From 9814a399561cc8bc200090cfac1792db73d7df0b Mon Sep 17 00:00:00 2001 From: "nastasha.solomon" Date: Mon, 11 Apr 2022 15:48:31 -0400 Subject: [PATCH 01/26] First draft. --- docs/release-notes.asciidoc | 2 + docs/release-notes/8.2.asciidoc | 86 +++++++++++++++++++++++++++++++++ 2 files changed, 88 insertions(+) create mode 100644 docs/release-notes/8.2.asciidoc diff --git a/docs/release-notes.asciidoc b/docs/release-notes.asciidoc index 1f47ca7f52..8da160348a 100644 --- a/docs/release-notes.asciidoc +++ b/docs/release-notes.asciidoc @@ -3,6 +3,7 @@ This section summarizes the changes in each release. +* <> * <> * <> * <> @@ -15,5 +16,6 @@ This section summarizes the changes in each release. :issue: https://github.com/elastic/kibana/issues/ :pull: https://github.com/elastic/kibana/pull/ +include::release-notes/8.2.asciidoc[] include::release-notes/8.1.asciidoc[] include::release-notes/8.0.asciidoc[] diff --git a/docs/release-notes/8.2.asciidoc b/docs/release-notes/8.2.asciidoc new file mode 100644 index 0000000000..8170ce3e35 --- /dev/null +++ b/docs/release-notes/8.2.asciidoc @@ -0,0 +1,86 @@ +[[release-notes-header-8.2.0]] +== 8.2 + +[discrete] +[[release-notes-8.2.0]] +=== 8.2.0 + +[discrete] +[[breaking-changes-8.2.0]] +==== Breaking changes +// tag::breaking-changes[] +// NOTE: The breaking-changes tagged regions are re-used in the Elastic Installation and Upgrade Guide. The pull attribute is defined within this snippet so it properly resolves in the output. +:pull: https://github.com/elastic/kibana/pull/ +There are no breaking changes in 8.2.0. +// end::breaking-changes[] + +[discrete] +[[features-8.2.0]] +==== Features +* Adds UI for bulk applying timeline template ({pull}128691[#128691]). +* Adds the ability to filter by index pattern to the rules management table ({pull}128245[#128245]). +* Adds live query to alerts ({pull}128142[#128142]). +* Adds related cases to Flyout ({pull}128033[#128033]). +* Adds Events tab and External alerts tab to the User page and the User details page ({pull}127953[#127953]). +* Session view: Implement back to investigated alert button ({pull}127828[#127828]). +* User Page - KPIs and visualisations ({pull}127617[#127617]). +* Use session view plugin to render session viewer in alerts, events and timeline ({pull}127520[#127520]). +* Blocklist create/edit form ({pull}127098[#127098]). +* Adds blocklist switch to malware card ({pull}127031[#127031]). +* Adds data to user details page ({pull}127019[#127019]). +* Update session view plugin process tree alerts ({pull}126997[#126997]). +* Adds visualization actions ({pull}126507[#126507]). +* Adds User Risk tab to Users page ({pull}126434[#126434]). +* Adds blocklist list ({pull}126390[#126390]). +* Adds rule execution log table ({pull}126215[#126215]). +* Adds anomalies tab to user page ({pull}126079[#126079]). +* Adds `matches` wildcard operator for `file.path.text` field for Event Filters ({pull}125202[#125202]). +* Session View Plugin ({pull}124575[#124575]). + +[discrete] +[[bug-fixes-8.2.0]] +==== Bug fixes and enhancements +* Adds UI for bulk applying timeline template ({pull}128691[#128691]). +* Adds PIT to indicator search ({pull}128433[#128433]). +* Create all users tab on user page ({pull}128375[#128375]). +* Adds the ability to filter by index pattern to the rules management table ({pull}128245[#128245]). +* Adds event log telemetry specific for security solution rules ({pull}128216[#128216]). +* Adds live query to alerts ({pull}128142[#128142]). +* Adds support for osquery pack integration assets ({pull}128109[#128109]). +* Adds related cases to Flyout ({pull}128033[#128033]). +* EQL rules fallback to @timestamp if timestamp override doesn't exist ({pull}127989[#127989]). +* Display alert table in rule preview result ({pull}127986[#127986]). +* Adds Events tab and External alerts tab to the User page and the User details page ({pull}127953[#127953]). +* Collapse KPI and Table queries on Explore pages ({pull}127930[#127930]). +* Session view: Implement back to investigated alert button ({pull}127828[#127828]). +* User Page - KPIs and visualisations ({pull}127617[#127617]). +* Adds alert prevalence column to highlighted fields table ({pull}127599[#127599]). +* Use session view plugin to render session viewer in alerts, events and timeline ({pull}127520[#127520]). +* Adds events-first (reverse) search for IM rule ({pull}127428[#127428]). +* Adds mapping filters ({pull}127411[#127411]). +* New landing page ({pull}127324[#127324]). +* Blocklist create/edit form ({pull}127098[#127098]). +* Adds runtime field edit/delete actions in the Field Browser ({pull}127037[#127037]). +* Adds blocklist switch to malware card ({pull}127031[#127031]). +* Adds data to user details page ({pull}127019[#127019]). +* Update session view plugin process tree alerts ({pull}126997[#126997]). +* Enable IM Rule Preview ({pull}126651[#126651]). +* Adds visualization actions ({pull}126507[#126507]). +* Adds User Risk tab to Users page ({pull}126434[#126434]). +* Adds blocklist list ({pull}126390[#126390]). +* Updates MITRE ATT&CK mappings to v10.1 ({pull}126288[#126288]). +* Adds rule execution log table ({pull}126215[#126215]). +* Alerts table Fields Browser revamp ({pull}126105[#126105]). +* Adds anomalies tab to user page ({pull}126079[#126079]). +* Adds `matches` wildcard operator for `file.path.text` field for Event Filters ({pull}125202[#125202]). +* Session View Plugin ({pull}124575[#124575]). +* Adds CCS privileges warning enable switch in advanced settings ({pull}124459[#124459]). +* Fixes alerts and external alerts filters on Hots and Users pages ({pull}129451[#129451]). +* Pass filters from threshold alerts to timeline ({pull}129405[#129405]). +* Fixes event filter creation success toast ({pull}128810[#128810]). +* Fixes small issues in alerts ({pull}128676[#128676]). +* Consider exceptions when loading threshold alert timelines ({pull}128495[#128495]). +* Fixes rule preview (incorrect interval and from values) ({pull}128003[#128003]). +* Use max_signals for EQL search size ({pull}127839[#127839]). +* Update EQL rules to use EQL method of ES client ({pull}127684[#127684]). +* Create endpoint action and responses from matching fleet actions ({pull}127174[#127174]). From 3680f785943be5a9c8cef41b2f43d7fc00a372e3 Mon Sep 17 00:00:00 2001 From: "nastasha.solomon" Date: Mon, 11 Apr 2022 16:27:53 -0400 Subject: [PATCH 02/26] Removed dash --- docs/release-notes.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/release-notes.asciidoc b/docs/release-notes.asciidoc index 8da160348a..f7baa51509 100644 --- a/docs/release-notes.asciidoc +++ b/docs/release-notes.asciidoc @@ -3,7 +3,7 @@ This section summarizes the changes in each release. -* <> +* <> * <> * <> * <> From 695d35642b7b3128ecb236881356e403e2da8bd1 Mon Sep 17 00:00:00 2001 From: "nastasha.solomon" Date: Thu, 14 Apr 2022 17:02:57 -0400 Subject: [PATCH 03/26] Ben's work --- docs/release-notes/8.2.asciidoc | 30 +++++++++++------------------- 1 file changed, 11 insertions(+), 19 deletions(-) diff --git a/docs/release-notes/8.2.asciidoc b/docs/release-notes/8.2.asciidoc index 8170ce3e35..0cf48822c3 100644 --- a/docs/release-notes/8.2.asciidoc +++ b/docs/release-notes/8.2.asciidoc @@ -17,25 +17,17 @@ There are no breaking changes in 8.2.0. [discrete] [[features-8.2.0]] ==== Features -* Adds UI for bulk applying timeline template ({pull}128691[#128691]). -* Adds the ability to filter by index pattern to the rules management table ({pull}128245[#128245]). -* Adds live query to alerts ({pull}128142[#128142]). -* Adds related cases to Flyout ({pull}128033[#128033]). -* Adds Events tab and External alerts tab to the User page and the User details page ({pull}127953[#127953]). -* Session view: Implement back to investigated alert button ({pull}127828[#127828]). -* User Page - KPIs and visualisations ({pull}127617[#127617]). -* Use