diff --git a/docs/release-notes.asciidoc b/docs/release-notes.asciidoc index ff0f54a21f..18440f3476 100644 --- a/docs/release-notes.asciidoc +++ b/docs/release-notes.asciidoc @@ -3,6 +3,7 @@ This section summarizes the changes in each release. +* <> * <> * <> * <> @@ -87,6 +88,7 @@ This section summarizes the changes in each release. * <> * <> +include::release-notes/8.19.asciidoc[] include::release-notes/8.18.asciidoc[] include::release-notes/8.17.asciidoc[] include::release-notes/8.16.asciidoc[] diff --git a/docs/release-notes/8.19.asciidoc b/docs/release-notes/8.19.asciidoc new file mode 100644 index 0000000000..078fdbe6ed --- /dev/null +++ b/docs/release-notes/8.19.asciidoc @@ -0,0 +1,94 @@ +[[release-notes-header-8.19.0]] +== 8.19 + +[discrete] +[[release-notes-8.19.0]] +=== 8.19.0 + +[discrete] +[[deprecations-8.19.0]] +==== Deprecations +* Removes default quick prompts from the Security AI Assistant ({kibana-pull}225536[#225536]). + + +[discrete] +[[features-8.19.0]] +==== New features +* Adds an option to update the `kibana.alert.workflow_status` field for alerts associated with attack discoveries ({kibana-pull}225029[#225029]). +* The rule execution gaps functionality is now generally available ({kibana-pull}224657[#224657]). +* Adds the ability to bulk fill gaps ({kibana-pull}224585[#224585]). +* Automatic migration is now generally available ({kibana-pull}224544[#224544]). +* Adds a name field to the automatic migration UI ({kibana-pull}223860[#223860]). +* Adds the ability to bulk set up and delete alert suppression ({kibana-pull}223090[#223090]). +* Adds a human-readable incremental ID to cases, making referencing cases easier ({kibana-pull}222874[#222874]). +* Adds the ability to change rule migration execution settings when re-processing a migration ({kibana-pull}222542[#222542]). +* Adds `runscript` response action support for Microsoft Defender for Endpoint–enrolled hosts ({kibana-pull}222377[#222377]). +* Updates automatic migration API schema ({kibana-pull}219597[#219597]). +* Adds automatic saving of attack discoveries, with search and filter capabilities ({kibana-pull}218906[#218906]). +* Adds the ability to edit highlighted fields in the alert details flyout ({kibana-pull}216740[#216740]). +* Adds the XSOAR connector ({kibana-pull}212049[#212049]). +* Adds a custom script selector for choosing scripts to execute when using the `runscript` response action ({kibana-pull}204965[#204965]). + +[discrete] +[[enhancements-8.19.0]] +==== Enhancements +* Updates {elastic-sec} Labs Knowledge Base content ({kibana-pull}227125[#227125]). +* Displays which fields are customized for prebuilt rules ({kibana-pull}225939[#225939]). +* Bumps default Gemini model ({kibana-pull}225917[#225917]). +* Groups vulnerabilities by resource and cloud account using IDs instead of names ({kibana-pull}225492[#225492]). +* Adds prompt tiles to the Security AI Assistant ({kibana-pull}224981[#224981]). +* Adds support for collapsible sections in integrations READMEs ({kibana-pull}223916[#223916]). +* Adds advanced policy settings in {elastic-defend} to enable collection of file origin information for File, Process, and DLL (ImageLoad) events ({kibana-pull}222030[#222030], {kibana-pull}223882[#223882]). +* Adds the `ecs@mappings` component to the transform destination index template ({kibana-pull}223878[#223878]). +* Adds the ability to revert prebuilt rules to their base version ({kibana-pull}223301[#223301]). +* Adds an {elastic-defend} advanced policy setting that allows you to enable or disable the Microsoft-Windows-Security-Auditing ETW provider for security events collection ({kibana-pull}222197[#222197]). +* Updates the highlighted fields button styling in the alert details flyout ({kibana-pull}221862[#221862]). +* Expands CVE ID search to all search parameters, not just names ({kibana-pull}221099[#221099]). +* Improves alert searching and filtering by including additional ECS data stream fields ({kibana-pull}220447[#220447]). +* Updates default model IDs for {bedrock} and OpenAI connectors ({kibana-pull}220146[#220146]). +* Adds support for PKI (certificate-based) authentication for the OpenAI **Other** connector providers ({kibana-pull}219984[#219984]). +* Adds pinning and settings to the **Table** tab in the alert and event details flyouts ({kibana-pull}218686[#218686]). +* Adds the Security AI prompts integration ({kibana-pull}216106[#216106]). +* Adds