diff --git a/docs/release-notes.asciidoc b/docs/release-notes.asciidoc index 9c6d400468..dade729213 100644 --- a/docs/release-notes.asciidoc +++ b/docs/release-notes.asciidoc @@ -3,6 +3,7 @@ This section summarizes the changes in each release. +* <> * <> * <> * <> @@ -16,5 +17,6 @@ This section summarizes the changes in each release. :issue: https://github.com/elastic/kibana/issues/ :pull: https://github.com/elastic/kibana/pull/ +include::release-notes/8.2.asciidoc[] include::release-notes/8.1.asciidoc[] include::release-notes/8.0.asciidoc[] diff --git a/docs/release-notes/8.2.asciidoc b/docs/release-notes/8.2.asciidoc new file mode 100644 index 0000000000..f9c3264dee --- /dev/null +++ b/docs/release-notes/8.2.asciidoc @@ -0,0 +1,72 @@ +[[release-notes-header-8.2.0]] +== 8.2 + +[discrete] +[[release-notes-8.2.0]] +=== 8.2.0 + +[discrete] +[[deprecations-8.2.0]] +==== Deprecations +The following endpoints are deprecated ({pull}129448[#129448]) and will be removed in a future release. They will remain active for at least the next 18 months: + +* <> +* <> +* <> + +To avoid breakage, we recommend using the <> API instead for similar bulk actions. You can also use the <>, <>, and <> rule APIs to manage rules individually. + +[discrete] +[[breaking-changes-8.2.0]] +==== Breaking changes +// tag::breaking-changes[] +// NOTE: The breaking-changes tagged regions are reused in the Elastic Installation and Upgrade Guide. The pull attribute is defined within this snippet so it properly resolves in the output. +:pull: https://github.com/elastic/kibana/pull/ +There are no breaking changes in 8.2.0. +// end::breaking-changes[] + +[discrete] +[[features-8.2.0]] +==== Features +* Enables rule previews for indicator match rules ({pull}126651[#126651]). +* Displays the alerts table when previewing a rule ({pull}127986[#127986]). +* Introduces a new beta feature, <>. Session view contextualizes and provides insight into Linux process data ({pull}127828[#127828], {pull}126997[#126997], {pull}127520[#127520], {pull}124575[#124575]). +* Creates a <> page under *Explore* to help you better understand authentication and usage information ({pull}127617[#127617], {pull}127953[#127953], {pull}126434[#126434], {pull}126079[#126079], {pull}128375[#128375], {pull}130030[#130030]). +* Creates a User details flyout ({pull}127019[#127019]). +* Creates a <> that enables you to prevent applications from running on hosts ({pull}127098[#127098], {pull}127031[#127031], {pull}126390[#126390]). +* Creates a *Policies* page, which lists all of the integration policies configured for {endpoint-sec}. Use the page to quickly view and manage your {endpoint-sec} integration policies ({pull}123760[#123760]). +* Enables you to bulk-apply Timeline templates to rules ({pull}128691[#128691]). +* Enables users to filter the rules management table by index pattern or MITRE ATT&CK tactic or technique (name or ID) ({pull}128245[#128245]). +* Allows you to run Osquery searches from the **Take action** button on the Alert details flyout (**Alerts** and **Timelines** pages) ({pull}128142[#128142]). +* Adds a list of linked cases to the alert details flyout ({pull}128033[#128033]). +* Expands the actions you can take on visualizations throughout {elastic-sec} to *Inspect*, *Open in Lens*, *Add to new case*, and *Add to existing case* ({pull}126507[#126507]). +* Adds rule execution logs to the rule details page to consolidate information about a rule's execution history ({pull}126215[#126215]). +* Enables wildcard entries for `file.path.text` fields within event filters with the *matches* operator ({pull}125202[#125202]). + +[discrete] +[[bug-fixes-8.2.0]] +==== Bug fixes and enhancements +* Performance enhancements for indicator match rules: +** Adds point in time (PIT) search ({pull}128433[#128433]). +** Adds events-first (reverse) search ({pull}127428[#127428]). +** Includes filters from indicator match rule mappings to reduce the search load when rules run ({pull}127411[#127411]). +* Fixes a bug that affected the accuracy of rule preview results ({pull}128003[#128003]). +* Adds event log telemetry for detection rules ({pull}128216[#128216]). +* Adds support for Osquery pack integration assets ({pull}128109[#128109]). +* Fixes minor Osquery issues on alerts ({pull}128676[#128676]). +* Allows users to reduce resource usage by collapsing KPIs and table queries running on the *Hosts* and *Network* pages ({pull}127930[#127930]). +* Adds the *Alert prevalence* column to the Highlighted fields table ({pull}127599[#127599]). +* Introduces a new landing page that provides guidance for adding data ({pull}127324[#127324]). +* Redesigns the *Fields* browser ({pull}126105[#126105]). +* Allows runtime fields to be managed from the *Fields* browser ({pull}127037[#127037]). +* Adds the *Blocklist enabled* toggle to Malware protection settings ({pull}127031[#127031]). +* Updates MITRE ATT&CK mappings for detection rules to v10.1 ({pull}126288[#126288]). +* Adds an Advanced Settings toggle to turn off `read` privilege warnings for detection rules using a remote cross-cluster search (CCS) index pattern ({pull}124459[#124459]). +* Excludes malware and ransomware alerts from detection rule telemetry ({pull}130233[#130233]). +* Fixes alert and external alert filters on the *Hosts* page and *Users* page ({pull}129451[#129451]). +* Passes threshold alert filters to the Timeline ({pull}129405[#129405]). +* Displays a confirmation message when a user creates the first event filter ({pull}128810[#128810]). +* Fixes a bug that ignored exceptions when loading the threshold alert count in a Timeline ({pull}128495[#128495]). +* Adds a fallback mechanism to EQL rules so that rules fall back to `@timestamp` if `timestamp_override` doesn't exist ({pull}127989[#127989]). +* Fixes a bug that stopped EQL rules from using a `max_signals` value greater than 100 ({pull}127839[#127839]). +* Updates EQL rules to use the EQL method of the {es} client ({pull}127684[#127684]).