session view plugin to render session viewer in alerts, events and timeline ({pull}127520[#127520]). -* Blocklist create/edit form ({pull}127098[#127098]). -* Adds blocklist switch to malware card ({pull}127031[#127031]). -* Adds data to user details page ({pull}127019[#127019]). -* Update session view plugin process tree alerts ({pull}126997[#126997]). -* Adds visualization actions ({pull}126507[#126507]). -* Adds User Risk tab to Users page ({pull}126434[#126434]). -* Adds blocklist list ({pull}126390[#126390]). -* Adds rule execution log table ({pull}126215[#126215]). -* Adds anomalies tab to user page ({pull}126079[#126079]). -* Adds `matches` wildcard operator for `file.path.text` field for Event Filters ({pull}125202[#125202]). -* Session View Plugin ({pull}124575[#124575]). +* Introduces a new beta feature, <>. Session view contextualizes and provides insight into Linux process data ({pull}127828[#127828]), ({pull}126997[#126997]), ({pull}127520[#127520]), ({pull}124575[#124575]). +* Creates a Users page under Explore to help you better understand authentication and usage information ({pull}127617[#127617]), ({pull}127953[#127953]), ({pull}126434[#126434]), ({pull}126079[#126079]). +* Creates a User details flyout ({pull}127019[#127019]). +* Creates a <> that enables you to prevent applications from running on hosts ({pull}127098[#127098]), ({pull}127031[#127031]), ({pull}126390[#126390]). +* Enables you to bulk-apply timeline templates to rules ({pull}128691[#128691]). +* Enables filtering by index pattern or MITRE ATT&CK tactic or technique (name or ID) on the rules management table ({pull}128245[#128245]). +* Allows you to run osquery searches from the **Take action** menu on the alert details flyout (Alerts and Timelines pages) ({pull}128142[#128142]). +* Adds a list of linked cases to the alert details flyout ({pull}128033[#128033]). +* Expands the actions you can take on visualizations throughout Elastic Security from only “Inspect” to “Inspect”, “Open in Lens”, “Add to new case”, and “Add to existing case” ({pull}126507[#126507]). +* Creates a Rule execution log tab within the rule details flyout to consolidate information about rule executions ({pull}126215[#126215]). +* Enables the “matches” and “not matches” operators for “file.path.text” fields within event filters ({pull}125202[#125202]). [discrete] [[bug-fixes-8.2.0]] From bfde6678eb8dd017a571617c56c80bf052af5df0 Mon Sep 17 00:00:00 2001 From: "nastasha.solomon" Date: Mon, 18 Apr 2022 10:56:01 -0400 Subject: [PATCH 04/26] Adding bugs and enh --- docs/release-notes/8.2.asciidoc | 85 ++++++++++++++------------------- 1 file changed, 35 insertions(+), 50 deletions(-) diff --git a/docs/release-notes/8.2.asciidoc b/docs/release-notes/8.2.asciidoc index 0cf48822c3..661157210d 100644 --- a/docs/release-notes/8.2.asciidoc +++ b/docs/release-notes/8.2.asciidoc @@ -17,62 +17,47 @@ There are no breaking changes in 8.2.0. [discrete] [[features-8.2.0]] ==== Features -* Introduces a new beta feature, <>. Session view contextualizes and provides insight into Linux process data ({pull}127828[#127828]), ({pull}126997[#126997]), ({pull}127520[#127520]), ({pull}124575[#124575]). -* Creates a Users page under Explore to help you better understand authentication and usage information ({pull}127617[#127617]), ({pull}127953[#127953]), ({pull}126434[#126434]), ({pull}126079[#126079]). +* Introduces a new beta feature, [session-view, Session View]. Session view contextualizes and provides insight into Linux process data ({pull}127828[#127828], {pull}126997[#126997], {pull}127520[#127520], {pull}124575[#124575]). +* Creates a Users page under Explore to help you better understand authentication and usage information ({pull}127617[#127617], {pull}127953[#127953], {pull}126434[#126434], {pull}126079[#126079], {pull}128375[#128375], {pull}130030[#130030]). * Creates a User details flyout ({pull}127019[#127019]). -* Creates a <> that enables you to prevent applications from running on hosts ({pull}127098[#127098]), ({pull}127031[#127031]), ({pull}126390[#126390]). +* Creates a <> that enables you to prevent applications from running on hosts ({pull}127098[#127098], {pull}127031[#127031], {pull}126390[#126390]). * Enables you to bulk-apply timeline templates to rules ({pull}128691[#128691]). * Enables filtering by index pattern or MITRE ATT&CK tactic or technique (name or ID) on the rules management table ({pull}128245[#128245]). -* Allows you to run osquery searches from the **Take action** menu on the alert details flyout (Alerts and Timelines pages) ({pull}128142[#128142]). +* Allows you to run Osquery searches from the **Take action** menu on the alert details flyout (Alerts and Timelines pages) ({pull}128142[#128142]). * Adds a list of linked cases to the alert details flyout ({pull}128033[#128033]). -* Expands the actions you can take on visualizations throughout Elastic Security from only “Inspect” to “Inspect”, “Open in Lens”, “Add to new case”, and “Add to existing case” ({pull}126507[#126507]). +* Expands the actions you can take on visualizations throughout Elastic Security from only *Inspect* to *Inspect*, *Open in Lens*, *Add to new case*, and *Add to existing case* ({pull}126507[#126507]). * Creates a Rule execution log tab within the rule details flyout to consolidate information about rule executions ({pull}126215[#126215]). -* Enables the “matches” and “not matches” operators for “file.path.text” fields within event filters ({pull}125202[#125202]). +* Enables the *Matches* and *Does not match* operators for `file.path.text` fields within event filters ({pull}125202[#125202]). [discrete] [[bug-fixes-8.2.0]] ==== Bug fixes and enhancements -* Adds UI for bulk applying timeline template ({pull}128691[#128691]). -* Adds PIT to indicator search ({pull}128433[#128433]). -* Create all users tab on user page ({pull}128375[#128375]). -* Adds the ability to filter by index pattern to the rules management table ({pull}128245[#128245]). -* Adds event log telemetry specific for security solution rules ({pull}128216[#128216]). -* Adds live query to alerts ({pull}128142[#128142]). -* Adds support for osquery pack integration assets ({pull}128109[#128109]). -* Adds related cases to Flyout ({pull}128033[#128033]). -* EQL rules fallback to @timestamp if timestamp override doesn't exist ({pull}127989[#127989]). -* Display alert table in rule preview result ({pull}127986[#127986]). -* Adds Events tab and External alerts tab to the User page and the User details page ({pull}127953[#127953]). -* Collapse KPI and Table queries on Explore pages ({pull}127930[#127930]). -* Session view: Implement back to investigated alert button ({pull}127828[#127828]). -* User Page - KPIs and visualisations ({pull}127617[#127617]). -* Adds alert prevalence column to highlighted fields table ({pull}127599[#127599]). -* Use session view plugin to render session viewer in alerts, events and timeline ({pull}127520[#127520]). -* Adds events-first (reverse) search for IM rule ({pull}127428[#127428]). -* Adds mapping filters ({pull}127411[#127411]). -* New landing page ({pull}127324[#127324]). -* Blocklist create/edit form ({pull}127098[#127098]). -* Adds runtime field edit/delete actions in the Field Browser ({pull}127037[#127037]). -* Adds blocklist switch to malware card ({pull}127031[#127031]). -* Adds data to user details page ({pull}127019[#127019]). -* Update session view plugin process tree alerts ({pull}126997[#126997]). -* Enable IM Rule Preview ({pull}126651[#126651]). -* Adds visualization actions ({pull}126507[#126507]). -* Adds User Risk tab to Users page ({pull}126434[#126434]). -* Adds blocklist list ({pull}126390[#126390]). -* Updates MITRE ATT&CK mappings to v10.1 ({pull}126288[#126288]). -* Adds rule execution log table ({pull}126215[#126215]). -* Alerts table Fields Browser revamp ({pull}126105[#126105]). -* Adds anomalies tab to user page ({pull}126079[#126079]). -* Adds `matches` wildcard operator for `file.path.text` field for Event Filters ({pull}125202[#125202]). -* Session View Plugin ({pull}124575[#124575]). -* Adds CCS privileges warning enable switch in advanced settings ({pull}124459[#124459]). -* Fixes alerts and external alerts filters on Hots and Users pages ({pull}129451[#129451]). -* Pass filters from threshold alerts to timeline ({pull}129405[#129405]). -* Fixes event filter creation success toast ({pull}128810[#128810]). -* Fixes small issues in alerts ({pull}128676[#128676]). -* Consider exceptions when loading threshold alert timelines ({pull}128495[#128495]). -* Fixes rule preview (incorrect interval and from values) ({pull}128003[#128003]). -* Use max_signals for EQL search size ({pull}127839[#127839]). -* Update EQL rules to use EQL method of ES client ({pull}127684[#127684]). -* Create endpoint action and responses from matching fleet actions ({pull}127174[#127174]). +* Performance enhancements to the indicator match rule: +** Adds point in time (PIT) search ({pull}128433[#128433]). +** Adds events-first (reverse) search ({pull}127428[#127428]). +** Includes filters from indicator match rule mappings to reduce the search load when the rule is ran ({pull}127411[#127411]). +* Enables the rule preview functionality for indicator match rules ({pull}126651[#126651]). +* Fixes bug that affected the accuracy of rule preview results ({pull}128003[#128003]). +* Allows filtering by index patterns on the Rules table ({pull}128245[#128245]). +* Adds event log telemetry for detection rules ({pull}128216[#128216]). +* Adds support for the Osquery integration {pull}128109[#128109] +* Displays the alert table in the rule preview result ({pull}127986[#127986]). +* Allows users to reduce resource loads by collapsing KPIs and table queries running on the Hosts and Network pages ({pull}127930[#127930]). +* Adds the *Alert prevalence* column to the Highlighted fields table ({pull}127599[#127599]). +* Introduces a new landing page that provides guidance for adding data ({pull}127324[#127324]). +* Redesigns the the *Fields* browser ({pull}126105[#126105]). +* Allows runtime fields to be managed from the *Fields* browser ({pull}127037[#127037]). +* Adds the *Blocklist enabled* toggle in the Malware protection settings ({pull}127031[#127031]). +* Adds the *Blocklist* page ({pull}126390[#126390], {pull}127098[#127098]). +* Updates MITRE ATT&CK mappings for detection rules to v10.1 ({pull}126288[#126288]). +* Adds an advanced setting toggle to turn off `read` privilege warnings for detection rules using a remote cross-cluster search (CCS) index pattern ({pull}124459[#124459]). +* Excludes malware and ransomware alerts from detection rule telemetry ({pull}130233[#130233]). +* Fixes alert and external alert filters on the Hosts page and Users page ({pull}129451[#129451]). +* Passes threshold alert filters to the Timeline ({pull}129405[#129405]). +* Displays confirmation messages when users modify an event filter ({pull}128810[#128810]). +* Fixes minor Osquery issues on alerts ({pull}128676[#128676]). +* Fixes a bug that ignored exceptions when loading the Threshold alert count in a Timeline ({pull}128495[#128495]). +* Adds a fallback mechanism to EQL rules so that rules fall back to `@timestamp` if `timestamp_override` doesn't exist ({pull}127989[#127989]). +* Fixes a bug that stopped EQL rules from using a max signals search greater than 100 ({pull}127839[#127839]). +* Makes EQL rules use the EQL method of the Elasticsearch client ({pull}127684[#127684]). +* Generates data about endpoint action and responses to match {fleet} actions so that the pending actions badge correctly displays ({pull}127174[#127174]). From bd835c93e9da4d13b515d98a880f185467a3303f Mon Sep 17 00:00:00 2001 From: "nastasha.solomon" Date: Mon, 18 Apr 2022 11:06:36 -0400 Subject: [PATCH 05/26] Adding section for deprecations --- docs/release-notes/8.2.asciidoc | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/docs/release-notes/8.2.asciidoc b/docs/release-notes/8.2.asciidoc index 661157210d..74228525ce 100644 --- a/docs/release-notes/8.2.asciidoc +++ b/docs/release-notes/8.2.asciidoc @@ -5,6 +5,14 @@ [[release-notes-8.2.0]] === 8.2.0 +[discrete] +[[deprecations-8.2.0]] +==== Deprecations +* Support for the following endpoints will be removed ({pull}129448[#129448]): +** `detection_engine/rules/_bulk_create` +** `detection_engine/rules/_bulk_delete` +** `detection_engine/rules/_bulk_update` + [discrete] [[breaking-changes-8.2.0]] ==== Breaking changes From 3ee46644219a4d8909b09f6f838078c3793f07b2 Mon Sep 17 00:00:00 2001 From: "nastasha.solomon" Date: Mon, 18 Apr 2022 12:46:39 -0400 Subject: [PATCH 06/26] Georgii's input --- docs/release-notes/8.2.asciidoc | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/docs/release-notes/8.2.asciidoc b/docs/release-notes/8.2.asciidoc index 74228525ce..a89a592ad9 100644 --- a/docs/release-notes/8.2.asciidoc +++ b/docs/release-notes/8.2.asciidoc @@ -8,10 +8,13 @@ [discrete] [[deprecations-8.2.0]] ==== Deprecations -* Support for the following endpoints will be removed ({pull}129448[#129448]): -** `detection_engine/rules/_bulk_create` -** `detection_engine/rules/_bulk_delete` -** `detection_engine/rules/_bulk_update` +The following endpoints are deprecated ({pull}129448[#129448]) and will be removed in a future release but no earlier than 18 months: + +* <> +* <> +* <> + +To avoid breakage, we recommend using the <> endpoint, which performs the same actions. You can also use the regular create, update and delete endpoints. [discrete] [[breaking-changes-8.2.0]] @@ -26,7 +29,7 @@ There are no breaking changes in 8.2.0. [[features-8.2.0]] ==== Features * Introduces a new beta feature, [session-view, Session View]. Session view contextualizes and provides insight into Linux process data ({pull}127828[#127828], {pull}126997[#126997], {pull}127520[#127520], {pull}124575[#124575]). -* Creates a Users page under Explore to help you better understand authentication and usage information ({pull}127617[#127617], {pull}127953[#127953], {pull}126434[#126434], {pull}126079[#126079], {pull}128375[#128375], {pull}130030[#130030]). +* Creates a *Users* page under *Explore* to help you better understand authentication and usage information ({pull}127617[#127617], {pull}127953[#127953], {pull}126434[#126434], {pull}126079[#126079], {pull}128375[#128375], {pull}130030[#130030]). * Creates a User details flyout ({pull}127019[#127019]). * Creates a <> that enables you to prevent applications from running on hosts ({pull}127098[#127098], {pull}127031[#127031], {pull}126390[#126390]). * Enables you to bulk-apply timeline templates to rules ({pull}128691[#128691]). From 6b215b8266cabcf6cc4966f6d4ee85a750dc7355 Mon Sep 17 00:00:00 2001 From: "nastasha.solomon" Date: Mon, 18 Apr 2022 16:34:14 -0400 Subject: [PATCH 07/26] Input from Georgii and Marshall --- docs/release-notes/8.2.asciidoc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/release-notes/8.2.asciidoc b/docs/release-notes/8.2.asciidoc index a89a592ad9..2449fc7d7b 100644 --- a/docs/release-notes/8.2.asciidoc +++ b/docs/release-notes/8.2.asciidoc @@ -8,13 +8,13 @@ [discrete] [[deprecations-8.2.0]] ==== Deprecations -The following endpoints are deprecated ({pull}129448[#129448]) and will be removed in a future release but no earlier than 18 months: +The following endpoints are deprecated ({pull}129448[#129448]) and will be removed in a future release. They will remain active for at least the next 18 months: * <> * <> * <> -To avoid breakage, we recommend using the <> endpoint, which performs the same actions. You can also use the regular create, update and delete endpoints. +To avoid breakage, we recommend using the <> API instead. You can also use the <>, <>, and <> rule