-
Notifications
You must be signed in to change notification settings - Fork 202
[Security] 8.19.0 release notes #6925
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open
natasha-moore-elastic
wants to merge
7
commits into
8.19
Choose a base branch
from
rn-8.19.0
base: 8.19
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Changes from all commits
Commits
Show all changes
7 commits
Select commit
Hold shift + click to select a range
a5b4824
[Security] 8.19.0 release notes
natasha-moore-elastic fe6eecc
Adds Endpoint RNs
natasha-moore-elastic 4f305aa
Merge branch '8.19' into rn-8.19.0
natasha-moore-elastic dd3c849
minor fixes
natasha-moore-elastic 9bff678
Applies Endpoint feedback
natasha-moore-elastic f9ded24
fix variable formatting
natasha-moore-elastic 05873ef
Applies feedback
natasha-moore-elastic File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,94 @@ | ||
| [[release-notes-header-8.19.0]] | ||
| == 8.19 | ||
|
|
||
| [discrete] | ||
| [[release-notes-8.19.0]] | ||
| === 8.19.0 | ||
|
|
||
| [discrete] | ||
| [[deprecations-8.19.0]] | ||
| ==== Deprecations | ||
| * Removes default quick prompts from the Security AI Assistant ({kibana-pull}225536[#225536]). | ||
|
|
||
|
|
||
| [discrete] | ||
| [[features-8.19.0]] | ||
| ==== New features | ||
| * Adds an option to update the `kibana.alert.workflow_status` field for alerts associated with attack discoveries ({kibana-pull}225029[#225029]). | ||
| * The rule execution gaps functionality is now generally available ({kibana-pull}224657[#224657]). | ||
| * Adds the ability to bulk fill gaps ({kibana-pull}224585[#224585]). | ||
| * Automatic migration is now generally available ({kibana-pull}224544[#224544]). | ||
| * Adds a name field to the automatic migration UI ({kibana-pull}223860[#223860]). | ||
| * Adds the ability to bulk set up and delete alert suppression ({kibana-pull}223090[#223090]). | ||
| * Adds a human-readable incremental ID to cases, making referencing cases easier ({kibana-pull}222874[#222874]). | ||
| * Adds the ability to change rule migration execution settings when re-processing a migration ({kibana-pull}222542[#222542]). | ||
| * Adds `runscript` response action support for Microsoft Defender for Endpoint–enrolled hosts ({kibana-pull}222377[#222377]). | ||
| * Updates automatic migration API schema ({kibana-pull}219597[#219597]). | ||
| * Adds automatic saving of attack discoveries, with search and filter capabilities ({kibana-pull}218906[#218906]). | ||
| * Adds the ability to edit highlighted fields in the alert details flyout ({kibana-pull}216740[#216740]). | ||
| * Adds the XSOAR connector ({kibana-pull}212049[#212049]). | ||
| * Adds a custom script selector for choosing scripts to execute when using the `runscript` response action ({kibana-pull}204965[#204965]). | ||
|
|
||
| [discrete] | ||
| [[enhancements-8.19.0]] | ||
| ==== Enhancements | ||
| * Updates {elastic-sec} Labs Knowledge Base content ({kibana-pull}227125[#227125]). | ||
| * Displays which fields are customized for prebuilt rules ({kibana-pull}225939[#225939]). | ||
| * Bumps default Gemini model ({kibana-pull}225917[#225917]). | ||
| * Groups vulnerabilities by resource and cloud account using IDs instead of names ({kibana-pull}225492[#225492]). | ||
| * Adds prompt tiles to the Security AI Assistant ({kibana-pull}224981[#224981]). | ||
| * Adds support for collapsible sections in integrations READMEs ({kibana-pull}223916[#223916]). | ||
| * Adds advanced policy settings in {elastic-defend} to enable collection of file origin information for File, Process, and DLL (ImageLoad) events ({kibana-pull}222030[#222030], {kibana-pull}223882[#223882]). | ||
| * Adds the `ecs@mappings` component to the transform destination index template ({kibana-pull}223878[#223878]). | ||
| * Adds the ability to revert prebuilt rules to their base version ({kibana-pull}223301[#223301]). | ||
| * Adds an {elastic-defend} advanced policy setting that allows you to enable or disable the Microsoft-Windows-Security-Auditing ETW provider for security events collection ({kibana-pull}222197[#222197]). | ||
| * Updates the highlighted fields button styling in the alert details flyout ({kibana-pull}221862[#221862]). | ||
| * Expands CVE ID search to all search parameters, not just names ({kibana-pull}221099[#221099]). | ||
| * Improves alert searching and filtering by including additional ECS data stream fields ({kibana-pull}220447[#220447]). | ||
| * Updates default model IDs for {bedrock} and OpenAI connectors ({kibana-pull}220146[#220146]). | ||
| * Adds support for PKI (certificate-based) authentication for the OpenAI **Other** connector providers ({kibana-pull}219984[#219984]). | ||
| * Adds pinning and settings to the **Table** tab in the alert and event details flyouts ({kibana-pull}218686[#218686]). | ||
| * Adds the Security AI prompts integration ({kibana-pull}216106[#216106]). | ||
