elastic · natasha-moore-elastic · Apr 2, 2024 · Mar 22, 2024 · Mar 22, 2024 · Mar 22, 2024
@@ -52,11 +52,6 @@ This section summarizes the changes in each release.
 * <<release-notes-8.0.0, {elastic-sec} version 8.0.0>>
 * <<release-notes-8.0.0-rc2, {elastic-sec} version 8.0.0-rc2>>
 
-// Use these for links to issue and pulls. Note issues and pulls redirect one to
-// each other on Github, so don't worry too much on using the right prefix.
-:issue: https://github.com/elastic/kibana/issues/
-:pull: https://github.com/elastic/kibana/pull/
-
 include::release-notes/8.13.asciidoc[]
 include::release-notes/8.12.asciidoc[]
 include::release-notes/8.11.asciidoc[]

@@ -14,14 +14,14 @@
 [discrete]
 [[bug-fixes-8.0.1]]
 ==== Bug fixes and enhancements
-* Fixes a bug that prevented the `kibana.alert.uuid` field from being populated in event correlation sequence shell alerts ({pull}125890[#125890]).
-* Applies updated field aliases to mappings in legacy indices ({pull}125888[#125888]).
-* Updates prebuilt detection rules ({pull}125316[#125316]).
-* Truncates long rule exception descriptions when viewing exception items in rule details ({pull}125145[#125145]).
-* Fixes a bug that caused the import process to fail if an exception list contained an exception item with comments ({pull}124909[#124909]).
-* Fixes a bug that duplicated the navigation button in the *Security news* section on the Overview page ({pull}124356[#124356]).
-* Fixes a bug that caused Timeline to appear if users had access to cases, but not {elastic-sec} ({pull}123775[#123775]).
-* Enforces privilege requirements for displaying the map on the *Network* page and allows users with `Read` or `All` Map feature privileges to expand or hide the map ({pull}123336[#123336]).
+* Fixes a bug that prevented the `kibana.alert.uuid` field from being populated in event correlation sequence shell alerts ({kibana-pull}125890[#125890]).
+* Applies updated field aliases to mappings in legacy indices ({kibana-pull}125888[#125888]).
+* Updates prebuilt detection rules ({kibana-pull}125316[#125316]).
+* Truncates long rule exception descriptions when viewing exception items in rule details ({kibana-pull}125145[#125145]).
+* Fixes a bug that caused the import process to fail if an exception list contained an exception item with comments ({kibana-pull}124909[#124909]).
+* Fixes a bug that duplicated the navigation button in the *Security news* section on the Overview page ({kibana-pull}124356[#124356]).
+* Fixes a bug that caused Timeline to appear if users had access to cases, but not {elastic-sec} ({kibana-pull}123775[#123775]).
+* Enforces privilege requirements for displaying the map on the *Network* page and allows users with `Read` or `All` Map feature privileges to expand or hide the map ({kibana-pull}123336[#123336]).
 
 [discrete]
 [[release-notes-8.0.0]]
@@ -37,7 +37,7 @@ Before you upgrade, review the <<breaking-changes-8.0.0, breaking changes>> for
 ==== Known issues
 *Case migration errors might be logged when upgrading*
 
-You might find the `Failed to migrate user action alerts` error message in your {kib} migration logs when upgrading to {stack} version 8.0.0. This error is incorrectly logged when migrating cases and can be ignored ({pull}124950[#124950]).
+You might find the `Failed to migrate user action alerts` error message in your {kib} migration logs when upgrading to {stack} version 8.0.0. This error is incorrectly logged when migrating cases and can be ignored ({kibana-pull}124950[#124950]).
 
 Here is an example of an error message you might encounter:
 
@@ -48,11 +48,11 @@ Here is an example of an error message you might encounter:
 
 *Existing or new rules that use the legacy alerts index may temporarily fail after upgrading*
 
-After you upgrade to {stack} version 8.0.0, existing and new rules might fail to execute  if their source index is configured to use a legacy alert index pattern created in {stack} version 7.x (`.siem-signals-<space-id>`). Rule failures will likely cause detection gaps, which will be proportional in time to the scheduled interval of the rule. Rules will start to successfully execute after legacy alerts are no longer within the scheduled time period queried by the rule. Despite this automatic correction, coverage gaps might still remain ({pull}124327[#124327]).
+After you upgrade to {stack} version 8.0.0, existing and new rules might fail to execute  if their source index is configured to use a legacy alert index pattern created in {stack} version 7.x (`.siem-signals-<space-id>`). Rule failures will likely cause detection gaps, which will be proportional in time to the scheduled interval of the rule. Rules will start to successfully execute after legacy alerts are no longer within the scheduled time period queried by the rule. Despite this automatic correction, coverage gaps might still remain ({kibana-pull}124327[#124327]).
 
 *The Threat Intel Filebeat Module (v8.x) Indicator Match rule query is misconfigured*
 
-The indicator index query of the prebuilt rule is misconfigured and will prevent the rule from generating alerts ({pull}121045[#121045], {pull}1560[#1560]). To resolve this, duplicate the rule and update its settings:
+The indicator index query of the prebuilt rule is misconfigured and will prevent the rule from generating alerts ({kibana-pull}121045[#121045], {kibana-pull}1560[#1560]). To resolve this, duplicate the rule and update its settings:
 
 . Go to the Rules table (*Detect -> Rules*).
 . Locate the Threat Intel Filebeat Module (v8.x) Indicator Match prebuilt rule.
@@ -75,7 +75,7 @@ TIP: You can search for the rule by entering the rule name in the Rule table's s
 
 *The import process fails for rules with exception comments*
 
-Comments on rule exceptions cause the import process to fail because the following system-generated fields cannot be validated for exception comments ({pull}124742[#124742]):
+Comments on rule exceptions cause the import process to fail because the following system-generated fields cannot be validated for exception comments ({kibana-pull}124742[#124742]):
 
  * `created_at`
  * `created_by`
@@ -103,9 +103,9 @@ A new Lucene 9 validation change may cause event correlation (EQL) rule errors w
 [[breaking-changes-8.0.0]]
 ==== Breaking Changes
 
-* Removes the trusted application API. The trusted application interface retains current functionality, but now uses the exception list API ({pull}120134[#120134]).
-* Removes the list endpoint metadata API ({pull}119401[#119401]).
-* Lets you grant privileges for cases separately from {elastic-sec} privileges ({pull}113573[#113573], {pull}112980[#112980]). As a result of this change, you must update case privileges for existing roles _before_ upgrading to {stack} 8.0.0. Follow these steps:
+* Removes the trusted application API. The trusted application interface retains current functionality, but now uses the exception list API ({kibana-pull}120134[#120134]).
+* Removes the list endpoint metadata API ({kibana-pull}119401[#119401]).
+* Lets you grant privileges for cases separately from {elastic-sec} privileges ({kibana-pull}113573[#113573], {kibana-pull}112980[#112980]). As a result of this change, you must update case privileges for existing roles _before_ upgrading to {stack} 8.0.0. Follow these steps:
 . Open the main menu and click *Management -> Stack Management -> Stack -> Upgrade Assistant*.
 . From the Upgrade Assistant page, review the Kibana deprecation warnings. A message prompts you to update role privileges because of changes to the {elastic-sec} Cases feature.
 . Click the message to open it, then click *Quick resolve*.
@@ -119,31 +119,31 @@ A new Lucene 9 validation change may cause event correlation (EQL) rule errors w
 [discrete]
 [[new-features-8.0.0]]
 ==== Features
-* Shows all historical alerts for a given rule on the rule details page, including those associated with previous versions of the rule ({pull}120053[#120053]).
-* Enhances the UI and functionality for the Rules and Rule Monitoring tables and enables actions on the Rule Monitoring table ({pull}119644[#119644]).
-* The Threat Intelligence view supports {agent}, {filebeat}, and custom integrations ({pull}116175[#116175]).
-* Allows exception lists to be exported and imported with detection rules ({pull}115144[#115144], {pull}118816[#118816]).
+* Shows all historical alerts for a given rule on the rule details page, including those associated with previous versions of the rule ({kibana-pull}120053[#120053]).
+* Enhances the UI and functionality for the Rules and Rule Monitoring tables and enables actions on the Rule Monitoring table ({kibana-pull}119644[#119644]).
+* The Threat Intelligence view supports {agent}, {filebeat}, and custom integrations ({kibana-pull}116175[#116175]).
+* Allows exception lists to be exported and imported with detection rules ({kibana-pull}115144[#115144], {kibana-pull}118816[#118816]).
 
