Create a one-stop Security Solution Upgrade Guide from 7.17 to 8.X

[MikePaquette]

Description

A security solution-focused guide to provide a single place for organizations to look to get all of the upgrade changes in one place; so they wouldn't need to find & analyze the applicability of Elasticsearch, Kibana, Agent, Fleet, schemas, etc. changes.

In essence - "hey, you use the Security Solution, here's what you need to know."

Pain points to overcome

Upgrades to 8.X can be problematic. Customers report that they cannot find a single place to tell them all the things they need to do in preparation for upgrading to 8.X. They have to search:

• Upgrade assistant in Kibana
• Elasticsearch breaking changes and release notes
• Kibana breaking changes and release notes
• Security solution breaking changes and 8.X upgrade guide

They've requested one doc/place/resource/support expert/knowledge base, to help them plan and get through it.
Particular pain points:

• Rules being disabled after upgrade - must not miss this
• Alert schema being changed - must ensure that all SOAR workflows are updated accordingly

Acceptance Test Criteria

Users consulting and following this new upgrade guide will:

• not delay the upgrade to 8.x unnecessarily
• have a high-probability of a problem free upgrade from 7.17 to 8.x.

Notes on why this is important

The goal is to ensure users are running on recent SW versions

• How it Helps: Users still on older versions are not receiving value from all the new product capabilities and workflows added in the last 18 months
• Actions: Encourage and support upgrades from 7.x to 8.x

cc: @nastasha-solomon @jmikell821

[MikePaquette]

in Elastic Cloud ESS the following message is being displayed for V7.17, which may prompt users to upgrade to 8.x.

[MikePaquette]

As a data point, here's what ChatGPT says:

Q: what do I need to know to upgrade Elasticsearch from 7.17 to 8.0

ChatGPT:
Upgrading Elasticsearch from version 7.17 to 8.0 requires careful planning and execution to ensure a smooth transition. Here are some things you should keep in mind:

Check the compatibility matrix: Before upgrading Elasticsearch, it's important to check the compatibility matrix to ensure that all the components of your Elasticsearch stack, including plugins and clients, are compatible with version 8.0. You should also check the upgrade path from your current version to 8.0 to ensure that there are no intermediate upgrades required.

Review the breaking changes: Elasticsearch 8.0 comes with a number of breaking changes that may impact your application. Review the breaking changes documentation to understand what changes you need to make to your application, mappings, queries, and other components.

Test the upgrade in a non-production environment: Before upgrading Elasticsearch in production, it's important to test the upgrade in a non-production environment. This will help you identify any issues or incompatibilities that may arise during the upgrade process.

Plan for downtime: Upgrading Elasticsearch requires some downtime. Plan for the downtime and communicate the upgrade plan to your team and users.

Backup your data: It's important to back up your data before upgrading Elasticsearch. This will ensure that you have a copy of your data in case anything goes wrong during the upgrade process.

Follow the upgrade guide: Elasticsearch provides an upgrade guide that outlines the steps to upgrade from version 7.17 to 8.0. Follow the guide carefully to ensure a successful upgrade.

Monitor the upgrade process: During the upgrade process, monitor Elasticsearch logs, metrics, and health checks to ensure that everything is running smoothly.

By following these steps, you can upgrade Elasticsearch from version 7.17 to 8.0 with minimal disruption to your application.

[MikePaquette]

@nastasha-solomon @jmikell821 I've got a running 7.17.9 cluster you could use as a test case if it would help. Please feel free to contact me for credentials.