[Security] 9.2.0 release notes #3451
Open
+111
−1
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
🔍 Preview links for changed docs |
benironside
reviewed
Oct 13, 2025
| * Adds the Security Entity Analytics risk score reset feature [#237829]({{kib-pull}}237829). | ||
| * Introduces a Security risk scoring AI Assistant tool [#233647]({{kib-pull}}233647). | ||
| * Uses {{esql}} for calculating entity risk scores [#237871]({{kib-pull}}237871). | ||
| * Updates the entity source saved object schema to support integrations sync markers and index [#236457]({{kib-pull}}236457). |
There was a problem hiding this comment.
Suggested change
| * Updates the entity source saved object schema to support integrations sync markers and index [#236457]({{kib-pull}}236457). | |
| * Updates the entity source saved object schema to support integrations sync markers [#236457]({{kib-pull}}236457). |
Looked at the ticket and I think the index thing looks like an implementation detail.
| * Implements minor UI changes on **Privileged user monitoring** dashboard page [#231921]({{kib-pull}}231921). | ||
| * Populates the `entity.attributes.Privileged` field in the entity store for users [#237038]({{kib-pull}}237038). | ||
| * Adds public APIs for attack discovery and attack discovery schedules [#236736]({{kib-pull}}236736). | ||
| * Introduces total execution time for automatic migrations [#236147]({{kib-pull}}236147). |
There was a problem hiding this comment.
Suggested change
| * Introduces total execution time for automatic migrations [#236147]({{kib-pull}}236147). | |
| * Displays total execution time for automatic migrations [#236147]({{kib-pull}}236147). |
| * Populates the `entity.attributes.Privileged` field in the entity store for users [#237038]({{kib-pull}}237038). | ||
| * Adds public APIs for attack discovery and attack discovery schedules [#236736]({{kib-pull}}236736). | ||
| * Introduces total execution time for automatic migrations [#236147]({{kib-pull}}236147). | ||
| * Adds the **Update missing index pattern** functionality to the automatic migrations **Translated rules** page [#233258]({{kib-pull}}233258). |
There was a problem hiding this comment.
Suggested change
| * Adds the **Update missing index pattern** functionality to the automatic migrations **Translated rules** page [#233258]({{kib-pull}}233258). | |
| * Adds **Update missing index pattern** option to the automatic migration **Translated rules** page [#233258]({{kib-pull}}233258). |
| * Adds public APIs for attack discovery and attack discovery schedules [#236736]({{kib-pull}}236736). | ||
| * Introduces total execution time for automatic migrations [#236147]({{kib-pull}}236147). | ||
| * Adds the **Update missing index pattern** functionality to the automatic migrations **Translated rules** page [#233258]({{kib-pull}}233258). | ||
| * Introduces new API endpoints for dashboard automatic migration [#229112]({{kib-pull}}229112). |
There was a problem hiding this comment.
Suggested change
| * Introduces new API endpoints for dashboard automatic migration [#229112]({{kib-pull}}229112). | |
| * Introduces new API endpoints for automatic migration of dashboards [#229112]({{kib-pull}}229112). |
| * Introduces total execution time for automatic migrations [#236147]({{kib-pull}}236147). | ||
| * Adds the **Update missing index pattern** functionality to the automatic migrations **Translated rules** page [#233258]({{kib-pull}}233258). | ||
| * Introduces new API endpoints for dashboard automatic migration [#229112]({{kib-pull}}229112). | ||
| * Adds support for creating new cloud connectors and reusing cloud connector between integrations. Supported integrations: CSPM and Asset Inventory [#235442]({{kib-pull}}235442). |
There was a problem hiding this comment.
Suggested change
| * Adds support for creating new cloud connectors and reusing cloud connector between integrations. Supported integrations: CSPM and Asset Inventory [#235442]({{kib-pull}}235442). | |
| * Adds a new deployment method, "cloud connector", for the CSPM and Asset Discovery integrations [#235442]({{kib-pull}}235442). |
| * Adds two new {{elastic-defend}} advanced policy settings that allow you to opt out of collecting ransomware diagnostics on macOS [#235193]({{kib-pull}}235193). | ||
| * Adds an {{elastic-defend}} option to remediate orphaned state by attempting to start {{agent}} service. | ||
| * Updates the `endpoint-package` submodule. | ||
| * Adds more {{elastic-defend}} options to the {{ls}} output, allowing for finer control by the end user. |
There was a problem hiding this comment.
