashboard], which provides focused visibility into the day-to-day operations of your security environment ({kib-pull}130670[#130670], {kib-pull}128335[#128335], {kib-pull}129021[#129021], {kib-pull}128087[#128087], {kib-pull}131828[#131828], {kib-pull}131029[#131029]). -* Introduces a new optional design for the main navigation menu ({kib-pull}132210[#132210], {kib-pull}131437[#131437], {kib-pull}133719[#133719]). -* Adds a *User risk* tab to the User details flyout ({kib-pull}130256[#130256]). -* Adds an *Authentications* tab to the User details flyout ({kib-pull}129456[#129456]). -* Adds the ability to investigate Osquery results in Timeline ({kib-pull}128596[#128596]). -* Allows multiple alerts to be added to a case ({kib-pull}130958[#130958]). -* Adds the option to delete case comments from a case ({kib-pull}130254[#130254]). -* Provides an option to select a severity level for a case ({kib-pull}131626[#131626]). -* Adds the experimental *Alerts* tab to cases, which allows users to inspect attached alerts ({kib-pull}131883[#131883]). -* Adds the *Average time to close* metric to the Cases page ({kib-pull}131909[#131909]). -* Adds new fields to prebuilt detection rules' schemas: `related_integrations`, `required_fields`, and `setup` ({kib-pull}132409[#132409]). -* Adds the *Related integrations*, *Required fields*, and *Setup guide* sections to the rule details page to help users identify and meet a rule's prerequisites. Also adds the related integrations badge to the Rules table ({kib-pull}131475[#131475]). Content for these new sections is delivered in a prebuilt rules update, independent of {stack} release versioning. +* Renames Endpoint Security integration to "{endpoint-cloud-sec}" ({kibana-pull}132752[#132752]). +* Adds a new {security-guide}/detection-response-dashboard.html[Detection & Response dashboard], which provides focused visibility into the day-to-day operations of your security environment ({kibana-pull}130670[#130670], {kibana-pull}128335[#128335], {kibana-pull}129021[#129021], {kibana-pull}128087[#128087], {kibana-pull}131828[#131828], {kibana-pull}131029[#131029]). +* Introduces a new optional design for the main navigation menu ({kibana-pull}132210[#132210], {kibana-pull}131437[#131437], {kibana-pull}133719[#133719]). +* Adds a *User risk* tab to the User details flyout ({kibana-pull}130256[#130256]). +* Adds an *Authentications* tab to the User details flyout ({kibana-pull}129456[#129456]). +* Adds the ability to investigate Osquery results in Timeline ({kibana-pull}128596[#128596]). +* Allows multiple alerts to be added to a case ({kibana-pull}130958[#130958]). +* Adds the option to delete case comments from a case ({kibana-pull}130254[#130254]). +* Provides an option to select a severity level for a case ({kibana-pull}131626[#131626]). +* Adds the experimental *Alerts* tab to cases, which allows users to inspect attached alerts ({kibana-pull}131883[#131883]). +* Adds the *Average time to close* metric to the Cases page ({kibana-pull}131909[#131909]). +* Adds new fields to prebuilt detection rules' schemas: `related_integrations`, `required_fields`, and `setup` ({kibana-pull}132409[#132409]). +* Adds the *Related integrations*, *Required fields*, and *Setup guide* sections to the rule details page to help users identify and meet a rule's prerequisites. Also adds the related integrations badge to the Rules table ({kibana-pull}131475[#131475]). Content for these new sections is delivered in a prebuilt rules update, independent of {stack} release versioning. [discrete] [[bug-fixes-8.3.0]] ==== Bug fixes and enhancements -* Separates array values with commas in the Alerts table ({kib-pull}133297[#133297]). -* Exposes the EQL search settings `event_category_field`, `tiebreaker_field`, and `timestamp_field` through the rules API and UI for event correlation rules ({kib-pull}132247[#132247]). -* Adds the *Session ID* field to the *Highlighted fields* section of the Alert details flyout ({kib-pull}132219[#132219]). -* Adds Dashboards and Threat Hunting Landing pages ({kib-pull}130905[#130905]). -* Allows highlighted fields to be investigated in Timeline ({kib-pull}131255[#131255]). -* Adds the *Run Osquery* option to the *More actions* menu (*...*) in the Alerts table ({kib-pull}131790[#131790]). -* Improves the performance of these actions on the bulk rule actions endpoint ({kib-pull}130924[#130924]). +* Separates array values with commas in the Alerts table ({kibana-pull}133297[#133297]). +* Exposes the EQL search settings `event_category_field`, `tiebreaker_field`, and `timestamp_field` through the rules API and UI for event correlation rules ({kibana-pull}132247[#132247]). +* Adds the *Session ID* field to the *Highlighted fields* section of the Alert details flyout ({kibana-pull}132219[#132219]). +* Adds Dashboards and Threat Hunting Landing pages ({kibana-pull}130905[#130905]). +* Allows highlighted fields to be investigated in Timeline ({kibana-pull}131255[#131255]). +* Adds the *Run Osquery* option to the *More actions* menu (*...*) in the Alerts table ({kibana-pull}131790[#131790]). +* Improves the performance of these actions on the bulk rule actions endpoint ({kibana-pull}130924[#130924]). ** `add_tags` ** `delete_tags` ** `set_tags` @@ -207,25 +207,25 @@ A new Lucene 9 validation change may cause event correlation rule (EQL) errors w ** `delete_index_patterns` ** `set_index_patterns` ** `set_timeline` -* Fixes a bug that caused the rule details page to crash when users opened a deleted or non-existent rule ({kib-pull}133867[#133867]). -* Allows threshold alerts to be investigated in Timeline if filters are not provided ({kib-pull}133733[#133733]). -* Prevents events from being added to cases from Timeline ({kib-pull}133410[#133410]). -* Fixes a bug that prevented the Users and Hosts pages from resetting after being sorted ({kib-pull}133111[#133111]). -* Removes the filter and investigate in Timeline options from the {agent} status in highlighted fields ({kib-pull}132829[#132829], {kib-pull}132586[#132586]). -* Improves the copy of Timeline tooltips ({kib-pull}132756[#132756]). -* Fixes a validation bug that occurred when users were building a rule exception and changed the exception statement’s operator ({kib-pull}131989[#131989]). -* Adds a checkmark to the pagination selection on the *Exceptions lists* page ({kib-pull}131979[#131979]). -* Re-adds the success message that displays when users export an exceptions list ({kib-pull}131952[#131952]). -* Updates import toast logic to accurately report the total number of failures ({kib-pull}131873[#131873]). -* Ensures an error is not generated when the `agent.version` provided by an alert is in an unexpected format ({kib-pull}131272[#131272]). -* Improves error checks for threshold rules ({kib-pull}131088[#131088]). -* Expands support for migrating legacy rule actions ({kib-pull}130511[#130511]). -* Fixes a bug that caused the *Add Rule Exception* flyout to unexpectedly close when users create the first exception for the rule from an alert ({kib-pull}130187[#130187]). -* Corrects Rule name sorting so detection rules are ordered alphabetically, regardless of their casing ({kib-pull}130105[#130105]). -* Improves the *Reporter* column in the Cases table ({kib-pull}132200[#132200]). -* Adds the option to create a new case to the Select case pane ({kib-pull}128882[#128882]). -* Allows {kibana-ref}/pre-configured-connectors.html[preconfigured connectors] to be used with cases ({kib-pull}130372[#130372]). -* Inserts the deprecated icon next to deprecated preconfigured connectors ({kib-pull}132237[#132237]). -* Updates the Case table so that all tags assigned to the case are displayed when users go to the case and hover over the *Tags* column ({kib-pull}132023[#132023]). -* Adds Oauth support to the {sn} ITSM, SecOps, and ITOM connectors ({kib-pull}131248[#131248]). -* Adds a setting to specify a list of allowed email domains, which can be used with the email connector ({kib-pull}129001[#129001]). +* Fixes a bug that caused the rule details page to crash when users opened a deleted or non-existent rule ({kibana-pull}133867[#133867]). +* Allows threshold alerts to be investigated in Timeline if filters are not provided ({kibana-pull}133733[#133733]). +* Prevents events from being added to cases from Timeline ({kibana-pull}133410[#133410]). +* Fixes a bug that prevented the Users and Hosts pages from resetting after being sorted ({kibana-pull}133111[#133111]). +* Removes the filter and investigate in Timeline options from the {agent} status in highlighted fields ({kibana-pull}132829[#132829], {kibana-pull}132586[#132586]). +* Improves the copy of Timeline tooltips ({kibana-pull}132756[#132756]). +* Fixes a validation bug that occurred when users were building a rule exception and changed the exception statement’s operator ({kibana-pull}131989[#131989]). +* Adds a checkmark to the pagination selection on the *Exceptions lists* page ({kibana-pull}131979[#131979]). +* Re-adds the success message that displays when users export an exceptions list ({kibana-pull}131952[#131952]). +* Updates import toast logic to accurately report the total number of failures ({kibana-pull}131873[#131873]). +* Ensures an error is not generated when the `agent.version` provided by an alert is in an unexpected format ({kibana-pull}131272[#131272]). +* Improves error checks for threshold rules ({kibana-pull}131088[#131088]). +* Expands support for migrating legacy rule actions ({kibana-pull}130511[#130511]). +* Fixes a bug that caused the *Add Rule Exception* flyout to unexpectedly close when users create the first exception for the rule from an alert ({kibana-pull}130187[#130187]). +* Corrects Rule name sorting so detection rules are ordered alphabetically, regardless of their casing ({kibana-pull}130105[#130105]). +* Improves the *Reporter* column in the Cases table ({kibana-pull}132200[#132200]). +* Adds the option to create a new case to the Select case pane ({kibana-pull}128882[#128882]). +* Allows {kibana-ref}/pre-configured-connectors.html[preconfigured connectors] to be used with cases ({kibana-pull}130372[#130372]). +* Inserts the deprecated icon next to deprecated preconfigured connectors ({kibana-pull}132237[#132237]). +* Updates the Case table so that all tags assigned to the case are displayed when users go to the case and hover over the *Tags* column ({kibana-pull}132023[#132023]). +* Adds Oauth support to the {sn} ITSM, SecOps, and ITOM connectors ({kibana-pull}131248[#131248]). +* Adds a setting to specify a list of allowed email domains, which can be used with the email connector ({kibana-pull}129001[#129001]). diff --git a/docs/release-notes/8.4.asciidoc b/docs/release-notes/8.4.asciidoc index 01a48f8595..7228c4d1c6 100644 --- a/docs/release-notes/8.4.asciidoc +++ b/docs/release-notes/8.4.asciidoc @@ -8,8 +8,8 @@ [discrete] [[bug-fixes-8.4.3]] ==== Bug fixes and enhancements -* Aligns the delete icon in the Add Rule Exception flyout ({kib-pull}141365[#141365]). -* Aligns the warning message title on the Rule details page with the warning icon ({kib-pull}140719[#140719]). +* Aligns the delete icon in the Add Rule Exception flyout ({kibana-pull}141365[#141365]). +* Aligns the warning message title on the Rule details page with the warning icon ({kibana-pull}140719[#140719]). * Fixes a bug that sometimes caused {elastic-endpoint} to stop running on Windows endpoints (https://github.com/elastic/endpoint/issues/29[#29]). [discrete] @@ -58,11 +58,11 @@ NOTE: Uninstalling the {endpoint-cloud-sec} integration may temporarily cause {a [discrete] [[bug-fixes-8.4.2]] ==== Bug fixes and enhancements -* Removes access to the **Notes** and **Pinned** tabs in Timeline templates ({kib-pull}140478[#140478]). -* Fixes a bug with the **Attach to existing case** option in Timeline ({kib-pull}139929[#139929]). -* Fixes bugs in the Rules table that affected the selected rule count and bulk select feature ({kib-pull}139461[#139461]). -* Fixes a bug that caused the Rules page to incorrectly notify users that a prebuilt rules update was available, even after rules were fully updated ({kib-pull}139287[#139287]). -* Fixes a bug that prevented users from accessing alert details if they didn't have the appropriate privileges to view the internal index `.internal.alerts-security.alerts-`. Now, the Alert details flyout correctly uses the public alias index `.alerts-security.alerts-` ({kib-pull}138331[#138331]). +* Removes access to the **Notes** and **Pinned** tabs in Timeline templates ({kibana-pull}140478[#140478]). +* Fixes a bug with the **Attach to existing case** option in Timeline ({kibana-pull}139929[#139929]). +* Fixes bugs in the Rules table that affected the selected rule count and bulk select feature ({kibana-pull}139461[#139461]). +* Fixes a bug that caused the Rules page to incorrectly notify users that a prebuilt rules update was available, even after rules were fully updated ({kibana-pull}139287[#139287]). +* Fixes a bug that prevented users from accessing alert details if they didn't have the appropriate privileges to view the internal index `.internal.alerts-security.alerts-`. Now, the Alert details flyout correctly uses the public alias index `.alerts-security.alerts-` ({kibana-pull}138331[#138331]). [discrete] [[release-notes-8.4.1]] @@ -110,7 +110,7 @@ NOTE: Uninstalling the {endpoint-cloud-sec} integration may temporarily cause {a [discrete] [[bug-fixes-8.4.1]] ==== Bug fixes and enhancements -* Fixes a bug that caused the Rules page to incorrectly notify users that a prebuilt rules update was available, even after rules were fully updated ({kib-pull}139287[#139287]). +* Fixes a bug that caused the Rules page to incorrectly notify users that a prebuilt rules update was available, even after rules were fully updated ({kibana-pull}139287[#139287]). [discrete] [[release-notes-8.4.0]] @@ -119,9 +119,9 @@ NOTE: Uninstalling the {endpoint-cloud-sec} integration may temporarily cause {a [discrete] [[known-issue-8.4.0]] ==== Known issues -* If additional look-back time is set for the advanced query rule preview, alerts from source documents that are outside the preview time frame may not appear in the preview ({kib-pull}137422[#137422]). +* If additional look-back time is set for the advanced query rule preview, alerts from source documents that are outside the preview time frame may not appear in the preview ({kibana-pull}137422[#137422]). * A new Lucene 9 validation change may cause event correlation (EQL) rule errors whenever rule queries contain regular expressions using wildcard fields and predefined character classes (for example, `\w`, `\s`, `\d`). -* The Rules page incorrectly displays a notification that an update for prebuilt rules is available even if the rules have been fully updated. Currently, there is no way to remove or hide the notification ({kib-pull}139095[#139095]). +* The Rules page incorrectly displays a notification that an update for prebuilt rules is available even if the rules have been fully updated. Currently, there is no way to remove or hide the notification ({kibana-pull}139095[#139095]). * In some situations, {elastic-endpoint} might change to a non-running state on Windows endpoints and fail to restart. {agent} will appear `Unhealthy` when this happens (https://github.com/elastic/endpoint/issues/29[#29]). + To determine whether {elastic-endpoint} has stopped running because of this issue, run the following PowerShell command as an administrator: @@ -166,59 +166,59 @@ There are no breaking changes in 8.4.0. [discrete] [[features-8.4.0]] ==== Features -* Creates a new rule type, New Terms, that creates an alert when a value appears for the first time in a particular field ({kib-pull}134526[#134526]). -* Adds the Insights section to the Alert details flyout to show related cases and alerts ({kib-pull}136009[#136009], {kib-pull}138419[#138419]) -* Shows process alerts in the event process analyzer ({kib-pull}135340[#135340]). -* Adds support for wildcard exceptions for detection rules. New operators are `matches` and `does not match` ({kib-pull}136147[#136147]). -* Adds a new search query parameter, `dry_run`, to the bulk actions API that allows you to simulate a bulk action without permanently updating rules ({kib-pull}134664[#134664]). -* Creates the response console, an interface that enables you to take actions on specific hosts ({kib-pull}135360[#135360], {kib-pull}134520[#134520]). -* Includes integration policy errors and statuses in {fleet} and {elastic-sec} to help troubleshoot when an {agent} has an `Unhealthy` status ({kib-pull}136241[#136241], {kib-pull}136038[#136038]). +* Creates a new rule type, New Terms, that creates an alert when a value appears for the first time in a particular field ({kibana-pull}134526[#134526]). +* Adds the Insights section to the Alert details flyout to show related cases and alerts ({kibana-pull}136009[#136009], {kibana-pull}138419[#138419]) +* Shows process alerts in the event process analyzer ({kibana-pull}135340[#135340]). +* Adds support for wildcard exceptions for detection rules. New operators are `matches` and `does not match` ({kibana-pull}136147[#136147]). +* Adds a new search query parameter, `dry_run`, to the bulk actions API that allows you to simulate a bulk action without permanently updating rules ({kibana-pull}134664[#134664]). +* Creates the response console, an interface that enables you to take actions on specific hosts ({kibana-pull}135360[#135360], {kibana-pull}134520[#134520]). +* Includes integration policy errors and statuses in {fleet} and {elastic-sec} to help troubleshoot when an {agent} has an `Unhealthy` status ({kibana-pull}136241[#136241], {kibana-pull}136038[#136038]). * Adds Attack surface reduction protections feature to reduce vulnerabilities on Windows endpoints. Credential hardening prevents attackers from stealing credentials stored in Windows system process memory. * Adds an endpoint self-healing feature to roll back file changes and processes on Windows endpoints when a prevention alert is generated by enabled protection features. -* Adds the ability to run query packs as live queries ({kib-pull}132198[#132198]). +* Adds the ability to run query packs as live queries ({kibana-pull}132198[#132198]). * Provides support for process, file, and network events in Kubernetes. You must enable the session view data setting on your {endpoint-cloud-sec} integration policy to enrich these events with session data and Kubernetes metadata fields. * Adds support for Amazon Elastic Kubernetes Service (EKS) to Kubernetes Security Posture Management (KSPM). -* Adds new fields to prebuilt detection rules' schemas: `related_integrations`, `required_fields`, and `setup` ({kib-pull}132409[#132409]). -* Adds the *Related integrations*, *Required fields*, and *Setup guide* sections to the rule details page to help users identify and meet a rule's prerequisites. Also adds the related integrations badge to the Rules table ({kib-pull}131475[#131475]). +* Adds new fields to prebuilt detection rules' schemas: `related_integrations`, `required_fields`, and `setup` ({kibana-pull}132409[#132409]). +* Adds the *Related integrations*, *Required fields*, and *Setup guide* sections to the rule details page to help users identify and meet a rule's prerequisites. Also adds the related integrations badge to the Rules table ({kibana-pull}131475[#131475]). [discrete] [[bug-fixes-8.4.0]] ==== Bug fixes and enhancements -* Updates the Network page's UI to match the Hosts and Users pages ({kib-pull}137541[#137541], {kib-pull}136913[#136913]). -* Improves the experience of bulk editing index patterns on rules by warning users early that machine learning rules can’t be edited ({kib-pull}134664[#134664]). -* Enhances rule previews with configurable rule intervals and look-back times ({kib-pull}137102[#137102]). -* Enhances the `status pending` badge for endpoint actions with a detailed status when you hover on it ({kib-pull}136966[#136966]). -* Turns grouped navigation on by default ({kib-pull}136819[#136819]). -* Improves the experience of bulk exporting rules by informing users early which rules can and cannot be exported ({kib-pull}136418[#136418]). -* Adds index pattern information to the Inspect panel ({kib-pull}136407[#136407]). -* Adds a custom dashboards table to the Dashboards page ({kib-pull}136221[#136221], {kib-pull}136671[#136671]). -* Fixes a performance issue with creating alerts from source documents that contain a large number of fields ({kib-pull}135956[#135956]). -* Updates the rule exceptions UI ({kib-pull}135255[#135255]). -* Fixes performance issues with rules management ({kib-pull}135311[#135311]). -* Allows you to disable `@timestamp` as a fallback timestamp field when you've defined a timestamp override ({kib-pull}135116[#135116]). -* Enhances the host risk score UI ({kib-pull}133708[#133708]). -* Updates the lists index template to use new logic ({kib-pull}133067[#133067]). -* Adds event filters to event correlation rules ({kib-pull}132507[#132507]). -* Allows you to define a data view as the rule's data source, making runtime fields available for rule configuration ({kib-pull}130929[#130929]). -* Creates a single visualization pane on the Alerts page, and adds a treemap visualization that shows the distribution of alerts as nested, proportionally-sized tiles ({kib-pull}126896[#126896]). -* Fixes an incorrect counter for exported rules ({kib-pull}138598[#138598]). -* Fixes event filters based on OS version ({kib-pull}138517[#138517]). -* Fixes a bug that could change the batch size for event search in indicator rules ({kib-pull}138356[#138356]). -* Fixes a bug that prevented users from accessing alert details if they didn't have the appropriate privileges to view the internal index `.internal.alerts-security.alerts-`. Now, the Alert details flyout correctly uses the public alias index `.alerts-security.alerts-` ({kib-pull}138331[#138331]). -* Fixes the preview button for {ml} rules ({kib-pull}137878[#137878]). -* Fixes a bug that could crash the Endpoints list when a policy ID was missing ({kib-pull}137788[#137788]). -* Fixes a bug that could interfere with opening host or user details pages ({kib-pull}137719[#137719]). -* Fixes several bugs related to refreshing the Alerts page ({kib-pull}137620[#137620]). -* Fixes a bug that prevented threshold rules' Timeline templates from being respected during investigations ({kib-pull}137233[#137233]). -* Fixes a permissions bug related to the **Save Timeline** button ({kib-pull}136724[#136724]). -* Fixes a bug with selecting Timeline templates with the same name ({kib-pull}135694[#135694]). -* Fixes field aliases to `signal-threshold_result.*` ({kib-pull}135565[#135565]). -* Fixes a bug that lost track of which rules you had selected after refreshing the Rules page ({kib-pull}135533[#135533]). -* Fixes a bug that lost track of which rules you had selected after applying a bulk action on the Rules page ({kib-pull}135291[#135291]). -* Fixes a bug that prevented the Rules table from pausing auto-refresh while bulk actions were being applied ({kib-pull}135208[135208]). -* Fixes a bug that could cause queries with nested fields to fail when opened ({kib-pull}134866[#134866]). -* Fixes a bug that slowed down the display of network details ({kib-pull}133539[#133539]). -* Various minor bug fixes and enhancements ({kib-pull}133079[#133079], {kib-pull}138135[#138135], {kib-pull}137588[#137588], {kib-pull}137511[#137511], {kib-pull}137492[#137492], {kib-pull}135907[#135907], {kib-pull}135426[#135426]). +* Updates the Network page's UI to match the Hosts and Users pages ({kibana-pull}137541[#137541], {kibana-pull}136913[#136913]). +* Improves the experience of bulk editing index patterns on rules by warning users early that machine learning rules can’t be edited ({kibana-pull}134664[#134664]). +* Enhances rule previews with configurable rule intervals and look-back times ({kibana-pull}137102[#137102]). +* Enhances the `status pending` badge for endpoint actions with a detailed status when you hover on it ({kibana-pull}136966[#136966]). +* Turns grouped navigation on by default ({kibana-pull}136819[#136819]). +* Improves the experience of bulk exporting rules by informing users early which rules can and cannot be exported ({kibana-pull}136418[#136418]). +* Adds index pattern information to the Inspect panel ({kibana-pull}136407[#136407]). +* Adds a custom dashboards table to the Dashboards page ({kibana-pull}136221[#136221], {kibana-pull}136671[#136671]). +* Fixes a performance issue with creating alerts from source documents that contain a large number of fields ({kibana-pull}135956[#135956]). +* Updates the rule exceptions UI ({kibana-pull}135255[#135255]). +* Fixes performance issues with rules management ({kibana-pull}135311[#135311]). +* Allows you to disable `@timestamp` as a fallback timestamp field when you've defined a timestamp override ({kibana-pull}135116[#135116]). +* Enhances the host risk score UI ({kibana-pull}133708[#133708]). +* Updates the lists index template to use new logic ({kibana-pull}133067[#133067]). +* Adds event filters to event correlation rules ({kibana-pull}132507[#132507]). +* Allows you to define a data view as the rule's data source, making runtime fields available for rule configuration ({kibana-pull}130929[#130929]). +* Creates a single visualization pane on the Alerts page, and adds a treemap visualization that shows the distribution of alerts as nested, proportionally-sized tiles ({kibana-pull}126896[#126896]). +* Fixes an incorrect counter for exported rules ({kibana-pull}138598[#138598]). +* Fixes event filters based on OS version ({kibana-pull}138517[#138517]). +* Fixes a bug that could change the batch size for event search in indicator rules ({kibana-pull}138356[#138356]). +* Fixes a bug that prevented users from accessing alert details if they didn't have the appropriate privileges to view the internal index `.internal.alerts-security.alerts-`. Now, the Alert details flyout correctly uses the public alias index `.alerts-security.alerts-` ({kibana-pull}138331[#138331]). +* Fixes the preview button for {ml} rules ({kibana-pull}137878[#137878]). +* Fixes a bug that could crash the Endpoints list when a policy ID was missing ({kibana-pull}137788[#137788]). +* Fixes a bug that could interfere with opening host or user details pages ({kibana-pull}137719[#137719]). +* Fixes several bugs related to refreshing the Alerts page ({kibana-pull}137620[#137620]). +* Fixes a bug that prevented threshold rules' Timeline templates from being respected during investigations ({kibana-pull}137233[#137233]). +* Fixes a permissions bug related to the **Save Timeline** button ({kibana-pull}136724[#136724]). +* Fixes a bug with selecting Timeline templates with the same name ({kibana-pull}135694[#135694]). +* Fixes field aliases to `signal-threshold_result.