What's new in 8.17 #6237
Description
Please add your features and enhancements for 8.17. Don't forget to include the related PR link!
Detections & Response
Rules Management
- N/A
Detection Engine
- Suppress alerts for EQL sequence rules (No docs PR yet) - Alert suppression now supports the EQL sequence rule type. You can use it to reduce the number of repeated or duplicate detection alerts generated from EQL sequence rules.
- LogsDB index mode with detection rules and alerts [8.17] Document impact of using logsDB for security users #6272 - The logsDB index mode allows you to store log data more efficiently. If you're considering using it, refer to to learn how it can impact your rules and alerts. This feature requires the .
Threat Hunting
Explore
- N/A
Investigations
- N/A
Entity Analytics
- Add features here
Generative AI
- Add features here
EDR Workflows/Asset Management
- Signature option available for macOS trusted applications conditions ([Nov 26] Signature option available for macOS Trusted Apps conditions #6183)
When adding a trusted application for macOS, you can now specify conditions based on the application's digital signer—previously only available on Windows.
Cloud Security
- Add features here
Endpoint
- Add features here
Protections Experience
- Add features here
ResponseOps
- The Case action feature, which automatically creates cases from rules and was first introduced in 8.14 as a technical preview, is now generally available.