diff --git a/docs/release-notes.asciidoc b/docs/release-notes.asciidoc index bcb626fd38..61ffa8c888 100644 --- a/docs/release-notes.asciidoc +++ b/docs/release-notes.asciidoc @@ -3,6 +3,7 @@ This section summarizes the changes in each release. +* <> * <> * <> * <> @@ -24,6 +25,7 @@ This section summarizes the changes in each release. :issue: https://github.com/elastic/kibana/issues/ :pull: https://github.com/elastic/kibana/pull/ +include::release-notes/8.4.asciidoc[] include::release-notes/8.3.asciidoc[] include::release-notes/8.2.asciidoc[] include::release-notes/8.1.asciidoc[] diff --git a/docs/release-notes/8.4.asciidoc b/docs/release-notes/8.4.asciidoc new file mode 100644 index 0000000000..625816323d --- /dev/null +++ b/docs/release-notes/8.4.asciidoc @@ -0,0 +1,79 @@ +[[release-notes-header-8.4.0]] +== 8.4 + +[discrete] +[[release-notes-8.4.0]] +=== 8.4.0 + +[discrete] +[[known-issue-8.4.0]] +==== Known issues +* If additional look-back time is set for the advanced query rule preview, alerts from source documents that are outside the preview time frame may not appear in the preview ({pull}137422[#137422]). +* A new Lucene 9 validation change may cause errors whenever regular expressions are included in EQL queries. This bug affects users who upgrade from {stack} version 7.x to 8.x and are using event correlation rules. To resolve this issue, use triple quotes `""" """` for regular expressions in event correlation rule queries. +* The Rules page incorrectly displays a notification that an update for prebuilt rules is available even if the rules have been fully updated. Currently, there is no way to remove or hide the notification ({pull}139095[#139095]). + +[discrete] +[[breaking-changes-8.4.0]] +==== Breaking changes +// tag::breaking-changes[] +// NOTE: The breaking-changes tagged regions are reused in the Elastic Installation and Upgrade Guide. The pull attribute is defined within this snippet so it properly resolves in the output. +:pull: {pull} +There are no breaking changes in 8.4.0. +// end::breaking-changes[] + +[discrete] +[[features-8.4.0]] +==== Features +* Creates a new rule type, New Terms, that creates an alert when a value appears for the first time in a particular field ({pull}134526[#134526]). +* Adds the Insights section to the Alert details flyout to show related cases and alerts ({pull}136009[#136009], {pull}138419[#138419]) +* Shows process alerts in the event process analyzer ({pull}135340[#135340]). +* Adds support for wildcard exceptions for detection rules. New operators are `matches` and `does not match` ({pull}136147[#136147]). +* Adds a new search query parameter, `dry_run`, to the bulk actions API that allows you to simulate a bulk action without permanently updating rules ({pull}134664[#134664]). +* Creates the response console, an interface that enables you to take actions on specific hosts ({pull}135360[#135360], {pull}134520[#134520]). +* Includes integration policy errors and statuses in {fleet} and {elastic-sec} to help troubleshoot when an {agent} has an `Unhealthy` status ({pull}136241[#136241], {pull}136038[#136038]). +* Adds Attack surface reduction protections feature to reduce vulnerabilities on Windows endpoints. Credential hardening prevents attackers from stealing credentials stored in Windows system process memory. +* Adds an endpoint self-healing feature to roll back file changes and processes on Windows endpoints when a prevention alert is generated by enabled protection features. +* Adds the ability to run query packs as live queries ({pull}132198[#132198]). +* Provides support for process, file, and network events in Kubernetes. You must enable the session view data setting on your {endpoint-cloud-sec} integration policy to enrich these events with session data and Kubernetes metadata fields. + +[discrete] +[[bug-fixes-8.4.0]] +==== Bug fixes and enhancements +* Updates the Network page's UI to match the Hosts and Users pages ({pull}137541[#137541], {pull}136913[#136913]). +* Improves the experience of bulk editing index patterns on rules by warning users early that machine learning rules can’t