*` ({kibana-pull}135565[#135565]). +* Fixes a bug that lost track of which rules you had selected after refreshing the Rules page ({kibana-pull}135533[#135533]). +* Fixes a bug that lost track of which rules you had selected after applying a bulk action on the Rules page ({kibana-pull}135291[#135291]). +* Fixes a bug that prevented the Rules table from pausing auto-refresh while bulk actions were being applied ({kibana-pull}135208[135208]). +* Fixes a bug that could cause queries with nested fields to fail when opened ({kibana-pull}134866[#134866]). +* Fixes a bug that slowed down the display of network details ({kibana-pull}133539[#133539]). +* Various minor bug fixes and enhancements ({kibana-pull}133079[#133079], {kibana-pull}138135[#138135], {kibana-pull}137588[#137588], {kibana-pull}137511[#137511], {kibana-pull}137492[#137492], {kibana-pull}135907[#135907], {kibana-pull}135426[#135426]). * Fixes an {endpoint-cloud-sec} bug on macOS and Linux that could cause CPU spikes if malware protection is enabled on an {endpoint-cloud-sec} integration policy (https://github.com/elastic/endpoint/issues/22[#22]). * Fixes a bug that could cause {endpoint-cloud-sec} to crash when outputting log data to {ls}. * Allows {endpoint-cloud-sec} to be added to agents running on Ubuntu 22.04 and Debian 11. diff --git a/docs/release-notes/8.5.asciidoc b/docs/release-notes/8.5.asciidoc index 2355f915d9..a33ffc41a2 100644 --- a/docs/release-notes/8.5.asciidoc +++ b/docs/release-notes/8.5.asciidoc @@ -16,8 +16,8 @@ Upgrading to 8.6 or higher resolves this issue. If you’d prefer to stay on 8.5 [[bug-fixes-8.5.3]] ==== Bug fixes and enhancements * Fixes a bug that caused {elastic-endpoint} to crash when running on busy Linux systems, and when network event collection or malicious behavior protection was enabled. -* Fixes a bug that prevented Osquery packs from being ran outside of the default {kib} space ({kib-pull}146410[#146410]). -* Improves the "permissions required" message that appears on Cloud Posture pages for users without necessary permissions ({kib-pull}145794[#145794]). +* Fixes a bug that prevented Osquery packs from being ran outside of the default {kib} space ({kibana-pull}146410[#146410]). +* Improves the "permissions required" message that appears on Cloud Posture pages for users without necessary permissions ({kibana-pull}145794[#145794]). [discrete] [[release-notes-8.5.2]] @@ -50,13 +50,13 @@ Upgrading to 8.6 or higher resolves this issue. If you’d prefer to stay on 8.5 [[bug-fixes-8.5.1]] ==== Bug fixes and enhancements * Fixes a bug that caused {elastic-endpoint}s running on Linux systems with many CPUs to sometimes become unhealthy (https://github.com/elastic/endpoint/issues/34[#34]). -* Fixes a bug that caused incorrect alerts to display in Timeline when investigating alerts from the Detection & Response dashboard ({kib-pull}144319[#144319]). -* Updates the User authentication area chart so it can be opened in Lens ({kib-pull}144011[#144011]). -* Fixes the {jira} connector icon for users with a Basic license ({kib-pull}143916[#143916]). -* Updates the link in the machine learning rule type card to direct users towards the Elastic licensing page ({kib-pull}143836[#143836]). -* Turns off the option to edit machine learning rules if users don’t have the Machine Learning privilege in Kibana set to `All` ({kib-pull}143260[#143260]). -* Removes the ability to enable and disable machine learning rules from the UI for users without the Machine Learning privilege in Kibana set to `All` ({kib-pull}143252[#143252]). -* Fixes bug that caused the Indicators page to crash ({kib-pull}144348[#144348], {kib-pull}144651[#144651]). +* Fixes a bug that caused incorrect alerts to display in Timeline when investigating alerts from the Detection & Response dashboard ({kibana-pull}144319[#144319]). +* Updates the User authentication area chart so it can be opened in Lens ({kibana-pull}144011[#144011]). +* Fixes the {jira} connector icon for users with a Basic license ({kibana-pull}143916[#143916]). +* Updates the link in the machine learning rule type card to direct users towards the Elastic licensing page ({kibana-pull}143836[#143836]). +* Turns off the option to edit machine learning rules if users don’t have the Machine Learning privilege in Kibana set to `All` ({kibana-pull}143260[#143260]). +* Removes the ability to enable and disable machine learning rules from the UI for users without the Machine Learning privilege in Kibana set to `All` ({kibana-pull}143252[#143252]). +* Fixes bug that caused the Indicators page to crash ({kibana-pull}144348[#144348], {kibana-pull}144651[#144651]). [discrete] [[release-notes-8.5.0]] @@ -65,7 +65,7 @@ Upgrading to 8.6 or higher resolves this issue. If you’d prefer to stay on 8.5 [discrete] [[known-issue-8.5.0]] ==== Known issues -* Users might experience slightly longer installation and upgrade times for the user and host risk score features ({kib-pull}142434[#142434]). +* Users might experience slightly longer installation and upgrade times for the user and host risk score features ({kibana-pull}142434[#142434]). * Version 8.5.0 {elastic-endpoint}s running on Linux systems with many CPUs may become unhealthy. For a workaround refer to https://github.com/elastic/endpoint/issues/34[issue #34]. * The rule details page and **Edit rule settings** page load indefinitely if you edit a rule that has the `saved_id` property configured. All rule types, except for the custom query rule, are affected. + @@ -75,74 +75,74 @@ Upgrading to 8.6 or higher resolves this issue. If you’d prefer to stay on 8.5 [[breaking-changes-8.5.0]] ==== Breaking changes -* Host and user risk score features that were installed in 8.4 or earlier are not ECS-compatible and, therefore, cannot generate new risk scores in 8.5. Before upgrading, users can archive their existing risk indices if they want to keep their old host and user risk scores. Otherwise, new risk indices will be generated once users upgrade host and user risk score features ({kib-pull}140377[#140377]). +* Host and user risk score features that were installed in 8.4 or earlier are not ECS-compatible and, therefore, cannot generate new risk scores in 8.5. Before upgrading, users can archive their existing risk indices if they want to keep their old host and user risk scores. Otherwise, new risk indices will be generated once users upgrade host and user risk score features ({kibana-pull}140377[#140377]). [discrete] [[deprecations-8.5.0]] ==== Deprecations -* Deprecates the risk score index and displays the **Upgrade** button in host and user risk score cards on the Entity Analytics dashboard ({kib-pull}140143[#140143]). +* Deprecates the risk score index and displays the **Upgrade** button in host and user risk score cards on the Entity Analytics dashboard ({kibana-pull}140143[#140143]). [discrete] [[features-8.5.0]] ==== Features -* Endpoint response actions history can be filtered and searched ({kib-pull}134520[#134520], {kib-pull}140259[#140259], {kib-pull}138982[#138982], {kib-pull}140975[#140975]). -* Endpoint response actions history has a standalone page for all endpoints ({kib-pull}140306[#140306]). -* Introduces the Entity Analytics dashboard, which showcases host and user risk scores and anomalies. Also adds host and user risk data to the user and host detail pages. These features require a Platinum license or higher. ({kib-pull}137688[#137688], {kib-pull}140270[#140270], {kib-pull}139462[#139462]). -* Updates the *Anomalies* tab to display the same quantity of anomalies when navigating from the Entity Analytics dashboard ({kib-pull}139910[#139910]). -* Enriches alerts with host and user risk scores ({kib-pull}139478[#139478]). -* Enables the Indicators page by default if users have an https://www.elastic.co/pricing[Enterprise subscription] and makes the functionality generally available ({kib-pull}141117[#141117]). -* Allows indicator data to be investigated in Timeline by including the *Add to Timeline* button throughout the Indicators table ({kib-pull}138836[#138836], {kib-pull}140496[#140496]). -* Removes the Host risk score card from the Overview dashboard ({kib-pull}140177[#140177]). -* Adds the option to bulk edit rule schedules to the bulk actions menu in the Rules table ({kib-pull}140166[#140166]). -* Adds the option to bulk edit rule actions to the bulk actions menu in the Rules table ({kib-pull}138900[#138900]). -* Adds an alert count card to the User, Host, and Network detail pages. The card shows alerts per rule and can be filtered by alert status ({kib-pull}140150[#140150]). -* Allows users to examine alerts associated with events and enables the Alerts related by process ancestry section by default if they have a https://www.elastic.co/pricing[Platinum or Enterprise subscription] ({kib-pull}140006[#140006]). -* Enables the Alerts related by session ID section by default. It appears in the Alert details flyout if users have a https://www.elastic.co/pricing[Platinum or Enterprise subscription] ({kib-pull}140006[#140006]). -* Renames the Elastic Endpoint and Cloud Security integration to the Elastic Defend integration ({kib-pull}139517[#139517]). -* Adds preconfigured use cases to the setup wizard for the {elastic-defend} integration (formerly known as Endpoint and Cloud Security), each with different default settings ({kib-pull}139230[#139230]). -* Updates the UI for the rule details page's *Exceptions* tab ({kib-pull}138770[#138770]). -* Enables the Osquery Response Action on custom query detection rules, and adds an *Osquery Results* tab to the Alert details flyout. Users can use the Osquery Response Action to immediately query hosts that generate alerts ({kib-pull}133279[#133279]). -* Enables rule exceptions to reference value lists, regardless of rule type. One caveat is that text type value lists still do not work for EQL and threshold rules ({kib-pull}133254[#133254]). -* Introduces the new alert renderer, which concisely displays a detailed summary of the `kibana.alert.reason` field. It appears in Timeline, throughout the Alerts page, and on the Alert details flyout ({kib-pull}140825[#140825]). +* Endpoint response actions history can be filtered and searched ({kibana-pull}134520[#134520], {kibana-pull}140259[#140259], {kibana-pull}138982[#138982], {kibana-pull}140975[#140975]). +* Endpoint response actions history has a standalone page for all endpoints ({kibana-pull}140306[#140306]). +* Introduces the Entity Analytics dashboard, which showcases host and user risk scores and anomalies. Also adds host and user risk data to the user and host detail pages. These features require a Platinum license or higher. ({kibana-pull}137688[#137688], {kibana-pull}140270[#140270], {kibana-pull}139462[#139462]). +* Updates the *Anomalies* tab to display the same quantity of anomalies when navigating from the Entity Analytics dashboard ({kibana-pull}139910[#139910]). +* Enriches alerts with host and user risk scores ({kibana-pull}139478[#139478]). +* Enables the Indicators page by default if users have an https://www.elastic.co/pricing[Enterprise subscription] and makes the functionality generally available ({kibana-pull}141117[#141117]). +* Allows indicator data to be investigated in Timeline by including the *Add to Timeline* button throughout the Indicators table ({kibana-pull}138836[#138836], {kibana-pull}140496[#140496]). +* Removes the Host risk score card from the Overview dashboard ({kibana-pull}140177[#140177]). +* Adds the option to bulk edit rule schedules to the bulk actions menu in the Rules table ({kibana-pull}140166[#140166]). +* Adds the option to bulk edit rule actions to the bulk actions menu in the Rules table ({kibana-pull}138900[#138900]). +* Adds an alert count card to the User, Host, and Network detail pages. The card shows alerts per rule and can be filtered by alert status ({kibana-pull}140150[#140150]). +* Allows users to examine alerts associated with events and enables the Alerts related by process ancestry section by default if they have a https://www.elastic.co/pricing[Platinum or Enterprise subscription] ({kibana-pull}140006[#140006]). +* Enables the Alerts related by session ID section by default. It appears in the Alert details flyout if users have a https://www.elastic.co/pricing[Platinum or Enterprise subscription] ({kibana-pull}140006[#140006]). +* Renames the Elastic Endpoint and Cloud Security integration to the Elastic Defend integration ({kibana-pull}139517[#139517]). +* Adds preconfigured use cases to the setup wizard for the {elastic-defend} integration (formerly known as Endpoint and Cloud Security), each with different default settings ({kibana-pull}139230[#139230]). +* Updates the UI for the rule details page's *Exceptions* tab ({kibana-pull}138770[#138770]). +* Enables the Osquery Response Action on custom query detection rules, and adds an *Osquery Results* tab to the Alert details flyout. Users can use the Osquery Response Action to immediately query hosts that generate alerts ({kibana-pull}133279[#133279]). +* Enables rule exceptions to reference value lists, regardless of rule type. One caveat is that text type value lists still do not work for EQL and threshold rules ({kibana-pull}133254[#133254]). +* Introduces the new alert renderer, which concisely displays a detailed summary of the `kibana.alert.reason` field. It appears in Timeline, throughout the Alerts page, and on the Alert details flyout ({kibana-pull}140825[#140825]). * Introduces the <> (KSPM) integration as GA. You can now use it to monitor the security posture of your self-managed and Amazon EKS clusters, in addition to unmanaged clusters. -* Adds a status filter to the Endpoints Response actions page ({kib-pull}139982[#139982]). -* Shows host names on the Endpoints Response actions page ({kib-pull}139379[#139379]). +* Adds a status filter to the Endpoints Response actions page ({kibana-pull}139982[#139982]). +* Shows host names on the Endpoints Response actions page ({kibana-pull}139379[#139379]). [discrete] [[bug-fixes-8.5.0]] ==== Bug fixes and enhancements -* Endpoint response actions console UI indicates if response action commands aren't supported by the installed version of {agent} ({kib-pull}138662[#138662]). +* Endpoint response actions console UI indicates if response action commands aren't supported by the installed version of {agent} ({kibana-pull}138662[#138662]). * Fixes a bug that sometimes caused event correlation rule (EQL) errors whenever rule queries contained regular expressions using wildcard fields and predefined character classes (for example, `\w`, `\s`, `\d`) (https://github.com/elastic/elasticsearch/pull/90064[#90064]). * Adds the `has_guide` tag to all prebuilt rules with investigation guides. Users can filter the Rules table by this tag to quickly find prebuilt rules with investigation guides (https://github.com/elastic/detection-rules/pull/2297[#2297]). -* Informs users when the event analyzer's current time range is too narrow to include event data ({kib-pull}140831[#140831]). -* Lets users inspect bar charts and data grids, as with other data visualizations ({kib-pull}140810[#140810]). -* Makes the Indicators table sortable by any column ({kib-pull}140582[#140582]). -* Provides the ability to add fields to Indicators table ({kib-pull}138882[#138882]). -* Updates the rule preview UI to be available at any step of creating or editing a detection rule. Rule previews are also now available for Elastic prebuilt rules, and include exceptions and field overrides ({kib-pull}140221[#140221]). -* Adds an overview tab to the Indicator details flyout ({kib-pull}140073[#140073]). -* Improves the UI for saved rule queries ({kib-pull}140064[#140064]). -* Computes `threat.indicator.name` on the {es} server instead of on the client ({kib-pull}139814[#139814]). -* Makes the state of tables throughout {elastic-sec} persist; for example, when users toggle between table view and grid view ({kib-pull}139696[#139696]). -* Lets users enable multiple filters using various plus `+` and minus `-` buttons. Previously, adding a new filter in this way could remove the existing filters ({kib-pull}139616[#139616]). -* Updates rule details page URLs to specify which tab to focus ({kib-pull}139592[#139592]). -* Simplifies the process of adding a rule exception ({kib-pull}138169[#138169]). -* Hides the process ancestry insights interface when data is unavailable ({kib-pull}141751[#141751]). -* Formats the Rules table's `Last Gap` column in a human readable way ({kib-pull}141363[#141363]). -* Introduces fuzzy search for user names in the Actions Log ({kib-pull}141239[#141239]). -* Improves the layout for the *Add Field* menu ({kib-pull}141084[#141084]). -* Restores users' ability to create exceptions with leading or trailing white space ({kib-pull}139617[#139617]). -* Fixes two minor bugs with the *Overwrite existing rules* option for rule import ({kib-pull}138758[#138758], {kib-pull}139470[#139470]). -* Fixes a bug that made the `binary` field type appear usable in Exception entries despite not being supported ({kib-pull}139370[#139370]). -* Fixes a bug that prevented a toast message from appearing after users export a rule from the rule details page ({kib-pull}139209[#139209]). -* Fixes sorting and pagination bugs on the *Import value lists* menu ({kib-pull}138381[#138381]). -* Mimics native link behavior for single-page application links ({kib-pull}142304[#142304]). -* Fixes validation issues within the rule Actions tab ({kib-pull}141811[#141811]). -* Fixes a bug with visualization types on the Hosts, Network, Users page ({kib-pull}141235[#141235]). -* Updates the documentation link on the Trusted applications page ({kib-pull}142467[#142467]). -* Provides the ability to run Osquery from a rule's investigation guide ({kib-pull}95149[#95149]). -* Improves Timeline’s performance when users investigate alerts related by process ancestry ({kib-pull}142805[#142805]). -* Fixes a rule import bug that removed references to exception lists ({kib-pull}143882[#143882]). -* Fixes a bug that prevented the authentication area chart on the Users page to be opened in Lens ({kib-pull}144011[#144011]). -* Shows the Host isolation exceptions page if users have a https://www.elastic.co/pricing[Platinum or Enterprise subscription] ({kib-pull}143362[#143362]). -* Fixes displayed commands in the Endpoint response actions log ({kib-pull}140378[#140378]). -* Updates the pagination header color in the Endpoint response actions history table ({kib-pull}141847[#141847]). +* Informs users when the event analyzer's current time range is too narrow to include event data ({kibana-pull}140831[#140831]). +* Lets users inspect bar charts and data grids, as with other data visualizations ({kibana-pull}140810[#140810]). +* Makes the Indicators table sortable by any column ({kibana-pull}140582[#140582]). +* Provides the ability to add fields to Indicators table ({kibana-pull}138882[#138882]). +* Updates the rule preview UI to be available at any step of creating or editing a detection rule. Rule previews are also now available for Elastic prebuilt rules, and include exceptions and field overrides ({kibana-pull}140221[#140221]). +* Adds an overview tab to the Indicator details flyout ({kibana-pull}140073[#140073]). +* Improves the UI for saved rule queries ({kibana-pull}140064[#140064]). +* Computes `threat.indicator.name` on the {es} server instead of on the client ({kibana-pull}139814[#139814]). +* Makes the state of tables throughout {elastic-sec} persist; for example, when users toggle between table view and grid view ({kibana-pull}139696[#139696]). +* Lets users enable multiple filters using various plus `+` and minus `-` buttons. Previously, adding a new filter in this way could remove the existing filters ({kibana-pull}139616[#139616]). +* Updates rule details page URLs to specify which tab to focus ({kibana-pull}139592[#139592]). +* Simplifies the process of adding a rule exception ({kibana-pull}138169[#138169]). +* Hides the process ancestry insights interface when data is unavailable ({kibana-pull}141751[#141751]). +* Formats the Rules table's `Last Gap` column in a human readable way ({kibana-pull}141363[#141363]). +* Introduces fuzzy search for user names in the Actions Log ({kibana-pull}141239[#141239]). +* Improves the layout for the *Add Field* menu ({kibana-pull}141084[#141084]). +* Restores users' ability to create exceptions with leading or trailing white space ({kibana-pull}139617[#139617]). +* Fixes two minor bugs with the *Overwrite existing rules* option for rule import ({kibana-pull}138758[#138758], {kibana-pull}139470[#139470]). +* Fixes a bug that made the `binary` field type appear usable in Exception entries despite not being supported ({kibana-pull}139370[#139370]). +* Fixes a bug that prevented a toast message from appearing after users export a rule from the rule details page ({kibana-pull}139209[#139209]). +* Fixes sorting and pagination bugs on the *Import value lists* menu ({kibana-pull}138381[#138381]). +* Mimics native link behavior for single-page application links ({kibana-pull}142304[#142304]). +* Fixes validation issues within the rule Actions tab ({kibana-pull}141811[#141811]). +* Fixes a bug with visualization types on the Hosts, Network, Users page ({kibana-pull}141235[#141235]). +* Updates the documentation link on the Trusted applications page ({kibana-pull}142467[#142467]). +* Provides the ability to run Osquery from a rule's investigation guide ({kibana-pull}95149[#95149]). +* Improves Timeline’s performance when users investigate alerts related by process ancestry ({kibana-pull}142805[#142805]). +* Fixes a rule import bug that removed references to exception lists ({kibana-pull}143882[#143882]). +* Fixes a bug that prevented the authentication area chart on the Users page to be opened in Lens ({kibana-pull}144011[#144011]). +* Shows the Host isolation exceptions page if users have a https://www.elastic.co/pricing[Platinum or Enterprise subscription] ({kibana-pull}143362[#143362]). +* Fixes displayed commands in the Endpoint response actions log ({kibana-pull}140378[#140378]). +* Updates the pagination header color in the Endpoint response actions history table ({kibana-pull}141847[#141847]). diff --git a/docs/release-notes/8.6.asciidoc b/docs/release-notes/8.6.asciidoc index b42340cd08..1ea7b898f0 100644 --- a/docs/release-notes/8.6.asciidoc +++ b/docs/release-notes/8.6.asciidoc @@ -13,7 +13,7 @@ [discrete] [[bug-fixes-8.6.2]] ==== Bug fixes and enhancements -* Fixes a bug that prevented related alerts from closing when the *Close all alerts that match this exception* option was selected on an exception ({kib-pull}150765[#150765]). +* Fixes a bug that prevented related alerts from closing when the *Close all alerts that match this exception* option was selected on an exception ({kibana-pull}150765[#150765]). * Ensures {elastic-endpoint} sends intermediate certificates to the server for SSL validation. [discrete] @@ -29,8 +29,8 @@ [[bug-fixes-8.6.1]] ==== Bug fixes and enhancements * Fixes a bug that prevented Osquery results from being viewed in {kib} when using the Osquery Manager integration with {agent}. Upgrade to {stack} version 8.6.1 and {agent} 8.6.1 to apply this fix to your deployment (https://github.com/elastic/beats/issues/34250[#34250]). -* Fixes a bug that impacted the way Osquery results were displayed in Lens and Discover ({kib-pull}148260[#148260]). -* Adds an advanced setting to the {elastic-defend} policy that allows users to enable or disable host isolation on Linux endpoints ({kib-pull}149177[#149177]). +* Fixes a bug that impacted the way Osquery results were displayed in Lens and Discover ({kibana-pull}148260[#148260]). +* Adds an advanced setting to the {elastic-defend} policy that allows users to enable or disable host isolation on Linux endpoints ({kibana-pull}149177[#149177]). [discrete] [[release-notes-8.6.0]] @@ -58,71 +58,71 @@ There are no deprecations in 8.6.0. [discrete] [[features-8.6.0]] ==== Features -* Allows you to add indicators to new or existing cases ({kib-pull}145121[#145121]). -* Adds the `is one of` operator to the *Add field* menu in Timeline ({kib-pull}144988[#144988]). -* Adds an "Add to timeline investigation" button to the User Risk Scores and Host Risk Scores cards on the Entity Analytics dashboard ({kib-pull}144819[#144819]). -* Provides the option to duplicate rules and their exceptions or rules only ({kib-pull}144782[#144782]). -* Improves the Shared Exception Lists page and allows you to export read-only exception lists ({kib-pull}144383[#144383]). -* Enables you to build runtime queries using alert data or hard-coded literal values. (Technical preview only). ({kib-pull}145240[#145240]). -* Creates a new connector for Tines ({kib-pull}143505[#143505]). -* Updates the UI for adding and editing exceptions ({kib-pull}143127[#143127]). -* Creates a Shared Exception Lists page for creating, viewing, and modifying shared exception lists ({kib-pull}143041[#143041]). -* Enables you to bulk-add up to 4000 events to Timeline ({kib-pull}142737[#142737]). -* Enables alert suppression per rule execution for custom query rules ({kib-pull}142686[#142686]). -* Improves role-based access controls for {kib} users performing response actions ({kib-pull}142825[#142825]). +* Allows you to add indicators to new or existing cases ({kibana-pull}145121[#145121]). +* Adds the `is one of` operator to the *Add field* menu in Timeline ({kibana-pull}144988[#144988]). +* Adds an "Add to timeline investigation" button to the User Risk Scores and Host Risk Scores cards on the Entity Analytics dashboard ({kibana-pull}144819[#144819]). +* Provides the option to duplicate rules and their exceptions or rules only ({kibana-pull}144782[#144782]). +* Improves the Shared Exception Lists page and allows you to export read-only exception lists ({kibana-pull}144383[#144383]). +* Enables you to build runtime queries using alert data or hard-coded literal values. (Technical preview only). ({kibana-pull}145240[#145240]). +* Creates a new connector for Tines ({kibana-pull}143505[#143505]). +* Updates the UI for adding and editing exceptions ({kibana-pull}143127[#143127]). +* Creates a Shared Exception Lists page for creating, viewing, and modifying shared exception lists ({kibana-pull}143041[#143041]). +* Enables you to bulk-add up to 4000 events to Timeline ({kibana-pull}142737[#142737]). +* Enables alert suppression per rule execution for custom query rules ({kibana-pull}142686[#142686]). +* Improves role-based access controls for {kib} users performing response actions ({kibana-pull}142825[#142825]). [discrete] [[bug-fixes-8.6.0]] ==== Bug fixes and enhancements -* Adds the *View indicators* button to the Threat Intelligence card ({kib-pull}145125[#145125]). -* Improves the interface for creating rule exceptions and shared exception lists ({kib-pull}144575[#144575]). -* Adds cases metadata in the Cases panel on the alert details page ({kib-pull}144430[#144430]). -* Improves the UX for managing {ml} jobs while managing {ml} rules ({kib-pull}144080[#144080]). -* Enables you to run {ml} jobs from the Notable Anomalies table ({kib-pull}142861[#142861]). -* Updates the take action UI for charts on the Hosts, Users, and Network pages ({kib-pull}138369[#138369]). -* Adds