 [discrete]
 [[bug-fixes-8.0.0]]
 ==== Bug fixes and enhancements
-* Enhances the UI for the Exceptions table; improves how dates are displayed in the Rules and Exceptions tables ({pull}117643[#117643], {pull}118940[#118940]).
-* Updates the mappings of the rule registry to ECS version 8.0.0 so that detection rules can process ECS version 8.0.0 data ({pull}123012[#123012]).
-* Allows you to create and add runtime fields from the Alert and Timeline tables ({pull}117627[#117627], {pull}114806[#114806]).
-* Enhances the Data view selection UI and hides the Data view dropdown when no data is present ({pull}117601[#117601], {pull}119956[#119956]).
-* Enhances previews and error flagging during rule creation ({pull}116374[#116374]).
-* Updates rule actions to use `kibana.alert.*` fields instead of `signals.*` fields ({pull}116491[#116491]).
-* Changes the insufficient permissions message type from an error to a warning ({pull}123777[#123777]).
-* Fixes typos in the success messages that appear after you close Timelines or Timeline templates ({pull}123258[#123258]).
-* Updates the Exceptions table header and Export button ({pull}122870[#122870]).
-* Fixes a bug that could break a rule’s details page after you edited, activated, or deactivated the rule ({pull}122024[#122024]).
-* Fixes an overlap between the rule query text field and Timeline banner ({pull}121967[#121967], {pull}121127[#121127]).
-* Adds support for the `threat.feed.name` field in the alert details flyout and Timeline view ({pull}120250[#120250]).
-* Adds the default threat indicator path (`threat_indicator_path`) to indicator match rules where it was missing ({pull}118962[#118962]).
-* Adds a default value for the threat indicator path that indicator match rules use when creating indicator match rules from the {security-app} UI or the create rule API ({pull}118821[#118821]).
-* Enhances the Endpoint details flyout UI ({pull}117987[#117987]).
-* Fixes a bug that prevented you from clearing a connector’s `Additional comments` field ({pull}117901[#117901]).
-* Allows you to modify the default threat indicator path for the Threat Intel Filebeat Module (v7.x) Indicator Match prebuilt rule ({pull}116583[#116583]).
+* Enhances the UI for the Exceptions table; improves how dates are displayed in the Rules and Exceptions tables ({kibana-pull}117643[#117643], {kibana-pull}118940[#118940]).
+* Updates the mappings of the rule registry to ECS version 8.0.0 so that detection rules can process ECS version 8.0.0 data ({kibana-pull}123012[#123012]).
+* Allows you to create and add runtime fields from the Alert and Timeline tables ({kibana-pull}117627[#117627], {kibana-pull}114806[#114806]).
+* Enhances the Data view selection UI and hides the Data view dropdown when no data is present ({kibana-pull}117601[#117601], {kibana-pull}119956[#119956]).
+* Enhances previews and error flagging during rule creation ({kibana-pull}116374[#116374]).
+* Updates rule actions to use `kibana.alert.*` fields instead of `signals.*` fields ({kibana-pull}116491[#116491]).
+* Changes the insufficient permissions message type from an error to a warning ({kibana-pull}123777[#123777]).
+* Fixes typos in the success messages that appear after you close Timelines or Timeline templates ({kibana-pull}123258[#123258]).
+* Updates the Exceptions table header and Export button ({kibana-pull}122870[#122870]).
+* Fixes a bug that could break a rule’s details page after you edited, activated, or deactivated the rule ({kibana-pull}122024[#122024]).
+* Fixes an overlap between the rule query text field and Timeline banner ({kibana-pull}121967[#121967], {kibana-pull}121127[#121127]).
+* Adds support for the `threat.feed.name` field in the alert details flyout and Timeline view ({kibana-pull}120250[#120250]).
+* Adds the default threat indicator path (`threat_indicator_path`) to indicator match rules where it was missing ({kibana-pull}118962[#118962]).
+* Adds a default value for the threat indicator path that indicator match rules use when creating indicator match rules from the {security-app} UI or the create rule API ({kibana-pull}118821[#118821]).
+* Enhances the Endpoint details flyout UI ({kibana-pull}117987[#117987]).
+* Fixes a bug that prevented you from clearing a connector’s `Additional comments` field ({kibana-pull}117901[#117901]).
+* Allows you to modify the default threat indicator path for the Threat Intel Filebeat Module (v7.x) Indicator Match prebuilt rule ({kibana-pull}116583[#116583]).
 
 [discrete]
 [[release-notes-8.0.0-rc2]]
@@ -155,7 +155,7 @@ A new Lucene 9 validation change may cause event correlation (EQL) rule errors w
 
 *The Data view option might not display in upgraded environments with legacy alerts*
 
-To make the *Data view* option appear, a user with elevated role privileges must visit the {security-app}, open a page that displays alert data (such as the Overview page), then refresh the page ({pull}121390[#121390]).
+To make the *Data view* option appear, a user with elevated role privileges must visit the {security-app}, open a page that displays alert data (such as the Overview page), then refresh the page ({kibana-pull}121390[#121390]).
 
 The role must have the following privileges:
 
@@ -175,7 +175,7 @@ NOTE: If new alerts are generated in an upgraded environment without legacy aler
 
 *Detection rules may not generate alerts after upgrading to {stack} 8.0.0*
 
-Rules are automatically disabled during the upgrade process and must be manually re-enabled after the process completes. Failure to do so could cause a gap in rule coverage ({pull}120906[#120906]).
+Rules are automatically disabled during the upgrade process and must be manually re-enabled after the process completes. Failure to do so could cause a gap in rule coverage ({kibana-pull}120906[#120906]).
 
 Before upgrading, use the <<rules-api-find, Find rules>> API to retrieve a list of enabled detection rules in your environment. You can reference this list when re-enabling rules after you upgrade.