support for grouping multi-value fields in Cloud Security ({kibana-pull}215913[#215913]). +* Limits unassigned notes to a maximum of 100 per document instead of globally ({kibana-pull}214922[#214922]). +* Updates the Detection rule monitoring dashboard to include rule gaps histogram ({kibana-pull}214694[#214694]). +* Adds support for the `MV_EXPAND` command for the {esql} rule type ({kibana-pull}212675[#212675]). +* Updates the data view selector in Timelines ({kibana-pull}210585[#210585]). +* Enables `isolate` and `release` response actions from the event details flyout ({kibana-pull}206857[#206857]). +* Standardizes action triggers in alerts KPI visualizations ({kibana-pull}206340[#206340]). +* Adds {elastic-defend} process event monitoring for `ptrace` and `memfd` activity on Linux (kernel 5.10+) using eBPF. +* Reduces {elastic-defend} CPU usage for ETW events, API events, and behavioral protections. In some cases, this may be a significant reduction. +* {elastic-defend}: Changes the security events source from the Event Log provider to Event Tracing for Windows (Microsoft-Windows-Security Auditing) provider and enriches the events with additional data. +* Reduces {elastic-defend} CPU and memory usage for behavioral protections. +* Improves the resilience of {elastic-defend} in low memory situations. +* Reduces {elastic-defend} CPU usage and improves system responsiveness for malware and memory protections. +* Reduces {elastic-defend} CPU when processing events from the System process, such as IIS network events. +* Improves {elastic-defend} logging of fatal exceptions. +* Improves {elastic-defend} call site analysis logic. + +[discrete] +[[bug-fixes-8.19.0]] +==== Fixes +* Fixes a bug where Timelines and investigations did not consistently use the default Security data view ({kibana-pull}226314[#226314]). +* Fixes a bug where opening an alert deeplink didn't correctly load filters on the **Alerts** page ({kibana-pull}225650[#225650]). +* Updates entity links to open in a flyout instead of leaving the current page ({kibana-pull}225381[#225381]). +* Adds a title to the rule gap histogram in the Detection rule monitoring dashboard ({kibana-pull}225274[#225274]). +* Fixes a bug where pressing Escape with an alert details flyout open from a Timeline closed the Timeline instead of the flyout ({kibana-pull}224352[#224352]). +* Fixes a bug where comma-separated `process.args` values didn't wrap properly in the alert details flyout's **Overview** tab ({kibana-pull}223544[#223544]). +* Fixes a bug where cell actions didn't work when opening a Timeline from specific rule types ({kibana-pull}223305[#223305]). +* Fixes wrapping for threat indicator match event renderer ({kibana-pull}223164[#223164]). +* Fixes a z-index issue in the {esql} query editor within Timeline ({kibana-pull}222841[#222841]). +* Fixes incorrect content displaying after tab switching in the integrations section on the **Get started** page. +({kibana-pull}222271[#222271]). +* Fixes the exception flyout to show the correct "Edit rule exception" title and button label when editing an exception item ({kibana-pull}222248[#222248]). +* Retrieves active integrations from the installed integrations API ({kibana-pull}218988[#218988]). +* Updates tooltips in the gap fills table ({kibana-pull}218926[#218926]). +* Fixes AI Assistant prompt updates so UI changes reflect only successful updates ({kibana-pull}217058[#217058]). +* Fixes error callout placement on the **Engine Status** tab of the **Entity Store** page ({kibana-pull}216228[#216228]). +* Generalizes and consolidates custom {fleet} onboarding logic ({kibana-pull}215561[#215561]). +* Fixes an alert grouping re-render issue that caused infinite rendering loops when selecting a group ({kibana-pull}215086[#215086]). +* Fixes a bug in the alert details flyout's **Table** tab where fields displayed duplicate hover actions ({kibana-pull}212316[#212316]). +* Refactors conversation pagination for the Security AI Assistant ({kibana-pull}211831[#211831]). +* Fixes the {elastic-defend} artifact `channel` field and adds `manifest_type` in {elastic-defend} policy responses. +* Fixes a bug in {elastic-defend} where Linux network events would have source and destination byte counts swapped. +* Fixes a memory growth bug in {elastic-defend} on Linux when both **Collect session data** and **Capture terminal output** are enabled.