a *Respond* button to the Host Details page for hosts with an {agent} installed ({kib-pull}143988[#143988]). -* Allows you to add up to three new terms to New Terms rule queries, enabling you to create alerts when multiple new terms appear in the same event ({kib-pull}143943[#143943]). -* Allows you to launch Timeline from the Entity Analytics dashboard by clicking alert counts ({kib-pull}143841[#143841]). -* Adds missing TLP Marking badges to the Indicators table and Indicator details flyout ({kib-pull}143431[#143431]). -* Ensures the empty state of the Indicators page does not appear when threat intelligence integrations are installed ({kib-pull}143328[#143328]). -* Turns the anomalies count on the Entity Analytics dashboard into a link that goes to the Anomalies table ({kib-pull}143085[#143085]). -* Pre-selects the `threat` category when you open the Fields browser ({kib-pull}142698[#142698]). -* Adds a `copy to clipboard` action for indicators in the Indicators table ({kib-pull}142675[#142675]). -* Adds a `User risk classification` column to the Users table ({kib-pull}142610[#142610]). -* Adds a label to the Indicators page that states when it was last updated ({kib-pull}142560[#142560]). -* Specifies that links from the Threat Intelligence page to the Integrations page should open the Threat Intelligence integrations category ({kib-pull}142538[#142538]). -* Enables full-screen mode on the Indicators table ({kib-pull}142519[#142519]). -* Implements the standard search bar and date picker on the Threat Intelligence page ({kib-pull}142336[#142336]). -* Updates the design of the Shared Exception Lists page ({kib-pull}142289[#142289]). -* Displays comments for expanded items in the Action history page ({kib-pull}141938[#141938]). -* Adds HTTP 409 conflict response status codes to error messages for several API requests ({kib-pull}146389[#146389]). +* Adds the *View indicators* button to the Threat Intelligence card ({kibana-pull}145125[#145125]). +* Improves the interface for creating rule exceptions and shared exception lists ({kibana-pull}144575[#144575]). +* Adds cases metadata in the Cases panel on the alert details page ({kibana-pull}144430[#144430]). +* Improves the UX for managing {ml} jobs while managing {ml} rules ({kibana-pull}144080[#144080]). +* Enables you to run {ml} jobs from the Notable Anomalies table ({kibana-pull}142861[#142861]). +* Updates the take action UI for charts on the Hosts, Users, and Network pages ({kibana-pull}138369[#138369]). +* Adds a *Respond* button to the Host Details page for hosts with an {agent} installed ({kibana-pull}143988[#143988]). +* Allows you to add up to three new terms to New Terms rule queries, enabling you to create alerts when multiple new terms appear in the same event ({kibana-pull}143943[#143943]). +* Allows you to launch Timeline from the Entity Analytics dashboard by clicking alert counts ({kibana-pull}143841[#143841]). +* Adds missing TLP Marking badges to the Indicators table and Indicator details flyout ({kibana-pull}143431[#143431]). +* Ensures the empty state of the Indicators page does not appear when threat intelligence integrations are installed ({kibana-pull}143328[#143328]). +* Turns the anomalies count on the Entity Analytics dashboard into a link that goes to the Anomalies table ({kibana-pull}143085[#143085]). +* Pre-selects the `threat` category when you open the Fields browser ({kibana-pull}142698[#142698]). +* Adds a `copy to clipboard` action for indicators in the Indicators table ({kibana-pull}142675[#142675]). +* Adds a `User risk classification` column to the Users table ({kibana-pull}142610[#142610]). +* Adds a label to the Indicators page that states when it was last updated ({kibana-pull}142560[#142560]). +* Specifies that links from the Threat Intelligence page to the Integrations page should open the Threat Intelligence integrations category ({kibana-pull}142538[#142538]). +* Enables full-screen mode on the Indicators table ({kibana-pull}142519[#142519]). +* Implements the standard search bar and date picker on the Threat Intelligence page ({kibana-pull}142336[#142336]). +* Updates the design of the Shared Exception Lists page ({kibana-pull}142289[#142289]). +* Displays comments for expanded items in the Action history page ({kibana-pull}141938[#141938]). +* Adds HTTP 409 conflict response status codes to error messages for several API requests ({kibana-pull}146389[#146389]). * Adds the new Data Exfiltration Detection (DED) integration package (https://github.com/elastic/integrations/pull/4486[#4486]). * Renames the sorting toggle on the Rules page from *Technical preview* to *Advanced sorting* (https://github.com/elastic/kibana/pull/144733[#144733]). // Items below this line were labeled as "bugfixes" rather than "enhancements" -* Replaces the *Run job* button with a *Stop job* button when the job is running ({kib-pull}146407[#146407]). -* Fixes a bug that prevented you from editing an exception while adding a comment to it from the Rules details flyout ({kib-pull}145575[#145575]). -* Fixes a bug that could cause rule previews for New Terms rules to fail ({kib-pull}145707[#145707]). -* Fixes a bug that could cause a "Page not found" error when you navigated to a shared exception list ({kib-pull}145833[#145833]). -* Fixes a bug with the loading indicator that appears when bulk actions are pending ({kib-pull}145905[#145905]). -* Fixes a bug with the linked rules count for shared exception lists ({kib-pull}145976[#145976]). -* Fixes a bug that prevented you from editing policies created before {stack} version 8.3.0 if you had a basic license ({kib-pull}146050[#146050]). -* Fixes a bug that sometimes prevented the Rules table from updating as expected ({kib-pull}146271[#146271]). -* Fixes a bug that sometimes prevented the display of rule preview graphs for custom rules ({kib-pull}142120[#142120]). -* Removes the `Optional` label from the `Additional look-back time` rule setting ({kib-pull}142375[#142375]). -* Fixes a bug that could result in duplicate entries in the Host's page's Events table query ({kib-pull}143239[#143239]). -* Fixes a bug that could interfere with Platinum users' access to the Host Isolation page ({kib-pull}143366[#143366]). -* Fixes a bug that prevented the event analyzer's state from persisting when you switched tabs on the Alerts page ({kib-pull}144291[#144291]). -* Fixes a bug that sometimes caused a page crash when you searched for an indicator ID on the Intelligence page ({kib-pull}144344[#144344]). -* Fixes a bug that prevented newly imported rules from appearing on the Rules page before the page was refreshed ({kib-pull}144359[#144359]). -* Fixes a bug with the toast message for successful bulk editing of rules ({kib-pull}144497[#144497]). -* Fixes a bug that prevented the Event Analyzer from opening in Timeline when the *Show only detection alerts* option is enabled ({kib-pull}144705[#144705]). -* Fixes bugs that affected the display and persistence of event action menus ({kib-pull}145025[#145025]). -* Fixes a bug that limited the display of breadcrumbs on the Shared Exception Lists page ({kib-pull}145605[#145605]). -* Fixes various minor UI bugs on the Shared Exception Lists page ({kib-pull}145334[#145334]). -* Improves the "permissions required" message that appears on Cloud Posture pages for users without necessary permissions ({kib-pull}145794[#145794]). -* Fixes a bug that could cause a "Page not found" error when navigating to an exception list without a description ({kib-pull}145833[#145833]). -* Fixes a visual bug with the fullscreen view of rule preview results ({kib-pull}146687[#146687]). -* Fixes a visual bug with the fullscreen view of Osquery results ({kib-pull}147076[#147076]). -* Fixes a bug with the refresh indicator on the Rule details page ({kib-pull}147806[#147806]). +* Replaces the *Run job* button with a *Stop job* button when the job is running ({kibana-pull}146407[#146407]). +* Fixes a bug that prevented you from editing an exception while adding a comment to it from the Rules details flyout ({kibana-pull}145575[#145575]). +* Fixes a bug that could cause rule previews for New Terms rules to fail ({kibana-pull}145707[#145707]). +* Fixes a bug that could cause a "Page not found" error when you navigated to a shared exception list ({kibana-pull}145833[#145833]). +* Fixes a bug with the loading indicator that appears when bulk actions are pending ({kibana-pull}145905[#145905]). +* Fixes a bug with the linked rules count for shared exception lists ({kibana-pull}145976[#145976]). +* Fixes a bug that prevented you from editing policies created before {stack} version 8.3.0 if you had a basic license ({kibana-pull}146050[#146050]). +* Fixes a bug that sometimes prevented the Rules table from updating as expected ({kibana-pull}146271[#146271]). +* Fixes a bug that sometimes prevented the display of rule preview graphs for custom rules ({kibana-pull}142120[#142120]). +* Removes the `Optional` label from the `Additional look-back time` rule setting ({kibana-pull}142375[#142375]). +* Fixes a bug that could result in duplicate entries in the Host's page's Events table query ({kibana-pull}143239[#143239]). +* Fixes a bug that could interfere with Platinum users' access to the Host Isolation page ({kibana-pull}143366[#143366]). +* Fixes a bug that prevented the event analyzer's state from persisting when you switched tabs on the Alerts page ({kibana-pull}144291[#144291]). +* Fixes a bug that sometimes caused a page crash when you searched for an indicator ID on the Intelligence page ({kibana-pull}144344[#144344]). +* Fixes a bug that prevented newly imported rules from appearing on the Rules page before the page was refreshed ({kibana-pull}144359[#144359]). +* Fixes a bug with the toast message for successful bulk editing of rules ({kibana-pull}144497[#144497]). +* Fixes a bug that prevented the Event Analyzer from opening in Timeline when the *Show only detection alerts* option is enabled ({kibana-pull}144705[#144705]). +* Fixes bugs that affected the display and persistence of event action menus ({kibana-pull}145025[#145025]). +* Fixes a bug that limited the display of breadcrumbs on the Shared Exception Lists page ({kibana-pull}145605[#145605]). +* Fixes various minor UI bugs on the Shared Exception Lists page ({kibana-pull}145334[#145334]). +* Improves the "permissions required" message that appears on Cloud Posture pages for users without necessary permissions ({kibana-pull}145794[#145794]). +* Fixes a bug that could cause a "Page not found" error when navigating to an exception list without a description ({kibana-pull}145833[#145833]). +* Fixes a visual bug with the fullscreen view of rule preview results ({kibana-pull}146687[#146687]). +* Fixes a visual bug with the fullscreen view of Osquery results ({kibana-pull}147076[#147076]). +* Fixes a bug with the refresh indicator on the Rule details page ({kibana-pull}147806[#147806]). * Reenables ransomware canary files. * Fixes a bug that caused the rule details page and the **Edit rule settings** page to load indefinitely if you edited a rule that had the `saved_id` property configured. \ No newline at end of file diff --git a/docs/release-notes/8.7.asciidoc b/docs/release-notes/8.7.asciidoc index fb418c3956..f3b61e7aee 100644 --- a/docs/release-notes/8.7.asciidoc +++ b/docs/release-notes/8.7.asciidoc @@ -109,10 +109,10 @@ If you already upgraded your {agents} and they're stuck in the `Updating` state, ===== -* Fixes a UI bug that affected the rule details page when rules had long queries ({kib-pull}153338[#153338]). -* Fixes exception operator logic for mapping field conflicts ({kib-pull}155071[#155071]). +* Fixes a UI bug that affected the rule details page when rules had long queries ({kibana-pull}153338[#153338]). +* Fixes exception operator logic for mapping field conflicts ({kibana-pull}155071[#155071]). * Fixes a bug that stopped {elastic-defend} from working when malware protection was enabled on Linux hosts. -* Fixes a bug that prevented policy artifacts from being properly updated after being added to the `.fleet-artifacts` index ({kib-pull}154810[#154810]). +* Fixes a bug that prevented policy artifacts from being properly updated after being added to the `.fleet-artifacts` index ({kibana-pull}154810[#154810]). + [NOTE] @@ -244,61 +244,61 @@ There are no deprecations in 8.7.0. [[features-8.7.0]] ==== New features -* Creates a new dashboard, Data Quality, which highlights any issues in your ECS field mappings ({kib-pull}150063[#150063]). +* Creates a new dashboard, Data Quality, which highlights any issues in your ECS field mappings ({kibana-pull}150063[#150063]). * Introduces a new event type (`Credential access`) to represent credential dumping attempts on Windows using tools like Mimikatz or fgdump. -* Creates a Torq connector that can trigger Torq workflows. You must have at least a https://www.elastic.co/pricing[Platinum subscription] to use this connector ({kib-pull}149405[#149405]). -* Adds more key performance indicator charts to the Alerts page ({kib-pull}150242[#150242], {kib-pull}149173[#149173], and {kib-pull}146938[#146938]). -* Allows you to set expiration dates for rule exceptions and choose whether to include expired exceptions when you export shared exception lists ({kib-pull}145180[#145180]). -* Adds two more inline actions (*Copy to clipboard* and *Add to timeline investigation*) to chart legends and tables ({kib-pull}146779[#146779]). -* Allows you to include connectors when exporting and importing rules ({kib-pull}148703[#148703]). -* Adds "Group by" functionality to the Alerts table (technical preview only)({kib-pull}149145[#149145]). -* Improves the UI for building an Investigation Guide query ({kib-pull}150363[#150363]). -* Adds the ability to create a rule from a Timeline ({kib-pull}143020[#143020]). -* Adds the option to suppress custom query rule alerts during a specific time window. Duplicate alerts within that time window will be grouped ({kib-pull}148868[#148868]). +* Creates a Torq connector that can trigger Torq workflows. You must have at least a https://www.elastic.co/pricing[Platinum subscription] to use this connector ({kibana-pull}149405[#149405]). +* Adds more key performance indicator charts to the Alerts page ({kibana-pull}150242[#150242], {kibana-pull}149173[#149173], and {kibana-pull}146938[#146938]). +* Allows you to set expiration dates for rule exceptions and choose whether to include expired exceptions when you export shared exception lists ({kibana-pull}145180[#145180]). +* Adds two more inline actions (*Copy to clipboard* and *Add to timeline investigation*) to chart legends and tables ({kibana-pull}146779[#146779]). +* Allows you to include connectors when exporting and importing rules ({kibana-pull}148703[#148703]). +* Adds "Group by" functionality to the Alerts table (technical preview only)({kibana-pull}149145[#149145]). +* Improves the UI for building an Investigation Guide query ({kibana-pull}150363[#150363]). +* Adds the ability to create a rule from a Timeline ({kibana-pull}143020[#143020]). +* Adds the option to suppress custom query rule alerts during a specific time window. Duplicate alerts within that time window will be grouped ({kibana-pull}148868[#148868]). * Introduces the <>, which detects misconfigured cloud resources in AWS accounts. [discrete] [[enhancements-8.7.0]] ==== Enhancements -* Improves the formatting and readability of machine learning job names ({kib-pull}148974[#148974], {kib-pull}148780[#148780]). -* Improves sorting of the Rules table: allows you to sort it by any column, removes the *Advanced sorting* toggle, and removes the `Version` column ({kib-pull}149840[#149840]). -* Adds a *Clear table filters* button to the Rules page so you can clear all filters in one click ({kib-pull}150059[#150059]). -* Warns you about type conflicts and unmapped indices when creating rule exceptions ({kib-pull}149149[#149149]). -* Adds buttons to the Rules page that allow you to view only enabled or disabled rules ({kib-pull}150153[#150153]). -* The *Related alerts by process ancestry* section of the alert details flyout is now generally available (GA) ({kib-pull}152011[#152011]). -* Adds the option to suppress custom query rule alerts during a specific time window. Duplicate alerts within that time window will be grouped ({kib-pull}148868[#148868]). -* Reduces alert creation errors by stopping the detection engine from writing non-ECS-compliant fields to alerts from source events ({kib-pull}147628[#147628]). -* Simplifies the interface for navigating from a rule's details page back to the Rules page ({kib-pull}147357[#147357]). -* Allows you to resize the Rule preview panel ({kib-pull}147351[#147351]). -* Improves the Bulk Edit API by adding a `skipped` property to rules that weren't updated, and updates the toast message to show which were skipped ({kib-pull}147345[#147345]). -* Allows placeholder fields in Osquery queries ({kib-pull}146598[#146598]). -* Allows the Rules table state to persist even after you refresh or navigate to another page ({kib-pull}145111[#145111]). -* Improves data fetch performance throughout {elastic-sec}, especially for deployments with large indices and multiple integrations ({kib-pull}142904[#142904]). -* Introduces cross-cluster search support for Indicator Match rules by improving rule performance ({kib-pull}149113[#149113]). -* Improves the toast message that appears when you export an exception list ({kib-pull}152301[#152301]). +* Improves the formatting and readability of machine learning job names ({kibana-pull}148974[#148974], {kibana-pull}148780[#148780]). +* Improves sorting of the Rules table: allows you to sort it by any column, removes the *Advanced sorting* toggle, and removes the `Version` column ({kibana-pull}149840[#149840]). +* Adds a *Clear table filters* button to the Rules page so you can clear all filters in one click ({kibana-pull}150059[#150059]). +* Warns you about type conflicts and unmapped indices when creating rule exceptions ({kibana-pull}149149[#149149]). +* Adds buttons to the Rules page that allow you to view only enabled or disabled rules ({kibana-pull}150153[#150153]). +* The *Related alerts by process ancestry* section of the alert details flyout is now generally available (GA) ({kibana-pull}152011[#152011]). +* Adds the option to suppress custom query rule alerts during a specific time window. Duplicate alerts within that time window will be grouped ({kibana-pull}148868[#148868]). +* Reduces alert creation errors by stopping the detection engine from writing non-ECS-compliant fields to alerts from source events ({kibana-pull}147628[#147628]). +* Simplifies the interface for navigating from a rule's details page back to the Rules page ({kibana-pull}147357[#147357]). +* Allows you to resize the Rule preview panel ({kibana-pull}147351[#147351]). +* Improves the Bulk Edit API by adding a `skipped` property to rules that weren't updated, and updates the toast message to show which were skipped ({kibana-pull}147345[#147345]). +* Allows placeholder fields in Osquery queries ({kibana-pull}146598[#146598]). +* Allows the Rules table state to persist even after you refresh or navigate to another page ({kibana-pull}145111[#145111]). +* Improves data fetch performance throughout {elastic-sec}, especially for deployments with large indices and multiple integrations ({kibana-pull}142904[#142904]). +* Introduces cross-cluster search support for Indicator Match rules by improving rule performance ({kibana-pull}149113[#149113]). +* Improves the toast message that appears when you export an exception list ({kibana-pull}152301[#152301]). [discrete] [[bug-fixes-8.7.0]] ==== Bug fixes -* Various bug fixes and UX enhancements for the Alerts page ({kib-pull}152402[#152402]). -* Fixes a bug that could cause your cursor to jump to the end of the text field when editing a rule action message ({kib-pull}150823[#150823]). -* Fixes a bug that could result in incorrect links to machine learning jobs from search results ({kib-pull}150881[#150881]). -* Fixes a bug that caused a fade in and out effect on rule descriptions ({kib-pull}150998[#150998]). -* Fixes a bug that caused the Alerts page to default to the wrong chart type ({kib-pull}151073[#151073]). -* Fixes a bug that could hide some shared exception lists when you changed the number of rows in the exceptions lists view ({kib-pull}151393[#151393]). -* Removes a blank option from the *Field* browser in the Add rule exception flyout ({kib-pull}151398[#151398]). -* Fixes a UI text bug that conflated Endpoint exceptions with regular rule exceptions ({kib-pull}151532[#151532]). -* Fixes a bug that could cause an unnecessary warning to display in the Add rule exception flyout ({kib-pull}151570[#151570]). -* Fixes a bug with the empty state that appears when your exception lists search yields no results ({kib-pull}151530[#151530]). -* Fixes a bug that sometimes prevented a Timeline from saving when it was created using the *Investigate in timeline* action on an alert ({kib-pull}151616[#151616]). -* Fixes a bug that could cause unnecessary validation errors in text entry fields in the Add rule exception flyout ({kib-pull}151654[#151654]). -* Fixes a bug that caused some module names to be partially hidden on the Overview dashboard ({kib-pull}151843[#151843]). -* Fixes a visual bug that affected empty rule previews ({kib-pull}151869[#151869]). -* Fixes a bug that could cause a rule's related integrations to incorrectly appear as not installed on the Rules table and the rule details page ({kib-pull}152055[#152055], {kib-pull}149646[#149646]). -* Changes the *Import list* button name to *Import value list* ({kib-pull}152281[#152281]). -* Fixes a bug that broke the visual analyzer for sysmon data ingested via {agent} ({kib-pull}152418[#152418]). -* Fixes a bug that incorrectly allowed you to use custom fields in the Add Endpoint Exception flyout ({kib-pull}152619[#152619]). -* Fixes a bug where the two breadcrumbs on shared exception lists pages did not use the same text ({kib-pull}152629[#152629]). -* Fixes an issue in the Update exception item API that incorrectly merged existing objects with updated objects ({kib-pull}151952[#151952]). -* Fixes a bug that affected the rule status refresh loading indicator ({kib-pull}147806[#147806]). \ No newline at end of file +* Various bug fixes and UX enhancements for the Alerts page ({kibana-pull}152402[#152402]). +* Fixes a bug that could cause your cursor to jump to the end of the text field when editing a rule action message ({kibana-pull}150823[#150823]). +* Fixes a bug that could result in incorrect links to machine learning jobs from search results ({kibana-pull}150881[#150881]). +* Fixes a bug that caused a fade in and out effect on rule descriptions ({kibana-pull}150998[#150998]). +* Fixes a bug that caused the Alerts page to default to the wrong chart type ({kibana-pull}151073[#151073]). +* Fixes a bug that could hide some shared exception lists when you changed the number of rows in the exceptions lists view ({kibana-pull}151393[#151393]). +* Removes a blank option from the *Field* browser in the Add rule exception flyout ({kibana-pull}151398[#151398]). +* Fixes a UI text bug that conflated Endpoint exceptions with regular rule exceptions ({kibana-pull}151532[#151532]). +* Fixes a bug that could cause an unnecessary warning to display in the Add rule exception flyout ({kibana-pull}151570[#151570]). +* Fixes a bug with the empty state that appears when your exception lists search yields no results ({kibana-pull}151530[#151530]). +* Fixes a bug that sometimes prevented a Timeline from saving when it was created using the *Investigate in timeline* action on an alert ({kibana-pull}151616[#151616]). +* Fixes a bug that could cause unnecessary validation errors in text entry fields in the Add rule exception flyout ({kibana-pull}151654[#151654]). +* Fixes a bug that caused some module names to be partially hidden on the Overview dashboard ({kibana-pull}151843[#151843]). +* Fixes a visual bug that affected empty rule previews ({kibana-pull}151869[#151869]). +* Fixes a bug that could cause a rule's related integrations to incorrectly appear as not installed on the Rules table and the rule details page ({kibana-pull}152055[#152055], {kibana-pull}149646[#149646]). +* Changes the *Import list* button name to *Import value list* ({kibana-pull}152281[#152281]). +* Fixes a bug that broke the visual analyzer for sysmon data ingested via {agent} ({kibana-pull}152418[#152418]). +* Fixes a bug that incorrectly allowed you to use custom fields in the Add Endpoint Exception flyout ({kibana-pull}152619[#152619]). +* Fixes a bug where the two breadcrumbs on shared exception lists pages did not use the same text ({kibana-pull}152629[#152629]). +* Fixes an issue in the Update exception item API that incorrectly merged existing objects with updated objects ({kibana-pull}151952[#151952]). +* Fixes a bug that affected the rule status refresh loading indicator ({kibana-pull}147806[#147806]). \ No newline at end of file diff --git a/docs/release-notes/8.8.asciidoc b/docs/release-notes/8.8.asciidoc index 34357a8048..baeb92bff4 100644 --- a/docs/release-notes/8.8.asciidoc +++ b/docs/release-notes/8.8.asciidoc @@ -67,16 +67,16 @@ There are no user-facing changes in 8.8.2. [discrete] [[bug-fixes-8.8.2]] ==== Bug fixes -* Fixes a bug that affected links to {kib} results generated by actions on rules from non-default {kib} spaces ({kib-pull}159966[#159966]). -* Fixes a bug that prevented users from saving a Timeline after adding a `number` field ({kib-pull}159723[#159723]). -* Fixes a bug that caused error messages to wrongfully display if users selected uninstalled {ml} jobs while creating a {ml} rule ({kib-pull}159316[#159316]). -* Removes hover actions from tables within the Detection & Response dashboard when the alert count is zero ({kib-pull}158902[#158902]). -* Fixes bugs in the Anomalies table that left {ml} jobs greyed out after they were installed ({kib-pull}158821[#158821]) and that stopped some job counts from appearing ({kib-pull}158739[#158739]). -* Fixes a bug that caused the **Add exceptions flyout** to load indefinitely and display an out of memory error when a rule had a large number of unmapped fields in multiple indices ({kib-pull}159216[#159216]). -* Fixes a bug that prevented cell actions on fields with multiple values in the Alerts table ({kib-pull}158060[#158060]). -* Fixes a bug that caused the Alerts page to query unnecessary indices ({kib-pull}157286[#157286]). -* Fixes a bug that broke the mustache syntax for variables in rule actions ({kib-pull}160446[#160446]). -* Fixes a bug that caused exception items to be erroneously duplicated if you modified an exception item using the <> API and _only_ specified its `item_id` ({kib-pull}159223[#159223]). +* Fixes a bug that affected links to {kib} results generated by actions on rules from non-default {kib} spaces ({kibana-pull}159966[#159966]). +* Fixes a bug that prevented users from saving a Timeline after adding a `number` field ({kibana-pull}159723[#159723]). +* Fixes a bug that caused error messages to wrongfully display if users selected uninstalled {ml} jobs while creating a {ml} rule ({kibana-pull}159316[#159316]). +* Removes hover actions from tables within the Detection & Response dashboard when the alert count is zero ({kibana-pull}158902[#158902]). +* Fixes bugs in the Anomalies table that left {ml} jobs greyed out after they were installed ({kibana-pull}158821[#158821]) and that stopped some job counts from appearing ({kibana-pull}158739[#158739]). +* Fixes a bug that caused the **Add exceptions flyout** to load indefinitely and display an out of memory error when a rule had a large number of unmapped fields in multiple indices ({kibana-pull}159216[#159216]). +* Fixes a bug that prevented cell actions on fields with multiple values in the Alerts table ({kibana-pull}158060[#158060]). +* Fixes a bug that caused the Alerts page to query unnecessary indices ({kibana-pull}157286[#157286]). +* Fixes a bug that broke the mustache syntax for variables in rule actions ({kibana-pull}160446[#160446]). +* Fixes a bug that caused exception items to be erroneously duplicated if you modified an exception item using the <> API and _only_ specified its `item_id` ({kibana-pull}159223[#159223]). + NOTE: If you've already encountered this issue and want to find erroneously duplicated exceptions, use the queries provided below. @@ -286,18 +286,18 @@ There are no breaking changes in 8.8.1. [[features-8.8.1]] ==== New features -* Introduces the Generative AI connector and <> for {elastic-sec} ({kib-pull}157228[#157228], {kib-pull}156933[#156933]). +* Introduces the Generative AI connector and <> for {elastic-sec} ({kibana-pull}157228[#157228], {kibana-pull}156933[#156933]). [discrete] [[bug-fixes-8.8.1]] ==== Bug fixes -* Fixes a bug that made field types appear as `unknown` within the **Fields** browser and when examining alert or event details ({kib-pull}158594[#158594]). -* Fixes a bug that caused all field types in the **Fields** browser to appear as `unknown` ({kib-pull}158594[#158594]). -* Fixes a bug that caused the **Add rule exception** flyout to load indefinitely when index fields couldn't be retrieved ({kib-pull}158371[#158371]). -* Provides support for using field names with wildcards in rule queries ({kib-pull}157981[#157981]). -* Fixes CSS style issues on the rule details page ({kib-pull}157935[#157935]). -* Fixes a bug that caused the `A-Z` option to incorrectly display on Alerts table sorting menus ({kib-pull}157653[#157653]). -* Allows users to scroll through long error messages on the rule details page ({kib-pull}157271[#157271]). +* Fixes a bug that made field types appear as `unknown` within the **Fields** browser and when examining alert or event details ({kibana-pull}158594[#158594]). +* Fixes a bug that caused all field types in the **Fields** browser to appear as `unknown` ({kibana-pull}158594[#158594]). +* Fixes a bug that caused the **Add rule exception** flyout to load indefinitely when index fields couldn't be retrieved ({kibana-pull}158371[#158371]). +* Provides support for using field names with wildcards in rule queries ({kibana-pull}157981[#157981]). +* Fixes CSS style issues on the rule details page ({kibana-pull}157935[#157935]). +* Fixes a bug that caused the `A-Z` option to incorrectly display on Alerts table sorting menus ({kibana-pull}157653[#157653]). +* Allows users to scroll through long error messages on the rule details page ({kibana-pull}157271[#157271]). [discrete] [[release-notes-8.8.0]] @@ -434,7 +434,7 @@ NOTE: To avoid further issues, _do not_ re-add the `file.name` field to the tabl [[breaking-changes-8.8.0]] ==== Breaking changes -* The privileges for attaching alerts to cases have changed. Now, you need at least `Read` privileges for Security and `All` privileges for Cases ({kib-pull}147985[#147985]). +* The privileges for attaching alerts to cases have changed. Now, you need at least `Read` privileges for Security and `All` privileges for Cases ({kibana-pull}147985[#147985]). * Adds conditional actions to the rules API. In {elastic-sec} 8.7 and earlier, action frequencies were set on a rule level by defining the `throttle` field. In 8.8 and later, action frequencies are set at the action level, and the `throttle` field is replaced by the `frequency` and `alert_filters` fields. The following APIs are affected: ** https://www.elastic.co/guide/en/security/8.8/rules-api-get.html[Get rule] ** https://www.elastic.co/guide/en/security/8.8/rules-api-find.html[Find rules] @@ -452,57 +452,57 @@ NOTE: To avoid further issues, _do not_ re-add the `file.name` field to the tabl [[features-8.8.0]] ==== New features -* Introduces <>, which scans your cloud VMs for vulnerabilities, and adds a tab to the Findings page that displays vulnerabilities ({kib-pull}154388[#154388], {kib-pull}154873[#154873], {kib-pull}155045[#155045]). +* Introduces <>, which scans your cloud VMs for vulnerabilities, and adds a tab to the Findings page that displays vulnerabilities ({kibana-pull}154388[#154388], {kibana-pull}154873[#154873], {kibana-pull}155045[#155045]). * Introduces <>, which allows you to monitor and protect your Kubernetes workloads. -* Adds a new response action that allows you to execute commands on a selected host ({kib-pull}150202[#150202]). -* Adds the `kibana.alert.url` field to alert documents. This field provides a shareable URL for the alert ({kib-pull}155069[#155069]). -* Adds the ability to duplicate a shared exception list ({kib-pull}154991[#154991]). -* Allows Timeline notes to be deleted ({kib-pull}154834[#154834]). -* Allows you to specify conditions for when rule actions should run ({kib-pull}154680[#154680]). -* Adds the ability to snooze rule notifications from the Rules table, the rule details page, or the Actions tab when editing a rule ({kib-pull}153083[#153083], {kib-pull}155407[#155407], {kib-pull}155612[#155612]). -* Adds controls to the Alerts page that allow you to customize which filters appear at the top of the page ({kib-pull}152450[#152450]). +* Adds a new response action that allows you to execute commands on a selected host ({kibana-pull}150202[#150202]). +* Adds the `kibana.alert.url` field to alert documents. This field provides a shareable URL for the alert ({kibana-pull}155069[#155069]). +* Adds the ability to duplicate a shared exception list ({kibana-pull}154991[#154991]). +* Allows Timeline notes to be deleted ({kibana-pull}154834[#154834]). +* Allows you to specify conditions for when rule actions should run ({kibana-pull}154680[#154680]). +* Adds the ability to snooze rule notifications from the Rules table, the rule details page, or the Actions tab when editing a rule ({kibana-pull}153083[#153083], {kibana-pull}155407[#155407], {kibana-pull}155612[#155612]). +* Adds controls to the Alerts page that allow you to customize which filters appear at the top of the page ({kibana-pull}152450[#152450]). [discrete] [[enhancements-8.8.0]] ==== Enhancements -* Renames the Notable Anomalies section in the Entity Analytics dashboard to Anomalies ({kib-pull}155687[#155687]). -* Displays additional {ml} anomaly jobs on the Entity Analytics dashboard ({kib-pull}155520[#155520]). -* Makes alert count links on the Entity Analytics dashboard navigate to the Alerts page instead of opening in Timeline ({kib-pull}153372[#153372]). -* Updates the Data Quality dashboard to include a new tree map and storage size metrics for each index ({kib-pull}155581[#155581]). -* Adds cloud infrastructure-related fields to the alert details flyout highlighted fields section ({kib-pull}155247[#155247]). -* Allows you to specify how to handle alert suppression for alerts with missing fields ({kib-pull}155055[#155055]). -* Gives users more control over how they receive alert notifications and lets them define conditions that must be met for a notification to occur ({kib-pull}154526[#154526]). -* Adds a warning message to tell you when a rule has reached the maximum number of alerts limit ({kib-pull}154112[#154112]). -* Updates how browser field descriptions are provided to {kib} ({kib-pull}153498[#153498]). -* Enables multi-level grouping for alerts on the Alerts page, based on various fields ({kib-pull}152862[#152862]). -* Adds links to the Detection & Response and Entity Analytics dashboards that jump to the Alerts page with filters enabled ({kib-pull}152714[#152714]). -* Updates the visualizations throughout {elastic-sec} to Lens visualizations ({kib-pull}150531[#150531]). -* Adds a *Share alert* link to the alert details flyout ({kib-pull}148800[#148800]). -* Adds a warning message to the Rules page when a maintenance window is running ({kib-pull}155386[#155386]). -* Adds a global search bar to the Detections and Response and Entity Analytics dashboards ({kib-pull}156832[#156832]). -* Adds the "Investigate in timeline" inline action to alert counts on the Detections and Response and Entity Analytics dashboards ({kib-pull}154299[#154299]). -* Session view: Makes the row representing the session leader remain visible when you scroll past it, and adds a button to this row that allows you to collapse child processes ({kib-pull}154982[#154982]). -* Reduces Linux process event volume by about 50% by combining `fork`, `exec`, and `end` events when they occur around the same time (does not affect queries of this data) ({kib-pull}153213[#153213]). -* Updates where the technical preview tags appear for host risk score features ({kib-pull}156659[#156659], {kib-pull}156514[#156514]). +* Renames the Notable Anomalies section in the Entity Analytics dashboard to Anomalies ({kibana-pull}155687[#155687]). +* Displays additional {ml} anomaly jobs on the Entity Analytics dashboard ({kibana-pull}155520[#155520]). +* Makes alert count links on the Entity Analytics dashboard navigate to the Alerts page instead of opening in Timeline ({kibana-pull}153372[#153372]). +* Updates the Data Quality dashboard to include a new tree map and storage size metrics for each index ({kibana-pull}155581[#155581]). +* Adds cloud infrastructure-related fields to the alert details flyout highlighted fields section ({kibana-pull}155247[#155247]). +* Allows you to specify how to handle alert suppression for alerts with missing fields ({kibana-pull}155055[#155055]). +* Gives users more control over how they receive alert notifications and lets them define conditions that must be met for a notification to occur ({kibana-pull}154526[#154526]). +* Adds a warning message to tell you when a rule has reached the maximum number of alerts limit ({kibana-pull}154112[#154112]). +* Updates how browser field descriptions are provided to {kib} ({kibana-pull}153498[#153498]). +* Enables multi-level grouping for alerts on the Alerts page, based on various fields ({kibana-pull}152862[#152862]). +* Adds links to the Detection & Response and Entity Analytics dashboards that jump to the Alerts page with filters enabled ({kibana-pull}152714[#152714]). +* Updates the visualizations throughout {elastic-sec} to Lens visualizations ({kibana-pull}150531[#150531]). +* Adds a *Share alert* link to the alert details flyout ({kibana-pull}148800[#148800]). +* Adds a warning message to the Rules page when a maintenance window is running ({kibana-pull}155386[#155386]). +* Adds a global search bar to the Detections and Response and Entity Analytics dashboards ({kibana-pull}156832[#156832]). +* Adds the "Investigate in timeline" inline action to alert counts on the Detections and Response and Entity Analytics dashboards ({kibana-pull}154299[#154299]). +* Session view: Makes the row representing the session leader remain visible when you scroll past it, and adds a button to this row that allows you to collapse child processes ({kibana-pull}154982[#154982]). +* Reduces Linux process event volume by about 50% by combining `fork`, `exec`, and `end` events when they occur around the same time (does not affect queries of this data) ({kibana-pull}153213[#153213]). +* Updates where the technical preview tags appear for host risk score features ({kibana-pull}156659[#156659], {kibana-pull}156514[#156514]). * Allows you to use fully qualified domain names (FQDNs) for hosts. To learn how to enable the FQDN feature flag, refer to {fleet-guide}/elastic-agent-standalone-feature-flags.html[Configure feature flags for standalone {agents}]. To learn how to set host names in {fleet}, refer to {fleet-guide}/fleet-settings.html#fleet-agent-hostname-format-settings[Agent Binary Download {fleet} settings]. [discrete] [[bug-fixes-8.8.0]] ==== Bug fixes -* Fixes a bug that interfered with the default time range when you opened an alert in Timeline ({kib-pull}156884[#156884]). -* Fixes a bug that could cause the Alerts page to become unresponsive after entering an invalid query ({kib-pull}156542[#156542]). -* Updates the colors used for entity analytic graphs to match those used for alert graphs ({kib-pull}156383[#156383]). -* Fixes a bug that caused errors on the Data Quality dashboard when a `basePath` was configured ({kib-pull}156233[#156233]). -* Fixes a bug that could cause problems when different users simultaneously edited a Timeline ({kib-pull}155663[#155663]). -* Fixes a bug that could cause the wrong number of rules to appear in the modal for duplicating rules ({kib-pull}155959[#155959]). -* Fixes a bug that could cause a blank option to appear in the Create rule exception form ({kib-pull}155221[#155221]). -* Fixes issues that affected tags in the Add rule exception component of the Shared Exception