APIs to manage rules individually. [discrete] [[breaking-changes-8.2.0]] @@ -69,6 +69,6 @@ There are no breaking changes in 8.2.0. * Fixes minor Osquery issues on alerts ({pull}128676[#128676]). * Fixes a bug that ignored exceptions when loading the Threshold alert count in a Timeline ({pull}128495[#128495]). * Adds a fallback mechanism to EQL rules so that rules fall back to `@timestamp` if `timestamp_override` doesn't exist ({pull}127989[#127989]). -* Fixes a bug that stopped EQL rules from using a max signals search greater than 100 ({pull}127839[#127839]). +* Fixes a bug that stopped EQL rules from using a `max_signals` value greater than 100 ({pull}127839[#127839]). * Makes EQL rules use the EQL method of the Elasticsearch client ({pull}127684[#127684]). * Generates data about endpoint action and responses to match {fleet} actions so that the pending actions badge correctly displays ({pull}127174[#127174]). From 6fbcf73e7ddaf0a0bb827fe010fe269bca01a0bc Mon Sep 17 00:00:00 2001 From: "nastasha.solomon" Date: Mon, 18 Apr 2022 16:39:22 -0400 Subject: [PATCH 08/26] Updating summary for #128676 --- docs/release-notes/8.2.asciidoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/release-notes/8.2.asciidoc b/docs/release-notes/8.2.asciidoc index 2449fc7d7b..8c61220ba2 100644 --- a/docs/release-notes/8.2.asciidoc +++ b/docs/release-notes/8.2.asciidoc @@ -51,7 +51,8 @@ There are no breaking changes in 8.2.0. * Fixes bug that affected the accuracy of rule preview results ({pull}128003[#128003]). * Allows filtering by index patterns on the Rules table ({pull}128245[#128245]). * Adds event log telemetry for detection rules ({pull}128216[#128216]). -* Adds support for the Osquery integration {pull}128109[#128109] +* Adds support for Osquery pack integration assets ({pull}128109[#128109]). +* Fixes minor Osquery issues on alerts ({pull}128676[#128676]). * Displays the alert table in the rule preview result ({pull}127986[#127986]). * Allows users to reduce resource loads by collapsing KPIs and table queries running on the Hosts and Network pages ({pull}127930[#127930]). * Adds the *Alert prevalence* column to the Highlighted fields table ({pull}127599[#127599]). @@ -66,7 +67,6 @@ There are no breaking changes in 8.2.0. * Fixes alert and external alert filters on the Hosts page and Users page ({pull}129451[#129451]). * Passes threshold alert filters to the Timeline ({pull}129405[#129405]). * Displays confirmation messages when users modify an event filter ({pull}128810[#128810]). -* Fixes minor Osquery issues on alerts ({pull}128676[#128676]). * Fixes a bug that ignored exceptions when loading the Threshold alert count in a Timeline ({pull}128495[#128495]). * Adds a fallback mechanism to EQL rules so that rules fall back to `@timestamp` if `timestamp_override` doesn't exist ({pull}127989[#127989]). * Fixes a bug that stopped EQL rules from using a `max_signals` value greater than 100 ({pull}127839[#127839]). From 2c27901b311e9a41239815c75534839b7526f548 Mon Sep 17 00:00:00 2001 From: "nastasha.solomon" Date: Tue, 19 Apr 2022 12:12:34 -0400 Subject: [PATCH 09/26] Joe's edits --- docs/release-notes/8.2.asciidoc | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-) diff --git a/docs/release-notes/8.2.asciidoc b/docs/release-notes/8.2.asciidoc index 8c61220ba2..26a1092e9a 100644 --- a/docs/release-notes/8.2.asciidoc +++ b/docs/release-notes/8.2.asciidoc @@ -32,13 +32,13 @@ There are no breaking changes in 8.2.0. * Creates a *Users* page under *Explore* to help you better understand authentication and usage information ({pull}127617[#127617], {pull}127953[#127953], {pull}126434[#126434], {pull}126079[#126079], {pull}128375[#128375], {pull}130030[#130030]). * Creates a User details flyout ({pull}127019[#127019]). * Creates a <> that enables you to prevent applications from running on hosts ({pull}127098[#127098], {pull}127031[#127031], {pull}126390[#126390]). -* Enables you to bulk-apply timeline templates to rules ({pull}128691[#128691]). -* Enables filtering by index pattern or MITRE ATT&CK tactic or technique (name or ID) on the rules management table ({pull}128245[#128245]). +* Enables you to bulk-apply Timeline templates to rules ({pull}128691[#128691]). +* Enables filtering the rules management table by index pattern or MITRE ATT&CK tactic or technique (name or ID) ({pull}128245[#128245]). * Allows you to run Osquery searches from the **Take action** menu on the alert details flyout (Alerts and Timelines pages) ({pull}128142[#128142]). * Adds a list of linked cases to the alert details flyout ({pull}128033[#128033]). -* Expands the actions you can take on visualizations throughout Elastic Security from only *Inspect* to *Inspect*, *Open in Lens*, *Add to new case*, and *Add to existing case* ({pull}126507[#126507]). -* Creates a Rule execution log tab within the rule details flyout to consolidate information about rule executions ({pull}126215[#126215]). -* Enables the *Matches* and *Does not match* operators for `file.path.text` fields within event filters ({pull}125202[#125202]). +* Expands the actions you can take on visualizations throughout Elastic Security to *Inspect*, *Open in Lens*, *Add to new case*, and *Add to existing case* ({pull}126507[#126507]). +* Adds rule execution logs to the rule details page to consolidate information about a rule's execution history ({pull}126215[#126215]). +* Enables wildcards for `file.path.text` fields within event filters with the *matches* operator ({pull}125202[#125202]). [discrete] [[bug-fixes-8.2.0]] @@ -46,29 +46,27 @@ There are no breaking changes in 8.2.0. * Performance enhancements to the indicator match rule: ** Adds point in time (PIT) search ({pull}128433[#128433]). ** Adds events-first (reverse) search ({pull}127428[#127428]). -** Includes filters from indicator match rule mappings to reduce the search load when the rule is ran ({pull}127411[#127411]). +** Includes filters from indicator match rule mappings to reduce the search load when the rule is run ({pull}127411[#127411]). * Enables the rule preview functionality for indicator match rules ({pull}126651[#126651]). * Fixes bug that affected the accuracy of rule preview results ({pull}128003[#128003]). -* Allows filtering by index patterns on the Rules table ({pull}128245[#128245]). * Adds event log telemetry for detection rules ({pull}128216[#128216]). * Adds support for Osquery pack integration assets ({pull}128109[#128109]). * Fixes minor Osquery issues on alerts ({pull}128676[#128676]). -* Displays the alert table in the rule preview result ({pull}127986[#127986]). +* Displays the alerts table when previewing a rule ({pull}127986[#127986]). * Allows users to reduce resource loads by collapsing KPIs and table queries running on the Hosts and Network pages ({pull}127930[#127930]). * Adds the *Alert prevalence* column to the Highlighted fields table ({pull}127599[#127599]). * Introduces a new landing page that provides guidance for adding data ({pull}127324[#127324]). * Redesigns the the *Fields* browser ({pull}126105[#126105]). * Allows runtime fields to be managed from the *Fields* browser ({pull}127037[#127037]). * Adds the *Blocklist enabled* toggle in the Malware protection settings ({pull}127031[#127031]). -* Adds the *Blocklist* page ({pull}126390[#126390], {pull}127098[#127098]). * Updates MITRE ATT&CK mappings for detection rules to v10.1 ({pull}126288[#126288]). -* Adds an advanced setting toggle to turn off `read` privilege warnings for detection rules using a remote cross-cluster search (CCS) index pattern ({pull}124459[#124459]). +* Adds an Advanced Settings toggle to turn off `read` privilege warnings for detection rules using a remote cross-cluster search (CCS) index pattern ({pull}124459[#124459]). * Excludes malware and ransomware alerts from detection rule telemetry ({pull}130233[#130233]). * Fixes alert and external alert filters on the Hosts page and Users page ({pull}129451[#129451]). * Passes threshold alert filters to the Timeline ({pull}129405[#129405]). -* Displays confirmation messages when users modify an event filter ({pull}128810[#128810]). -* Fixes a bug that ignored exceptions when loading the Threshold alert count in a Timeline ({pull}128495[#128495]). +* Displays a confirmation message when user modifies an event filter ({pull}128810[#128810]). +* Fixes a bug that ignored exceptions when loading the threshold alert count in a Timeline ({pull}128495[#128495]). * Adds a fallback mechanism to EQL rules so that rules fall back to `@timestamp` if `timestamp_override` doesn't exist ({pull}127989[#127989]). * Fixes a bug that stopped EQL rules from using a `max_signals` value greater than 100 ({pull}127839[#127839]). -* Makes EQL rules use the EQL method of the Elasticsearch client ({pull}127684[#127684]). +* Makes EQL rules use the EQL method of the {es} client ({pull}127684[#127684]). * Generates data about endpoint action and responses to match {fleet} actions so that the pending actions badge correctly displays ({pull}127174[#127174]). From 1065cb30912a618bfabd60266747ef3bf20419be Mon Sep 17 00:00:00 2001 From: "nastasha.solomon" Date: Wed, 20 Apr 2022 07:35:39 -0400 Subject: [PATCH 10/26] Minor tweak --- docs/release-notes/8.2.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/release-notes/8.2.asciidoc b/docs/release-notes/8.2.asciidoc index 26a1092e9a..7a6484026d 100644 --- a/docs/release-notes/8.2.asciidoc +++ b/docs/release-notes/8.2.asciidoc @@ -14,7 +14,7 @@ The following endpoints are deprecated ({pull}129448[#129448]) and will be remov * <> * <> -To avoid breakage, we recommend using the <> API instead. You can also use the <>, <>, and <> rule APIs to manage rules individually. +To avoid breakage, we recommend using the <> API instead for similar bulk actions. You can also use the <>, <>, and <> rule APIs to manage rules individually. [discrete] [[breaking-changes-8.2.0]] From 3a661003b21118b0137b12cf0b4eb71dd15b2eef Mon Sep 17 00:00:00 2001 From: "nastasha.solomon" Date: Wed, 20 Apr 2022 07:45:04 -0400 Subject: [PATCH 11/26] Removed 127174 as per convo with Askhokaditya --- docs/release-notes/8.2.asciidoc | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/release-notes/8.2.asciidoc b/docs/release-notes/8.2.asciidoc index 7a6484026d..d8ae4f293c 100644 --- a/docs/release-notes/8.2.asciidoc +++ b/docs/release-notes/8.2.asciidoc @@ -69,4 +69,3 @@ There are no breaking changes in 8.2.0. * Adds a fallback mechanism to EQL rules so that rules fall back to `@timestamp` if `timestamp_override` doesn't exist ({pull}127989[#127989]). * Fixes a bug that stopped EQL rules from using a `max_signals` value greater than 100 ({pull}127839[#127839]). * Makes EQL rules use the EQL method of the {es} client ({pull}127684[#127684]). -* Generates data about endpoint action and responses to match {fleet} actions so that the pending actions badge correctly displays ({pull}127174[#127174]). From 0c94593a50ee952696e69de7ed06450663257f1d Mon Sep 17 00:00:00 2001 From: "nastasha.solomon" Date: Wed, 20 Apr 2022 08:42:57 -0400 Subject: [PATCH 12/26] Additional input from Ash --- docs/release-notes/8.2.asciidoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/release-notes/8.2.asciidoc b/docs/release-notes/8.2.asciidoc index d8ae4f293c..4f4e9f7b35 100644 --- a/docs/release-notes/8.2.asciidoc +++ b/docs/release-notes/8.2.asciidoc @@ -38,7 +38,7 @@ There are no breaking changes in 8.2.0. * Adds a list of linked cases to the alert details flyout ({pull}128033[#128033]). * Expands the actions you can take on visualizations throughout Elastic Security to *Inspect*, *Open in Lens*, *Add to new case*, and *Add to existing case* ({pull}126507[#126507]). * Adds rule execution logs to the rule details page to consolidate information about a rule's execution history ({pull}126215[#126215]). -* Enables wildcards for `file.path.text` fields within event filters with the *matches* operator ({pull}125202[#125202]). +* Enables wildcards entries for `file.path.text` fields within event filters with the *matches* operator ({pull}125202[#125202]). [discrete] [[bug-fixes-8.2.0]] @@ -64,7 +64,7 @@ There are no breaking changes in 8.2.0. * Excludes malware and ransomware alerts from detection rule telemetry ({pull}130233[#130233]). * Fixes alert and external alert filters on the Hosts page and Users page ({pull}129451[#129451]). * Passes threshold alert filters to the Timeline ({pull}129405[#129405]). -* Displays a confirmation message when user modifies an event filter ({pull}128810[#128810]). +* Displays a confirmation message when user creates the first event filter ({pull}128810[#128810]). * Fixes a bug that ignored exceptions when loading the threshold alert count in a Timeline ({pull}128495[#128495]). * Adds a fallback mechanism to EQL rules so that rules fall back to `@timestamp` if `timestamp_override` doesn't exist ({pull}127989[#127989]). * Fixes a bug that stopped EQL rules from using a `max_signals` value greater than 100 ({pull}127839[#127839]). From 6b7aa3855c92bf14fde42b7cad47e9112315aa78 Mon Sep 17 00:00:00 2001 From: "nastasha.solomon" Date: Wed, 20 Apr 2022 13:03:18 -0400 Subject: [PATCH 13/26] Ben's edits --- docs/release-notes/8.2.asciidoc | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/docs/release-notes/8.2.asciidoc b/docs/release-notes/8.2.asciidoc index 4f4e9f7b35..a6c32a6202 100644 --- a/docs/release-notes/8.2.asciidoc +++ b/docs/release-notes/8.2.asciidoc @@ -20,7 +20,7 @@ To avoid breakage, we recommend using the <> that enables you to prevent applications from running on hosts ({pull}127098[#127098], {pull}127031[#127031], {pull}126390[#126390]). * Enables you to bulk-apply Timeline templates to rules ({pull}128691[#128691]). -* Enables filtering the rules management table by index pattern or MITRE ATT&CK tactic or technique (name or ID) ({pull}128245[#128245]). +* Enables users to filter the rules management table by index pattern or MITRE ATT&CK tactic or technique (name or ID) ({pull}128245[#128245]). * Allows you to run Osquery searches from the **Take action** menu on the alert details flyout (Alerts and Timelines pages) ({pull}128142[#128142]). * Adds a list of linked cases to the alert details flyout ({pull}128033[#128033]). * Expands the actions you can take on visualizations throughout Elastic Security to *Inspect*, *Open in Lens*, *Add to new case*, and *Add to existing case* ({pull}126507[#126507]). @@ -43,28 +43,28 @@ There are no breaking changes in 8.2.0. [discrete] [[bug-fixes-8.2.0]] ==== Bug fixes and enhancements -* Performance enhancements to the indicator match rule: +* Performance enhancements for indicator match rules: ** Adds point in time (PIT) search ({pull}128433[#128433]). ** Adds events-first (reverse) search ({pull}127428[#127428]). -** Includes filters from indicator match rule mappings to reduce the search load when the rule is run ({pull}127411[#127411]). -* Enables the rule preview functionality for indicator match rules ({pull}126651[#126651]). +** Includes filters from indicator match rule mappings to reduce the search load when rules run ({pull}127411[#127411]). +* Enables rule previews for indicator match rules ({pull}126651[#126651]). * Fixes bug that affected the accuracy of rule preview results ({pull}128003[#128003]). * Adds event log telemetry for detection rules ({pull}128216[#128216]). * Adds support for Osquery pack integration assets ({pull}128109[#128109]). * Fixes minor Osquery issues on alerts ({pull}128676[#128676]). * Displays the alerts table when previewing a rule ({pull}127986[#127986]). -* Allows users to reduce resource loads by collapsing KPIs and table queries running on the Hosts and Network pages ({pull}127930[#127930]). +* Allows users to reduce resource usage by collapsing KPIs and table queries running on the Hosts and Network pages ({pull}127930[#127930]). * Adds the *Alert prevalence* column to the Highlighted fields table ({pull}127599[#127599]). * Introduces a new landing page that provides guidance for adding data ({pull}127324[#127324]). -* Redesigns the the *Fields* browser ({pull}126105[#126105]). +* Redesigns the *Fields* browser ({pull}126105[#126105]). * Allows runtime fields to be managed from the *Fields* browser ({pull}127037[#127037]). -* Adds the *Blocklist enabled* toggle in the Malware protection settings ({pull}127031[#127031]). +* Adds the *Blocklist enabled* toggle to the Malware protection settings ({pull}127031[#127031]). * Updates MITRE ATT&CK mappings for detection rules to v10.1 ({pull}126288[#126288]). * Adds an Advanced Settings toggle to turn off `read` privilege warnings for detection rules using a remote cross-cluster search (CCS) index pattern ({pull}124459[#124459]). * Excludes malware and ransomware alerts from detection rule telemetry ({pull}130233[#130233]). * Fixes alert and external alert filters on the Hosts page and Users page ({pull}129451[#129451]). * Passes threshold alert filters to the Timeline ({pull}129405[#129405]). -* Displays a confirmation message when user creates the first event filter ({pull}128810[#128810]). +* Displays a confirmation message when a user creates the first event filter ({pull}128810[#128810]). * Fixes a bug that ignored exceptions when loading the threshold alert count in a Timeline ({pull}128495[#128495]). * Adds a fallback mechanism to EQL rules so that rules fall back to `@timestamp` if `timestamp_override` doesn't exist ({pull}127989[#127989]). * Fixes a bug that stopped EQL rules from using a `max_signals` value greater than 100 ({pull}127839[#127839]). From 5f6f69d4265b321679da66f5888b57d6f5bbc162 Mon Sep 17 00:00:00 2001 From: "nastasha.solomon" Date: Wed, 20 Apr 2022 16:27:52 -0400 Subject: [PATCH 14/26] Fixed typo --- docs/release-notes/8.2.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/release-notes/8.2.asciidoc b/docs/release-notes/8.2.asciidoc index a6c32a6202..c6c052297e 100644 --- a/docs/release-notes/8.2.asciidoc +++ b/docs/release-notes/8.2.asciidoc @@ -38,7 +38,7 @@ There are no breaking changes in 8.2.0. * Adds a list of linked cases to the alert details flyout ({pull}128033[#128033]). * Expands the actions you can take on visualizations throughout Elastic Security to *Inspect*, *Open in Lens*, *Add to new case*, and *Add to existing case* ({pull}126507[#126507]). * Adds rule execution logs to the rule details page to consolidate information about a rule's execution history ({pull}126215[#126215]). -* Enables wildcards entries for `file.path.text` fields within event filters with the *matches* operator ({pull}125202[#125202]). +* Enables wildcard entries for `file.path.text` fields within event filters with the *matches* operator ({pull}125202[#125202]). [discrete] [[bug-fixes-8.2.0]] From 80589bef2ab486ecc46a078962833a99aa2a3868 Mon Sep 17 00:00:00 2001 From: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Wed, 20 Apr 2022 17:21:16 -0400 Subject: [PATCH 15/26] Update docs/release-notes/8.2.asciidoc --- docs/release-notes/8.2.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/release-notes/8.2.asciidoc b/docs/release-notes/8.2.asciidoc index c6c052297e..43fed1b7d4 100644 --- a/docs/release-notes/8.2.asciidoc +++ b/docs/release-notes/8.2.asciidoc @@ -34,7 +34,7 @@ There are no breaking changes in 8.2.0. * Creates a <> that enables you to prevent applications from running on hosts ({pull}127098[#127098], {pull}127031[#127031], {pull}126390[#126390]). * Enables you to bulk-apply Timeline templates to rules ({pull}128691[#128691]). * Enables users to filter the rules management table by index pattern or MITRE ATT&CK tactic or technique (name or ID) ({pull}128245[#128245]). -* Allows you to run Osquery searches from the **Take action** menu on the alert details flyout (Alerts and Timelines pages) ({pull}128142[#128142]). +* Allows you to run Osquery searches from the **Take action** button on the Alert details flyout (**Alerts** and **Timelines** pages) ({pull}128142[#128142]). * Adds a list of linked cases to the alert details flyout ({pull}128033[#128033]). * Expands the actions you can take on visualizations throughout Elastic Security to *Inspect*, *Open in Lens*, *Add to new case*, and *Add to existing case* ({pull}126507[#126507]). * Adds rule execution logs to the rule details page to consolidate information about a rule's execution history ({pull}126215[#126215]). From 3079532189b674e4bca46105481f27febf08200f Mon Sep 17 00:00:00 2001 From: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Wed, 20 Apr 2022 17:21:20 -0400 Subject: [PATCH 16/26] Update docs/release-notes/8.2.asciidoc --- docs/release-notes/8.2.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/release-notes/8.2.asciidoc b/docs/release-notes/8.2.asciidoc index 43fed1b7d4..9356902a09 100644 --- a/docs/release-notes/8.2.asciidoc +++ b/docs/release-notes/8.2.asciidoc @@ -36,7 +36,7 @@ There are no breaking changes in 8.2.0. * Enables users to filter the rules management table by index pattern or MITRE ATT&CK tactic or technique (name or ID) ({pull}128245[#128245]). * Allows you to run Osquery searches from the **Take action** button on the Alert details flyout (**Alerts** and **Timelines** pages) ({pull}128142[#128142]). * Adds a list of linked cases to the alert details flyout ({pull}128033[#128033]). -* Expands the actions you can take on visualizations throughout Elastic Security to *Inspect*, *Open in Lens*, *Add to new case*, and *Add to existing case* ({pull}126507[#126507]). +* Expands the actions you can take on visualizations throughout {elastic-sec} to *Inspect*, *Open in Lens*, *Add to new case*, and *Add to existing case* ({pull}126507[#126507]). * Adds rule execution logs to the rule details page to consolidate information about a rule's execution history ({pull}126215[#126215]). * Enables wildcard entries for `file.path.text` fields within event filters with the *matches* operator ({pull}125202[#125202]). From 85d2f8d3a59f968e81417d65f8761055ecacd896 Mon Sep 17 00:00:00 2001 From: "nastasha.solomon" Date: Thu, 21 Apr 2022 11:29:42 -0400 Subject: [PATCH 17/26] Adding sum for policies page --- docs/release-notes/8.2.asciidoc | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/docs/release-notes/8.2.asciidoc b/docs/release-notes/8.2.asciidoc index 9356902a09..80c18b67ff 100644 --- a/docs/release-notes/8.2.asciidoc +++ b/docs/release-notes/8.2.asciidoc @@ -8,7 +8,7 @@ [discrete] [[deprecations-8.2.0]] ==== Deprecations -The following endpoints are deprecated ({pull}129448[#129448]) and will be removed in a future release. They will remain active for at least the next 18 months: +The following APIs are deprecated ({pull}129448[#129448]) and will be removed in a future release. They will remain active for at least the next 18 months: * <> * <> @@ -32,6 +32,7 @@ There are no breaking changes in 8.2.0. * Creates a *Users* page under *Explore* to help you better understand authentication and usage information ({pull}127617[#127617], {pull}127953[#127953], {pull}126434[#126434], {pull}126079[#126079], {pull}128375[#128375], {pull}130030[#130030]). * Creates a User details flyout ({pull}127019[#127019]). * Creates a <> that enables you to prevent applications from running on hosts ({pull}127098[#127098], {pull}127031[#127031], {pull}126390[#126390]). +* The *Policies* page lists all of the integration policies configured for Endpoint Security. You can use the page to quickly find and manage your Endpoint Security integration policies ({pull}123760[#123760]). * Enables you to bulk-apply Timeline templates to rules ({pull}128691[#128691]). * Enables users to filter the rules management table by index pattern or MITRE ATT&CK tactic or technique (name or ID) ({pull}128245[#128245]). * Allows you to run Osquery searches from the **Take action** button on the Alert details flyout (**Alerts** and **Timelines** pages) ({pull}128142[#128142]). @@ -53,7 +54,7 @@ There are no breaking changes in 8.2.0. * Adds support for Osquery pack integration assets ({pull}128109[#128109]). * Fixes minor Osquery issues on alerts ({pull}128676[#128676]). * Displays the alerts table when previewing a rule ({pull}127986[#127986]). -* Allows users to reduce resource usage by collapsing KPIs and table queries running on the Hosts and Network pages ({pull}127930[#127930]). +* Allows users to reduce resource usage by collapsing KPIs and table queries running on the *Hosts* and *Network* pages ({pull}127930[#127930]). * Adds the *Alert prevalence* column to the Highlighted fields table ({pull}127599[#127599]). * Introduces a new landing page that provides guidance for adding data ({pull}127324[#127324]). * Redesigns the *Fields* browser ({pull}126105[#126105]). @@ -62,7 +63,7 @@ There are no breaking changes in 8.2.0. * Updates MITRE ATT&CK mappings for detection rules to v10.1 ({pull}126288[#126288]). * Adds an Advanced Settings toggle to turn off `read` privilege warnings for detection rules using a remote cross-cluster search (CCS) index pattern ({pull}124459[#124459]). * Excludes malware and ransomware alerts from detection rule telemetry ({pull}130233[#130233]). -* Fixes alert and external alert filters on the Hosts page and Users page ({pull}129451[#129451]). +* Fixes alert and external alert filters on the *Hosts* page and *Users* page ({pull}129451[#129451]). * Passes threshold alert filters to the Timeline ({pull}129405[#129405]). * Displays a confirmation message when a user creates the first event filter ({pull}128810[#128810]). * Fixes a bug that ignored exceptions when loading the threshold alert count in a Timeline ({pull}128495[#128495]). From 910cdf362f35a6d656f8cdba864929a43b6ebd01 Mon Sep 17 00:00:00 2001 From: "nastasha.solomon" Date: Thu, 21 Apr 2022 13:07:03 -0400 Subject: [PATCH 18/26] reverting term change --- docs/release-notes/8.2.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/release-notes/8.2.asciidoc b/docs/release-notes/8.2.asciidoc index 80c18b67ff..04d6927655 100644 --- a/docs/release-notes/8.2.asciidoc +++ b/docs/release-notes/8.2.asciidoc @@ -8,7 +8,7 @@ [discrete] [[deprecations-8.2.0]] ==== Deprecations -The following APIs are deprecated ({pull}129448[#129448]) and will be removed in a future release. They will remain active for at least the next 18 months: +The following endpoints are deprecated ({pull}129448[#129448]) and will be removed in a future release. They will remain active for at least the next 18 months: * <> * <> From 04072d918b82e33013f5dff12853b3f2953428af Mon Sep 17 00:00:00 2001 From: "nastasha.solomon" Date: Thu, 21 Apr 2022 14:37:33 -0400 Subject: [PATCH 19/26] Pedro's request --- docs/release-notes/8.2.asciidoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/release-notes/8.2.asciidoc b/docs/release-notes/8.2.asciidoc index 04d6927655..73d49635c3 100644 --- a/docs/release-notes/8.2.asciidoc +++ b/docs/release-notes/8.2.asciidoc @@ -28,6 +28,8 @@ There are no breaking changes in 8.2.0. [discrete] [[features-8.2.0]] ==== Features +* Enables rule previews for indicator match rules ({pull}126651[#126651]). +* Displays the alerts table when previewing a rule ({pull}127986[#127986]). * Introduces a new beta feature, [session-view, Session View]. Session view contextualizes and provides insight into Linux process data ({pull}127828[#127828], {pull}126997[#126997], {pull}127520[#127520], {pull}124575[#124575]). * Creates a *Users* page under *Explore* to help you better understand authentication and usage information ({pull}127617[#127617], {pull}127953[#127953], {pull}126434[#126434], {pull}126079[#126079], {pull}128375[#128375], {pull}130030[#130030]). * Creates a User details flyout ({pull}127019[#127019]). @@ -48,12 +50,10 @@ There are no breaking changes in 8.2.0. ** Adds point in time (PIT) search ({pull}128433[#128433]). ** Adds events-first (reverse) search ({pull}127428[#127428]). ** Includes filters from indicator match rule mappings to reduce the search load when rules run ({pull}127411[#127411]). -* Enables rule previews for indicator match rules ({pull}126651[#126651]). * Fixes bug that affected the accuracy of rule preview results ({pull}128003[#128003]). * Adds event log telemetry for detection rules ({pull}128216[#128216]). * Adds support for Osquery pack integration assets ({pull}128109[#128109]). * Fixes minor Osquery issues on alerts ({pull}128676[#128676]). -* Displays the alerts table when previewing a rule ({pull}127986[#127986]). * Allows users to reduce resource usage by collapsing KPIs and table queries running on the *Hosts* and *Network* pages ({pull}127930[#127930]). * Adds the *Alert prevalence* column to the Highlighted fields table ({pull}127599[#127599]). * Introduces a new landing page that provides guidance for adding data ({pull}127324[#127324]). From b9b28fdb90b31e55a16370b59073623844368504 Mon Sep 17 00:00:00 2001 From: "nastasha.solomon" Date: Tue, 26 Apr 2022 17:24:47 -0400 Subject: [PATCH 20/26] Janeen's edits --- docs/release-notes/8.2.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/release-notes/8.2.asciidoc b/docs/release-notes/8.2.asciidoc index 73d49635c3..bef49013f9 100644 --- a/docs/release-notes/8.2.asciidoc +++ b/docs/release-notes/8.2.asciidoc @@ -34,7 +34,7 @@ There are no breaking changes in 8.2.0. * Creates a *Users* page under *Explore* to help you better understand authentication and usage information ({pull}127617[#127617], {pull}127953[#127953], {pull}126434[#126434], {pull}126079[#126079], {pull}128375[#128375], {pull}130030[#130030]). * Creates a User details flyout ({pull}127019[#127019]). * Creates a <> that enables you to prevent applications from running on hosts ({pull}127098[#127098], {pull}127031[#127031], {pull}126390[#126390]). -* The *Policies* page lists all of the integration policies configured for Endpoint Security. You can use the page to quickly find and manage your Endpoint Security integration policies ({pull}123760[#123760]). +* Creates a *Policies* page, which lists all of the integration policies configured for {endpoint-sec}. Use the page to quickly view and manage your {endpoint-sec} integration policies ({pull}123760[#123760]). * Enables you to bulk-apply Timeline templates to rules ({pull}128691[#128691]). * Enables users to filter the rules management table by index pattern or MITRE ATT&CK tactic or technique (name or ID) ({pull}128245[#128245]). * Allows you to run Osquery searches from the **Take action** button on the Alert details flyout (**Alerts** and **Timelines** pages) ({pull}128142[#128142]). From 44077cf320bbd54f1f23f3e9a7d44b864a38e823 Mon Sep 17 00:00:00 2001 From: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Thu, 28 Apr 2022 17:13:11 -0400 Subject: [PATCH 21/26] Update docs/release-notes/8.2.asciidoc Co-authored-by: Joe Peeples --- docs/release-notes/8.2.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/release-notes/8.2.asciidoc b/docs/release-notes/8.2.asciidoc index bef49013f9..1d897dd94b 100644 --- a/docs/release-notes/8.2.asciidoc +++ b/docs/release-notes/8.2.asciidoc @@ -30,7 +30,7 @@ There are no breaking changes in 8.2.0. ==== Features * Enables rule previews for indicator match rules ({pull}126651[#126651]). * Displays the alerts table when previewing a rule ({pull}127986[#127986]). -* Introduces a new beta feature, [session-view, Session View]. Session view contextualizes and provides insight into Linux process data ({pull}127828[#127828], {pull}126997[#126997], {pull}127520[#127520], {pull}124575[#124575]). +* Introduces a new beta feature, <>. Session view contextualizes and provides insight into Linux process data ({pull}127828[#127828], {pull}126997[#126997], {pull}127520[#127520], {pull}124575[#124575]). * Creates a *Users* page under *Explore* to help you better understand authentication and usage information ({pull}127617[#127617], {pull}127953[#127953], {pull}126434[#126434], {pull}126079[#126079], {pull}128375[#128375], {pull}130030[#130030]). * Creates a User details flyout ({pull}127019[#127019]). * Creates a <> that enables you to prevent applications from running on hosts ({pull}127098[#127098], {pull}127031[#127031], {pull}126390[#126390]). From 876c4b96a78ebb9ab33d41e1763bbc3b51f21b0e Mon Sep 17 00:00:00 2001 From: "nastasha.solomon" Date: Fri, 29 Apr 2022 14:27:28 -0400 Subject: [PATCH 22/26] Adding ref --- docs/release-notes/8.2.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/release-notes/8.2.asciidoc b/docs/release-notes/8.2.asciidoc index 1d897dd94b..707c59513b 100644 --- a/docs/release-notes/8.2.asciidoc +++ b/docs/release-notes/8.2.asciidoc @@ -31,7 +31,7 @@ There are no breaking changes in 8.2.0. * Enables rule previews for indicator match rules ({pull}126651[#126651]). * Displays the alerts table when previewing a rule ({pull}127986[#127986]). * Introduces a new beta feature, <>. Session view contextualizes and provides insight into Linux process data ({pull}127828[#127828], {pull}126997[#126997], {pull}127520[#127520], {pull}124575[#124575]). -* Creates a *Users* page under *Explore* to help you better understand authentication and usage information ({pull}127617[#127617], {pull}127953[#127953], {pull}126434[#126434], {pull}126079[#126079], {pull}128375[#128375], {pull}130030[#130030]). +* Creates a <<*Users*>> page under *Explore* to help you better understand authentication and usage information ({pull}127617[#127617], {pull}127953[#127953], {pull}126434[#126434], {pull}126079[#126079], {pull}128375[#128375], {pull}130030[#130030]). * Creates a User details flyout ({pull}127019[#127019]). * Creates a <> that enables you to prevent applications from running on hosts ({pull}127098[#127098], {pull}127031[#127031], {pull}126390[#126390]). * Creates a *Policies* page, which lists all of the integration policies configured for {endpoint-sec}. Use the page to quickly view and manage your {endpoint-sec} integration policies ({pull}123760[#123760]). From 6a22863981ba6560feaa7a6a121683bb2914e32e Mon Sep 17 00:00:00 2001 From: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Fri, 29 Apr 2022 15:21:18 -0400 Subject: [PATCH 23/26] Update docs/release-notes/8.2.asciidoc --- docs/release-notes/8.2.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/release-notes/8.2.asciidoc b/docs/release-notes/8.2.asciidoc index 707c59513b..3cbbc4b23c 100644 --- a/docs/release-notes/8.2.asciidoc +++ b/docs/release-notes/8.2.asciidoc @@ -31,7 +31,7 @@ There are no breaking changes in 8.2.0. * Enables rule previews for indicator match rules ({pull}126651[#126651]). * Displays the alerts table when previewing a rule ({pull}127986[#127986]). * Introduces a new beta feature, <>. Session view contextualizes and provides insight into Linux process data ({pull}127828[#127828], {pull}126997[#126997], {pull}127520[#127520], {pull}124575[#124575]). -* Creates a <<*Users*>> page under *Explore* to help you better understand authentication and usage information ({pull}127617[#127617], {pull}127953[#127953], {pull}126434[#126434], {pull}126079[#126079], {pull}128375[#128375], {pull}130030[#130030]). +* Creates a <> page under *Explore* to help you better understand authentication and usage information ({pull}127617[#127617], {pull}127953[#127953], {pull}126434[#126434], {pull}126079[#126079], {pull}128375[#128375], {pull}130030[#130030]). * Creates a User details flyout ({pull}127019[#127019]). * Creates a <> that enables you to prevent applications from running on hosts ({pull}127098[#127098], {pull}127031[#127031], {pull}126390[#126390]). * Creates a *Policies* page, which lists all of the integration policies configured for {endpoint-sec}. Use the page to quickly view and manage your {endpoint-sec} integration policies ({pull}123760[#123760]). From 867b3125163ba35b2de8a714ab8844acc856affb Mon Sep 17 00:00:00 2001 From: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Mon, 2 May 2022 16:35:55 -0400 Subject: [PATCH 24/26] Update docs/release-notes/8.2.asciidoc Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com> --- docs/release-notes/8.2.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/release-notes/8.2.asciidoc b/docs/release-notes/8.2.asciidoc index 3cbbc4b23c..5ea3c6049e 100644 --- a/docs/release-notes/8.2.asciidoc +++ b/docs/release-notes/8.2.asciidoc @@ -50,7 +50,7 @@ There are no breaking changes in 8.2.0. ** Adds point in time (PIT) search ({pull}128433[#128433]). ** Adds events-first (reverse) search ({pull}127428[#127428]). ** Includes filters from indicator match rule mappings to reduce the search load when rules run ({pull}127411[#127411]). -* Fixes bug that affected the accuracy of rule preview results ({pull}128003[#128003]). +* Fixes a bug that affected the accuracy of rule preview results ({pull}128003[#128003]). * Adds event log telemetry for detection rules ({pull}128216[#128216]). * Adds support for Osquery pack integration assets ({pull}128109[#128109]). * Fixes minor Osquery issues on alerts ({pull}128676[#128676]). From 0f25295009d54f55b1694b47bc51f94535919c4b Mon Sep 17 00:00:00 2001 From: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Mon, 2 May 2022 16:36:04 -0400 Subject: [PATCH 25/26] Update docs/release-notes/8.2.asciidoc Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com> --- docs/release-notes/8.2.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/release-notes/8.2.asciidoc b/docs/release-notes/8.2.asciidoc index 5ea3c6049e..f3cf9f713e 100644 --- a/docs/release-notes/8.2.asciidoc +++ b/docs/release-notes/8.2.asciidoc @@ -69,4 +69,4 @@ There are no breaking changes in 8.2.0. * Fixes a bug that ignored exceptions when loading the threshold alert count in a Timeline ({pull}128495[#128495]). * Adds a fallback mechanism to EQL rules so that rules fall back to `@timestamp` if `timestamp_override` doesn't exist ({pull}127989[#127989]). * Fixes a bug that stopped EQL rules from using a `max_signals` value greater than 100 ({pull}127839[#127839]). -* Makes EQL rules use the EQL method of the {es} client ({pull}127684[#127684]). +* Updates EQL rules to use the EQL method of the {es} client ({pull}127684[#127684]). From 508764aa25a2070616de29f7ce85c9acd4ff791e Mon Sep 17 00:00:00 2001 From: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Mon, 2 May 2022 16:36:09 -0400 Subject: [PATCH 26/26] Update docs/release-notes/8.2.asciidoc Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com> --- docs/release-notes/8.2.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/release-notes/8.2.asciidoc b/docs/release-notes/8.2.asciidoc index f3cf9f713e..f9c3264dee 100644 --- a/docs/release-notes/8.2.asciidoc +++ b/docs/release-notes/8.2.asciidoc @@ -59,7 +59,7 @@ There are no breaking changes in 8.2.0. * Introduces a new landing page that provides guidance for adding data ({pull}127324[#127324]). * Redesigns the *Fields* browser ({pull}126105[#126105]). * Allows runtime fields to be managed from the *Fields* browser ({pull}127037[#127037]). -* Adds the *Blocklist enabled* toggle to the Malware protection settings ({pull}127031[#127031]). +* Adds the *Blocklist enabled* toggle to Malware protection settings ({pull}127031[#127031]). * Updates MITRE ATT&CK mappings for detection rules to v10.1 ({pull}126288[#126288]). * Adds an Advanced Settings toggle to turn off `read` privilege warnings for detection rules using a remote cross-cluster search (CCS) index pattern ({pull}124459[#124459]). * Excludes malware and ransomware alerts from detection rule telemetry ({pull}130233[#130233]).