| * Adds support for grouping multi-value fields in Cloud Security ({kibana-pull}215913[#215913]). | ||
| * Limits unassigned notes to a maximum of 100 per document instead of globally ({kibana-pull}214922[#214922]). | ||
| * Updates the Detection rule monitoring dashboard to include rule gaps histogram ({kibana-pull}214694[#214694]). | ||
| * Adds support for the `MV_EXPAND` command for the {esql} rule type ({kibana-pull}212675[#212675]). | ||
| * Updates the data view selector in Timelines ({kibana-pull}210585[#210585]). | ||
| * Enables `isolate` and `release` response actions from the event details flyout ({kibana-pull}206857[#206857]). | ||
| * Standardizes action triggers in alerts KPI visualizations ({kibana-pull}206340[#206340]). | ||
| * Adds {elastic-defend} process event monitoring for `ptrace` and `memfd` activity on Linux (kernel 5.10+) using eBPF. | ||
| * Reduces {elastic-defend} CPU usage for ETW events, API events, and behavioral protections. In some cases, this may be a significant reduction. | ||
| * {elastic-defend}: Changes the security events source from the Event Log provider to Event Tracing for Windows (Microsoft-Windows-Security Auditing) provider and enriches the events with additional data. | ||
| * Reduces {elastic-defend} CPU and memory usage for behavioral protections. | ||
| * Improves the resilience of {elastic-defend} in low memory situations. | ||
| * Reduces {elastic-defend} CPU usage and improves system responsiveness for malware and memory protections. | ||
| * Reduces {elastic-defend} CPU when processing events from the System process, such as IIS network events. | ||
| * Improves {elastic-defend} logging of fatal exceptions. | ||
| * Improves {elastic-defend} call site analysis logic. | ||
|
|
||
| [discrete] | ||
| [[bug-fixes-8.19.0]] | ||
| ==== Fixes | ||
nikitaindik marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| * Fixes a bug where Timelines and investigations did not consistently use the default Security data view ({kibana-pull}226314[#226314]). | ||
| * Fixes a bug where opening an alert deeplink didn't correctly load filters on the **Alerts** page ({kibana-pull}225650[#225650]). | ||
| * Updates entity links to open in a flyout instead of leaving the current page ({kibana-pull}225381[#225381]). | ||
| * Adds a title to the rule gap histogram in the Detection rule monitoring dashboard ({kibana-pull}225274[#225274]). | ||
| * Fixes a bug where pressing Escape with an alert details flyout open from a Timeline closed the Timeline instead of the flyout ({kibana-pull}224352[#224352]). | ||
| * Fixes a bug where comma-separated `process.args` values didn't wrap properly in the alert details flyout's **Overview** tab ({kibana-pull}223544[#223544]). | ||
| * Fixes a bug where cell actions didn't work when opening a Timeline from specific rule types ({kibana-pull}223305[#223305]). | ||
| * Fixes wrapping for threat indicator match event renderer ({kibana-pull}223164[#223164]). | ||
| * Fixes a z-index issue in the {esql} query editor within Timeline ({kibana-pull}222841[#222841]). | ||
| * Fixes incorrect content displaying after tab switching in the integrations section on the **Get started** page. | ||
| ({kibana-pull}222271[#222271]). | ||
| * Fixes the exception flyout to show the correct "Edit rule exception" title and button label when editing an exception item ({kibana-pull}222248[#222248]). | ||
| * Retrieves active integrations from the installed integrations API ({kibana-pull}218988[#218988]). | ||
| * Updates tooltips in the gap fills table ({kibana-pull}218926[#218926]). | ||
| * Fixes AI Assistant prompt updates so UI changes reflect only successful updates ({kibana-pull}217058[#217058]). | ||
| * Fixes error callout placement on the **Engine Status** tab of the **Entity Store** page ({kibana-pull}216228[#216228]). | ||
| * Generalizes and consolidates custom {fleet} onboarding logic ({kibana-pull}215561[#215561]). | ||
| * Fixes an alert grouping re-render issue that caused infinite rendering loops when selecting a group ({kibana-pull}215086[#215086]). | ||
| * Fixes a bug in the alert details flyout's **Table** tab where fields displayed duplicate hover actions ({kibana-pull}212316[#212316]). | ||
| * Refactors conversation pagination for the Security AI Assistant ({kibana-pull}211831[#211831]). | ||
| * Fixes the {elastic-defend} artifact `channel` field and adds `manifest_type` in {elastic-defend} policy responses. | ||
natasha-moore-elastic marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| * Fixes a bug in {elastic-defend} where Linux network events would have source and destination byte counts swapped. | ||
| * Fixes a memory growth bug in {elastic-defend} on Linux when both **Collect session data** and **Capture terminal output** are enabled. | ||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.