Skip to content

[8.2] [DOCS] 8.2.0 Release Notes (backport #1828) #1936

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
May 2, 2022
Merged

[8.2] [DOCS] 8.2.0 Release Notes (backport #1828) #1936

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions docs/release-notes.asciidoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@

This section summarizes the changes in each release.

* <<release-notes-8.2.0, {elastic-sec} version 8.2.0>>
* <<release-notes-8.1.3, {elastic-sec} version 8.1.3>>
* <<release-notes-8.1.2, {elastic-sec} version 8.1.2>>
* <<release-notes-8.1.1, {elastic-sec} version 8.1.1>>
Expand All @@ -16,5 +17,6 @@ This section summarizes the changes in each release.
:issue: https://github.com/elastic/kibana/issues/
:pull: https://github.com/elastic/kibana/pull/

include::release-notes/8.2.asciidoc[]
include::release-notes/8.1.asciidoc[]
include::release-notes/8.0.asciidoc[]
72 changes: 72 additions & 0 deletions docs/release-notes/8.2.asciidoc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
[[release-notes-header-8.2.0]]
== 8.2

[discrete]
[[release-notes-8.2.0]]
=== 8.2.0

[discrete]
[[deprecations-8.2.0]]
==== Deprecations
The following endpoints are deprecated ({pull}129448[#129448]) and will be removed in a future release. They will remain active for at least the next 18 months:

* <<bulk-actions-rules-api-create,`/api/detection_engine/rules/_bulk_create`>>
* <<bulk-actions-rules-api-delete,`/api/detection_engine/rules/_bulk_delete`>>
* <<bulk-actions-rules-api-update,`/api/detection_engine/rules/_bulk_update`>>

To avoid breakage, we recommend using the <<bulk-actions-rules-api,bulk rule actions>> API instead for similar bulk actions. You can also use the <<rules-api-create,create>>, <<rules-api-update,update>>, and <<rules-api-delete,delete>> rule APIs to manage rules individually.

[discrete]
[[breaking-changes-8.2.0]]
==== Breaking changes
// tag::breaking-changes[]
// NOTE: The breaking-changes tagged regions are reused in the Elastic Installation and Upgrade Guide. The pull attribute is defined within this snippet so it properly resolves in the output.
:pull: https://github.com/elastic/kibana/pull/
There are no breaking changes in 8.2.0.
// end::breaking-changes[]

[discrete]
[[features-8.2.0]]
==== Features
* Enables rule previews for indicator match rules ({pull}126651[#126651]).
* Displays the alerts table when previewing a rule ({pull}127986[#127986]).
* Introduces a new beta feature, <<session-view, Session View>>. Session view contextualizes and provides insight into Linux process data ({pull}127828[#127828], {pull}126997[#126997], {pull}127520[#127520], {pull}124575[#124575]).
* Creates a <<users-page,*Users*>> page under *Explore* to help you better understand authentication and usage information ({pull}127617[#127617], {pull}127953[#127953], {pull}126434[#126434], {pull}126079[#126079], {pull}128375[#128375], {pull}130030[#130030]).
* Creates a User details flyout ({pull}127019[#127019]).
* Creates a <<blocklist, Blocklist>> that enables you to prevent applications from running on hosts ({pull}127098[#127098], {pull}127031[#127031], {pull}126390[#126390]).
* Creates a *Policies* page, which lists all of the integration policies configured for {endpoint-sec}. Use the page to quickly view and manage your {endpoint-sec} integration policies ({pull}123760[#123760]).
* Enables you to bulk-apply Timeline templates to rules ({pull}128691[#128691]).
* Enables users to filter the rules management table by index pattern or MITRE ATT&CK tactic or technique (name or ID) ({pull}128245[#128245]).
* Allows you to run Osquery searches from the **Take action** button on the Alert details flyout (**Alerts** and **Timelines** pages) ({pull}128142[#128142]).
* Adds a list of linked cases to the alert details flyout ({pull}128033[#128033]).
* Expands the actions you can take on visualizations throughout {elastic-sec} to *Inspect*, *Open in Lens*, *Add to new case*, and *Add to existing case* ({pull}126507[#126507]).
* Adds rule execution logs to the rule details page to consolidate information about a rule's execution history ({pull}126215[#126215]).
* Enables wildcard entries for `file.path.text` fields within event filters with the *matches* operator ({pull}125202[#125202]).

[discrete]
[[bug-fixes-8.2.0]]
==== Bug fixes and enhancements
* Performance enhancements for indicator match rules:
** Adds point in time (PIT) search ({pull}128433[#128433]).
** Adds events-first (reverse) search ({pull}127428[#127428]).
** Includes filters from indicator match rule mappings to reduce the search load when rules run ({pull}127411[#127411]).
* Fixes a bug that affected the accuracy of rule preview results ({pull}128003[#128003]).
* Adds event log telemetry for detection rules ({pull}128216[#128216]).
* Adds support for Osquery pack integration assets ({pull}128109[#128109]).
* Fixes minor Osquery issues on alerts ({pull}128676[#128676]).
* Allows users to reduce resource usage by collapsing KPIs and table queries running on the *Hosts* and *Network* pages ({pull}127930[#127930]).
* Adds the *Alert prevalence* column to the Highlighted fields table ({pull}127599[#127599]).
* Introduces a new landing page that provides guidance for adding data ({pull}127324[#127324]).
* Redesigns the *Fields* browser ({pull}126105[#126105]).
* Allows runtime fields to be managed from the *Fields* browser ({pull}127037[#127037]).
* Adds the *Blocklist enabled* toggle to Malware protection settings ({pull}127031[#127031]).
* Updates MITRE ATT&CK mappings for detection rules to v10.1 ({pull}126288[#126288]).
* Adds an Advanced Settings toggle to turn off `read` privilege warnings for detection rules using a remote cross-cluster search (CCS) index pattern ({pull}124459[#124459]).
* Excludes malware and ransomware alerts from detection rule telemetry ({pull}130233[#130233]).
* Fixes alert and external alert filters on the *Hosts* page and *Users* page ({pull}129451[#129451]).
* Passes threshold alert filters to the Timeline ({pull}129405[#129405]).
* Displays a confirmation message when a user creates the first event filter ({pull}128810[#128810]).
* Fixes a bug that ignored exceptions when loading the threshold alert count in a Timeline ({pull}128495[#128495]).
* Adds a fallback mechanism to EQL rules so that rules fall back to `@timestamp` if `timestamp_override` doesn't exist ({pull}127989[#127989]).
* Fixes a bug that stopped EQL rules from using a `max_signals` value greater than 100 ({pull}127839[#127839]).
* Updates EQL rules to use the EQL method of the {es} client ({pull}127684[#127684]).