Suggested change
| * Adds more {{elastic-defend}} options to the {{ls}} output, allowing for finer control by the end user. | |
| * Adds more {{elastic-defend}} options to the {{ls}} output, allowing for finer control. |
| * Adds an {{elastic-defend}} option to remediate orphaned state by attempting to start {{agent}} service. | ||
| * Updates the `endpoint-package` submodule. | ||
| * Adds more {{elastic-defend}} options to the {{ls}} output, allowing for finer control by the end user. | ||
| * Increases the throughput of {{elastic-defend}} {{ls}} connections by increasing the maximum size it can upload at once. |
There was a problem hiding this comment.
Suggested change
| * Increases the throughput of {{elastic-defend}} {{ls}} connections by increasing the maximum size it can upload at once. | |
| * Increases the throughput of {{elastic-defend}}'s {{ls}} connections by increasing the maximum size it can upload at once. |
| * Ensures that privileged user `@timestamp` and `event.ingested` fields are updated when a privileged user is updated [#233735]({{kib-pull}}233735). | ||
| * Fixes a bug in privileged user monitoring index synchronization where stale users weren't removed after index pattern changes [#229789]({{kib-pull}}229789). | ||
| * Updates the privileged user monitoring UI to replace hard-coded CSS values with the EUI theme [#225307]({{kib-pull}}225307). | ||
| * Fixes incorrect threat enrichment for partially matched `AND` condition in indicator match rules [#230773]({{kib-pull}}230773). |
There was a problem hiding this comment.
Suggested change
| * Fixes incorrect threat enrichment for partially matched `AND` condition in indicator match rules [#230773]({{kib-pull}}230773). | |
| * Fixes incorrect threat enrichment for partially matched `AND` conditions in indicator match rules [#230773]({{kib-pull}}230773). |
| * Simplifies the Cloud Security Posture Misconfigurations data view by removing redundancy in the index pattern definition [#227995]({{kib-pull}}227995). | ||
| * Fixes an {{elastic-defend}} issue on Linux by preventing unnecessary locking within Malware Protections to avoid invalid watchdog firings. | ||
| * Fixes issues that could sometimes cause crashes of the {{elastic-defend}} user-mode process on very busy Windows systems. | ||
| * Addresses CVE-2025-##### in {{elastic-defend}} on Windows, which could allow a low-privilege attacker to delete arbitrary files on the system. On Windows versions before 25H2, this could result in local privilege escalation. |
There was a problem hiding this comment.
Not sure how to track down further info on this issue without a PR#, but the CVE number seems to be redacted, not sure if that's on purpose, but it seems strange to mention the CVE but not specify its number
| * Fixes an issue in {{elastic-defend}} installation logging where only the first character of install paths (usually 'C') was logged. | ||
| * Prevents {{elastic-endpoint}} from stopping system-critical processes or threads. | ||
| * Fixes an issue to improve reliability of health status reporting between {{elastic-endpoint}} and {{agent}}. | ||
| * Fixes a race condition in {{elastic-defend}} that occasionally resulted in corrupted process command lines on Windows. This could cause incorrect values for `process.command_line`, `process.args_count` and `process.args`, leading to false positives. |
There was a problem hiding this comment.
Suggested change
| * Fixes a race condition in {{elastic-defend}} that occasionally resulted in corrupted process command lines on Windows. This could cause incorrect values for `process.command_line`, `process.args_count` and `process.args`, leading to false positives. | |
| * Fixes a race condition in {{elastic-defend}} that occasionally resulted in corrupted process command lines on Windows. This could cause incorrect values for `process.command_line`, `process.args_count`, and `process.args`, leading to false positives. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Resolves #3390: adds the 9.2.0 Security and Endpoint release notes.
Previews: