elastic · nastasha-solomon · May 2, 2022 · Apr 11, 2022 · Apr 11, 2022 · Apr 14, 2022
@@ -3,6 +3,7 @@
 
 This section summarizes the changes in each release.
 
+* <<release-notes-8.2.0, {elastic-sec} version 8.2.0>>
 * <<release-notes-8.1.3, {elastic-sec} version 8.1.3>>
 * <<release-notes-8.1.2, {elastic-sec} version 8.1.2>>
 * <<release-notes-8.1.1, {elastic-sec} version 8.1.1>>
@@ -16,5 +17,6 @@ This section summarizes the changes in each release.
 :issue: https://github.com/elastic/kibana/issues/
 :pull: https://github.com/elastic/kibana/pull/
 
+include::release-notes/8.2.asciidoc[]
 include::release-notes/8.1.asciidoc[]
 include::release-notes/8.0.asciidoc[]
@@ -0,0 +1,72 @@
+[[release-notes-header-8.2.0]]
+== 8.2
+
+[discrete]
+[[release-notes-8.2.0]]
+=== 8.2.0
+
+[discrete]
+[[deprecations-8.2.0]]
+==== Deprecations
+The following endpoints are deprecated ({pull}129448[#129448]) and will be removed in a future release. They will remain active for at least the next 18 months:
+
+* <<bulk-actions-rules-api-create,`/api/detection_engine/rules/_bulk_create`>>
+* <<bulk-actions-rules-api-delete,`/api/detection_engine/rules/_bulk_delete`>>
+* <<bulk-actions-rules-api-update,`/api/detection_engine/rules/_bulk_update`>>
+
+To avoid breakage, we recommend using the <<bulk-actions-rules-api,bulk rule actions>> API instead for similar bulk actions.  You can also use the <<rules-api-create,create>>, <<rules-api-update,update>>, and <<rules-api-delete,delete>> rule APIs to manage rules individually.
+
+[discrete]
+[[breaking-changes-8.2.0]]
+==== Breaking changes
+// tag::breaking-changes[]
+// NOTE: The breaking-changes tagged regions are reused in the Elastic Installation and Upgrade Guide. The pull attribute is defined within this snippet so it properly resolves in the output.
+:pull: https://github.com/elastic/kibana/pull/
+There are no breaking changes in 8.2.0.
+// end::breaking-changes[]
+
+[discrete]
+[[features-8.2.0]]
+==== Features
+* Enables rule previews for indicator match rules ({pull}126651[#126651]).
+* Displays the alerts table when previewing a rule ({pull}127986[#127986]).
+* Introduces a new beta feature, <<session-view, Session View>>. Session view contextualizes and provides insight into Linux process data ({pull}127828[#127828], {pull}126997[#126997], {pull}127520[#127520], {pull}124575[#124575]).
+* Creates a <<users-page,*Users*>> page under *Explore* to help you better understand authentication and usage information ({pull}127617[#127617], {pull}127953[#127953], {pull}126434[#126434], {pull}126079[#126079], {pull}128375[#128375], {pull}130030[#130030]).
+* Creates a User details flyout ({pull}127019[#127019]).
+* Creates a <<blocklist, Blocklist>> that enables you to prevent applications from running on hosts ({pull}127098[#127098], {pull}127031[#127031], {pull}126390[#126390]).
+* Creates a *Policies* page, which lists all of the integration policies configured for {endpoint-sec}. Use the page to quickly view and manage your {endpoint-sec} integration policies ({pull}123760[#123760]).
+* Enables you to bulk-apply Timeline templates to rules ({pull}128691[#128691]).
+* Enables users to filter the rules management table by index pattern or MITRE ATT&CK tactic or technique (name or ID) ({pull}128245[#128245]).
+* Allows you to run Osquery searches from the **Take action** button on the Alert details flyout (**Alerts** and **Timelines** pages) ({pull}128142[#128142]).
+* Adds a list of linked cases to the alert details flyout ({pull}128033[#128033]).
+* Expands the actions you can take on visualizations throughout {elastic-sec} to *Inspect*, *Open in Lens*, *Add to new case*, and *Add to existing case* ({pull}126507[#126507]).
+* Adds rule execution logs to the rule details page to consolidate information about a rule's execution history ({pull}126215[#126215]).
+* Enables wildcard entries for `file.path.text` fields within event filters with the *matches* operator ({pull}125202[#125202]).
+
+[discrete]
+[[bug-fixes-8.2.0]]
+==== Bug fixes and enhancements
+* Performance enhancements for indicator match rules:
+** Adds point in time (PIT) search ({pull}128433[#128433]).
+** Adds events-first (reverse) search ({pull}127428[#127428]).
+** Includes filters from indicator match rule mappings to reduce the search load when rules run ({pull}127411[#127411]).
+* Fixes a bug that affected the accuracy of rule preview results ({pull}128003[#128003]).
+* Adds event log telemetry for detection rules ({pull}128216[#128216]).
+* Adds support for Osquery pack integration assets ({pull}128109[#128109]).
+* Fixes minor Osquery issues on alerts ({pull}128676[#128676]).
+* Allows users to reduce resource usage by collapsing KPIs and table queries running on the *Hosts* and *Network* pages ({pull}127930[#127930]).
+* Adds the *Alert prevalence* column to the Highlighted fields table ({pull}127599[#127599]).
+* Introduces a new landing page that provides guidance for adding data ({pull}127324[#127324]).
+* Redesigns the *Fields* browser ({pull}126105[#126105]).
+* Allows runtime fields to be managed from the *Fields* browser ({pull}127037[#127037]).
+* Adds the *Blocklist enabled* toggle to Malware protection settings ({pull}127031[#127031]).
+* Updates MITRE ATT&CK mappings for detection rules to v10.1 ({pull}126288[#126288]).
+* Adds an Advanced Settings toggle to turn off `read` privilege warnings for detection rules using a remote cross-cluster search (CCS) index pattern ({pull}124459[#124459]).
+* Excludes malware and ransomware alerts from detection rule telemetry ({pull}130233[#130233]).
+* Fixes alert and external alert filters on the *Hosts* page and *Users* page ({pull}129451[#129451]).
+* Passes threshold alert filters to the Timeline ({pull}129405[#129405]).
+* Displays a confirmation message when a user creates the first event filter ({pull}128810[#128810]).
+* Fixes a bug that ignored exceptions when loading the threshold alert count in a Timeline ({pull}128495[#128495]).
+* Adds a fallback mechanism to EQL rules so that rules fall back to `@timestamp` if `timestamp_override` doesn't exist ({pull}127989[#127989]).
+* Fixes a bug that stopped EQL rules from using a `max_signals` value greater than 100 ({pull}127839[#127839]).
+* Updates EQL rules to use the EQL method of the {es} client ({pull}127684[#127684]).