Lists page ({kib-pull}155219[#155219]). -* Fixes a bug that displayed an outdated count of affected rules on the Shared Exception Lists page ({kib-pull}155108[#155108]). -* Improves performance for rendering indicator match alerts on the Alerts page ({kib-pull}154821[#154821]). -* Fixes a bug that could affect alert prevalence counts on the Alerts page ({kib-pull}154544[#154544]). -* Fixes a bug that could prevent you from using breadcrumbs to return to the Rules page ({kib-pull}150322[#150322]). -* Fixes a bug that could prevent the *View all open alerts* button on the Detection and Response dashboard from applying the correct filters ({kib-pull}156893[#156893]). -* Fixes several bugs related to session view and and Kubernetes dashboard ({kib-pull}154982[#154982]). +* Fixes a bug that interfered with the default time range when you opened an alert in Timeline ({kibana-pull}156884[#156884]). +* Fixes a bug that could cause the Alerts page to become unresponsive after entering an invalid query ({kibana-pull}156542[#156542]). +* Updates the colors used for entity analytic graphs to match those used for alert graphs ({kibana-pull}156383[#156383]). +* Fixes a bug that caused errors on the Data Quality dashboard when a `basePath` was configured ({kibana-pull}156233[#156233]). +* Fixes a bug that could cause problems when different users simultaneously edited a Timeline ({kibana-pull}155663[#155663]). +* Fixes a bug that could cause the wrong number of rules to appear in the modal for duplicating rules ({kibana-pull}155959[#155959]). +* Fixes a bug that could cause a blank option to appear in the Create rule exception form ({kibana-pull}155221[#155221]). +* Fixes issues that affected tags in the Add rule exception component of the Shared Exception Lists page ({kibana-pull}155219[#155219]). +* Fixes a bug that displayed an outdated count of affected rules on the Shared Exception Lists page ({kibana-pull}155108[#155108]). +* Improves performance for rendering indicator match alerts on the Alerts page ({kibana-pull}154821[#154821]). +* Fixes a bug that could affect alert prevalence counts on the Alerts page ({kibana-pull}154544[#154544]). +* Fixes a bug that could prevent you from using breadcrumbs to return to the Rules page ({kibana-pull}150322[#150322]). +* Fixes a bug that could prevent the *View all open alerts* button on the Detection and Response dashboard from applying the correct filters ({kibana-pull}156893[#156893]). +* Fixes several bugs related to session view and and Kubernetes dashboard ({kibana-pull}154982[#154982]). * Fixes the delete index API so it only removes {elastic-sec} 7.x signals indices (`.siem-signals-`), index templates, and ILMs and doesn't delete 8.x alert indices (`.alerts-security.alerts-`). diff --git a/docs/release-notes/8.9.asciidoc b/docs/release-notes/8.9.asciidoc index 6c385e7796..21f0e521e2 100644 --- a/docs/release-notes/8.9.asciidoc +++ b/docs/release-notes/8.9.asciidoc @@ -9,11 +9,11 @@ [[bug-fixes-8.9.2]] ==== Bug fixes -* Fixes a bug that prevented inline actions on the Alerts page from completing ({kib-pull}165099[#165099]). -* Fixes a bug that prevented blocklist file path entries for Windows and macOS applications from being passed as case insensitive ({kib-pull}164200[#164200]). -* Fixes a bug in the confirmation message that appears when duplicating a single rule ({kib-pull}163908[#163908]). -* Fixes a bug on the rule details page that showed the **Data view** label twice if you were viewing a rule using a data view ({kib-pull}164494[#164494]). -* Fixes a bug that affected Timeline when you investigated an alert created from a rule with exceptions ({kib-pull}162190[#162190]). +* Fixes a bug that prevented inline actions on the Alerts page from completing ({kibana-pull}165099[#165099]). +* Fixes a bug that prevented blocklist file path entries for Windows and macOS applications from being passed as case insensitive ({kibana-pull}164200[#164200]). +* Fixes a bug in the confirmation message that appears when duplicating a single rule ({kibana-pull}163908[#163908]). +* Fixes a bug on the rule details page that showed the **Data view** label twice if you were viewing a rule using a data view ({kibana-pull}164494[#164494]). +* Fixes a bug that affected Timeline when you investigated an alert created from a rule with exceptions ({kibana-pull}162190[#162190]). [discrete] [[release-notes-8.9.1]] @@ -74,10 +74,10 @@ NOTE: To avoid further issues, _do not_ re-add the `file.name` field to the tabl [[bug-fixes-8.9.1]] ==== Bug fixes -* Fixes a copy to clipboard bug that affected non-ECS fields ({kib-pull}162883[#162883]). -* Fixes number rounding issues in the *Top alerts by* table on the Alerts page ({kib-pull}162647[#162647]). -* Fixes bug that prevented controls from being rendered on {elastic-sec} dashboards ({kib-pull}162514[#162514]). -* Fixes a bug that prevented rule changes from being saved if a rule's action frequency was shorter than the rule run interval ({kib-pull}160798[#160798]). +* Fixes a copy to clipboard bug that affected non-ECS fields ({kibana-pull}162883[#162883]). +* Fixes number rounding issues in the *Top alerts by* table on the Alerts page ({kibana-pull}162647[#162647]). +* Fixes bug that prevented controls from being rendered on {elastic-sec} dashboards ({kibana-pull}162514[#162514]). +* Fixes a bug that prevented rule changes from being saved if a rule's action frequency was shorter than the rule run interval ({kibana-pull}160798[#160798]). [discrete] [[release-notes-8.9.0]] @@ -141,47 +141,47 @@ There are no breaking changes in 8.9.0. [discrete] [[deprecations-8.9.0]] ==== Deprecations -* Removes the option to use the legacy navigation menu ({kib-pull}158094[#158094]). +* Removes the option to use the legacy navigation menu ({kibana-pull}158094[#158094]). * General prebuilt threat indicator match rules were deprecated and replaced with improved indicator-type rules. [discrete] [[features-8.9.0]] ==== New features * Introduces the `top` command for MacOS and Linux, which shows active processes that {elastic-endpoint} is monitoring and recording. Processes are sorted by how much CPU they are causing {elastic-endpoint} to consume. Learn more about the `top` command by referring to the (https://www.github.com/elastic/endpoint/blob/main/EndpointTopCommand.md[readme]). -* Allows you to install the Cloud Security Posture Management (CSPM) integration via CloudFormation ({kib-pull}159994[#159994]). -* Creates a new dashboard, Cloud Native Vulnerability Management, that provides an overview of vulnerabilities on your cloud hosts ({kib-pull}159699[#159699]). -* Allows you to group vulnerabilities by resource (host) on the Vulnerabilities Findings page, and creates a Resource flyout that displays detailed vulnerability findings for individual hosts ({kib-pull}159873[#159873], {kib-pull}158987[#158987]). -* Adds a new custom dashboard, "Detection rule monitoring" ({kib-pull}159875[#159875]). -* Allows you to anonymize event field values sent to AI Assistant ({kib-pull}159857[#159857]). -* Adds a *Chat* button that opens AI Assistant to the alert details flyout ({kib-pull}159633[#159633]). -* Updates AI Assistant to let you create and delete custom system prompts and default conversations ({kib-pull}159365[#159365]). -* Allows you to add alert tags ({kib-pull}157786[#157786]). -* Adds the ability to automatically isolate a host through a rule’s endpoint response action ({kib-pull}152424[#152424]). +* Allows you to install the Cloud Security Posture Management (CSPM) integration via CloudFormation ({kibana-pull}159994[#159994]). +* Creates a new dashboard, Cloud Native Vulnerability Management, that provides an overview of vulnerabilities on your cloud hosts ({kibana-pull}159699[#159699]). +* Allows you to group vulnerabilities by resource (host) on the Vulnerabilities Findings page, and creates a Resource flyout that displays detailed vulnerability findings for individual hosts ({kibana-pull}159873[#159873], {kibana-pull}158987[#158987]). +* Adds a new custom dashboard, "Detection rule monitoring" ({kibana-pull}159875[#159875]). +* Allows you to anonymize event field values sent to AI Assistant ({kibana-pull}159857[#159857]). +* Adds a *Chat* button that opens AI Assistant to the alert details flyout ({kibana-pull}159633[#159633]). +* Updates AI Assistant to let you create and delete custom system prompts and default conversations ({kibana-pull}159365[#159365]). +* Allows you to add alert tags ({kibana-pull}157786[#157786]). +* Adds the ability to automatically isolate a host through a rule’s endpoint response action ({kibana-pull}152424[#152424]). * Moves response actions to General Availability. -* Adds a new response action that allows you to upload files to an endpoint that has {elastic-endpoint} installed ({kib-pull}157208[#157208]). +* Adds a new response action that allows you to upload files to an endpoint that has {elastic-endpoint} installed ({kibana-pull}157208[#157208]). * Makes the Lateral Movement Detection advanced analytics package General Availability, and adds the ability to detect malicious activities in Windows RDP events (https://github.com/elastic/integrations/pull/6588[#6588]). [discrete] [[enhancements-8.9.0]] ==== Enhancements -* Makes it easier to set up exceptions by auto-populating exception conditions and values with relevant alert data ({kib-pull}159075[#159075]). -* Adds a *Last response* dropdown menu to the Rules table that allows you to filter rules by the status of their last execution ("Succeeded", "Warning", or "Failed") ({kib-pull}159865[#159865]). -* Creates a Lens dashboard for monitoring the use of tokens by AI Assistant ({kib-pull}159075[#159075]). -* Creates a connector for D3 Security ({kib-pull}158569[#158569]). -* Improves the interface for installing and upgrading Elastic prebuilt rules ({kib-pull}158450[#158450]). -* Shows a rule's actions on its details page ({kib-pull}158189[#158189]). -* Allows you to add Lens visualizations to cases from the visualization's *More actions* menu ({kib-pull}154918[#154918]). -* Adds a tooltip to snoozed rules that shows exactly when alerting will resume ({kib-pull}157407[#157407]). +* Makes it easier to set up exceptions by auto-populating exception conditions and values with relevant alert data ({kibana-pull}159075[#159075]). +* Adds a *Last response* dropdown menu to the Rules table that allows you to filter rules by the status of their last execution ("Succeeded", "Warning", or "Failed") ({kibana-pull}159865[#159865]). +* Creates a Lens dashboard for monitoring the use of tokens by AI Assistant ({kibana-pull}159075[#159075]). +* Creates a connector for D3 Security ({kibana-pull}158569[#158569]). +* Improves the interface for installing and upgrading Elastic prebuilt rules ({kibana-pull}158450[#158450]). +* Shows a rule's actions on its details page ({kibana-pull}158189[#158189]). +* Allows you to add Lens visualizations to cases from the visualization's *More actions* menu ({kibana-pull}154918[#154918]). +* Adds a tooltip to snoozed rules that shows exactly when alerting will resume ({kibana-pull}157407[#157407]). * Enhances the Data Exfiltration Detection package by adding the ability to detect exfiltration anomalies through USB devices and Airdrop (https://github.com/elastic/integrations/pull/6577[#6577]). [discrete] [[bug-fixes-8.9.0]] ==== Bug fixes -* Fixes a bug that caused Elastic prebuilt rules to be erroneously duplicated after you upgraded them ({kib-pull}161331[#161331]). -* Fixes a bug that prevented rule exceptions from being auto-populated when you created a new exception from an alert's **Take action** menu ({kib-pull}159908[#159908]). +* Fixes a bug that caused Elastic prebuilt rules to be erroneously duplicated after you upgraded them ({kibana-pull}161331[#161331]). +* Fixes a bug that prevented rule exceptions from being auto-populated when you created a new exception from an alert's **Take action** menu ({kibana-pull}159908[#159908]). * Fixes a UI bug that overlaid **Default Risk score** values as you created a new rule. -* Fixes a bug that restricted the number of cloud accounts that could appear on the Cloud Security Posture dashboard to 10 ({kib-pull}157233[#157233]). -* Fixes a bug that allowed you to save a rule with an alert filter missing a query ({kib-pull}159690[#159690]). -* Fixes unexpected filtering behavior on the Alerts page. Now, when you select a filter that excludes all alerts, an empty table now appears as expected ({kib-pull}160374[#160374]). -* Fixes a UI bug where the **Label** field in the Investigation Guide form incorrectly turns red when the entered value is correct ({kib-pull}160574[#160574], {kib-pull}160577[#160577]). -* Fixes a bug that caused rules to snooze longer than specified ({kib-pull}152873[#152873]). +* Fixes a bug that restricted the number of cloud accounts that could appear on the Cloud Security Posture dashboard to 10 ({kibana-pull}157233[#157233]). +* Fixes a bug that allowed you to save a rule with an alert filter missing a query ({kibana-pull}159690[#159690]). +* Fixes unexpected filtering behavior on the Alerts page. Now, when you select a filter that excludes all alerts, an empty table now appears as expected ({kibana-pull}160374[#160374]). +* Fixes a UI bug where the **Label** field in the Investigation Guide form incorrectly turns red when the entered value is correct ({kibana-pull}160574[#160574], {kibana-pull}160577[#160577]). +* Fixes a bug that caused rules to snooze longer than specified ({kibana-pull}152873[#152873]).