be edited ({pull}134664[#134664]). +* Enhances rule previews with configurable rule intervals and look-back times ({pull}137102[#137102]). +* Enhances the `status pending` badge for endpoint actions with a detailed status when you hover on it ({pull}136966[#136966]). +* Turns grouped navigation on by default ({pull}136819[#136819]). +* Improves the experience of bulk exporting rules by informing users early which rules can and cannot be exported ({pull}136418[#136418]). +* Adds index pattern information to the Inspect panel ({pull}136407[#136407]). +* Adds a custom dashboards table to the Dashboards page ({pull}136221[#136221], {pull}136671[#136671]). +* Fixes a performance issue with creating alerts from source documents that contain a large number of fields ({pull}135956[#135956]). +* Updates the rule exceptions UI ({pull}135255[#135255]). +* Fixes performance issues with rules management ({pull}135311[#135311]). +* Allows you to disable `@timestamp` as a fallback timestamp field when you've defined a timestamp override ({pull}135116[#135116]). +* Enhances the host risk score UI ({pull}133708[#133708]). +* Updates the lists index template to use new logic ({pull}133067[#133067]). +* Adds event filters to event correlation rules ({pull}132507[#132507]). +* Allows you to define a data view as the rule's data source, making runtime fields available for rule configuration ({pull}130929[#130929]). +* Creates a single visualization pane on the Alerts page, and adds a treemap visualization that shows the distribution of alerts as nested, proportionally-sized tiles ({pull}126896[#126896]). +* Fixes an incorrect counter for exported rules ({pull}138598[#138598]). +* Fixes event filters based on OS version ({pull}138517[#138517]). +* Fixes a bug that could change the batch size for event search in indicator rules ({pull}138356[#138356]). +* Fixes a bug that prevented users from accessing alert details if they didn't have the appropriate privileges to view the internal index `.internal.alerts-security.alerts-spaceId`. Now, the Alert details flyout correctly uses the public alias index `.alerts-security,akerts-spaceId` ({pull}138331[#138331]). +* Fixes the preview button for {ml} rules ({pull}137878[#137878]). +* Fixes a bug that could crash the Endpoints list when a policy ID was missing ({pull}137788[#137788]). +* Fixes a bug that could interfere with opening host or user details pages ({pull}137719[#137719]). +* Fixes several bugs related to refreshing the Alerts page ({pull}137620[#137620]). +* Fixes a bug that prevented threshold rules' Timeline templates from being respected during investigations ({pull}137233[#137233]). +* Fixes a permissions bug related to the **Save Timeline** button ({pull}136724[#136724]). +* Fixes a bug with selecting Timeline templates with the same name ({pull}135694[#135694]). +* Fixes field aliases to `signal-threshold_result.*` ({pull}135565[#135565]). +* Fixes a bug that lost track of which rules you had selected after refreshing the Rules page ({pull}135533[#135533]). +* Fixes a bug that lost track of which rules you had selected after applying a bulk action on the Rules page ({pull}135291[#135291]). +* Fixes a bug that prevented the Rules table from pausing auto-refresh while bulk actions were being applied ({pull}135208[135208]). +* Fixes a bug that could cause queries with nested fields to fail when opened ({pull}134866[#134866]). +* Fixes a bug that slowed down the display of network details ({pull}133539[#133539]). +* Various minor bug fixes and enhancements ({pull}133079[#133079], {pull}138135[#138135], {pull}137588[#137588], {pull}137511[#137511], {pull}137492[#137492], {pull}135907[#135907], {pull}135426[#135426]). +* Fixes an {endpoint-cloud-sec} bug on macOS and Linux that could cause CPU spikes if malware protection is enabled on an {endpoint-cloud-sec} integration policy (https://github.com/elastic/endpoint/issues/22[#22]). +* Fixes a bug that could cause {endpoint-cloud-sec} to crash when outputting log data to {ls}. +* Allows {endpoint-cloud-sec} to be added to agents running on Ubuntu 22.04 and Debian 11.