From 56ff23ee9663992473ef8a4aa42826ba55b20d27 Mon Sep 17 00:00:00 2001
From: benironside <benjamin.ironside@elastic.co>
Date: Wed, 17 Aug 2022 11:03:23 -0700
Subject: [PATCH 01/58] 8.4 release notes draft

---
 docs/release-notes/8.4.asciidoc | 74 +++++++++++++++++++++++++++++++++
 1 file changed, 74 insertions(+)
 create mode 100644 docs/release-notes/8.4.asciidoc

diff --git a/docs/release-notes/8.4.asciidoc b/docs/release-notes/8.4.asciidoc
new file mode 100644
index 0000000000..aad0d09925
--- /dev/null
+++ b/docs/release-notes/8.4.asciidoc
@@ -0,0 +1,74 @@
+[[release-notes-header-8.4.0]]
+== 8.3
+
+[discrete]
+[[release-notes-8.4.0]]
+=== 8.3.0
+
+[discrete]
+[[known-issue-8.4.0]]
+==== Known issue
+
+
+[discrete]
+[[breaking-changes-8.4.0]]
+==== Breaking changes
+// tag::breaking-changes[]
+// NOTE: The breaking-changes tagged regions are reused in the Elastic Installation and Upgrade Guide. The pull attribute is defined within this snippet so it properly resolves in the output.
+:pull: https://github.com/elastic/kibana/pull/
+// end::breaking-changes[]
+
+[discrete]
+[[features-8.4.0]]
+==== Features
+* Creates a new rule type, New Terms, that fires when a value appears for the first time in a particular field (https://github.com/elastic/kibana/pull/134526[#134526]).
+* Adds related alerts based on process ancestry to alert details (https://github.com/elastic/kibana/pull/136009[#136009], https://github.com/elastic/kibana/pull/138419[#138419], https://github.com/elastic/kibana/pull/135340[#135340]).
+* Adds docs for Osquery API (https://github.com/elastic/kibana/pull/137162[#137162]).
+* Creates the "Create dashboard" button to the Dashboards landing page (https://github.com/elastic/kibana/pull/136671[#136671]).
+* Adds support for wildcard exceptions for detection rules. New operators are "matches" and "does not match" (https://github.com/elastic/kibana/pull/136147[#136147]).
+* Adds a new search query parameter, `dry_run`, to the bulk actions API that allows you to simulate a bulk action without updating rules (https://github.com/elastic/kibana/pull/134664[#134664]).
+* Creates the Responder, an interface that enables you to take actions on specific hosts (https://github.com/elastic/kibana/pull/134520[#134520])
+* Enables a new method for the Task Manager API: `bulkUpdateSchedules`, which enables you to update the execution timing of `idle` tasks (https://github.com/elastic/kibana/pull/132637[#132637]).
+
+[discrete]
+[[bug-fixes-8.4.0]]
+==== Bug fixes and enhancements
+* Updates the Network page's UI to match other overview pages (https://github.com/elastic/kibana/pull/137541[#137541], https://github.com/elastic/kibana/pull/136913[#136913]).
+* Fixes an error that could occur when you tried to apply an index pattern to rules as a bulk action (https://github.com/elastic/kibana/pull/134664[#134664]).
+* Enhances rule previews with configurable rule intervals and look-back times (https://github.com/elastic/kibana/pull/137102[#137102]).
+* Enhances the "status pending" badge for endpoint actions with detailed status when you hover on it (https://github.com/elastic/kibana/pull/136966[#136966]).
+* Turns grouped navigation on by default (https://github.com/elastic/kibana/pull/136819[#136819]).
+* Adds a confirmation dialog to bulk rule export (https://github.com/elastic/kibana/pull/136418[#136418]).
+* Adds index pattern info to the Inspect panel(https://github.com/elastic/kibana/pull/136407[#136407]).
+* Adds a custom dashboards table to the Dashboards page (https://github.com/elastic/kibana/pull/136221[#136221]).
+* Fixes a performance issue with alerts that have large fields (https://github.com/elastic/kibana/pull/135956[#135956]).
+* Replaces the response actions timeline with the response actions log (https://github.com/elastic/kibana/pull/135360[#135360]).
+* Updates the UI for displaying Exceptions (https://github.com/elastic/kibana/pull/135255[#135255]).
+* Fixes performance issues with rules management (https://github.com/elastic/kibana/pull/135311[#135311]).
+* Allows you to define a fallback `@timestamp` when you've defined a timestamp override (https://github.com/elastic/kibana/pull/135116[#135116]).
+* Enhances the Host risk score modal UI (https://github.com/elastic/kibana/pull/133708[#133708]).
+* Updates the lists index template to new logic (https://github.com/elastic/kibana/pull/133067[#133067]).
+* Adds event filters to the Event Correlation rule type (https://github.com/elastic/kibana/pull/132507[#132507]).
+* Allows you to define a data view or index pattern for rules (https://github.com/elastic/kibana/pull/130929[#130929]).
+* Adds a treemap and multi-dimensional alert grouping to the Alerts page (https://github.com/elastic/kibana/pull/126896[#126896]).
+
+* Fixes an incorrect counter for exported rules (https://github.com/elastic/kibana/pull/138598[#138598]).
+* Fixes event filters based on OS version (https://github.com/elastic/kibana/pull/138517[#138517]).
+* Fixes a bug that could change the batch size for event search in Indicator Rules (https://github.com/elastic/kibana/pull/138356[#138356]).
+* Fixes a bug that could crash the alert flyout (https://github.com/elastic/kibana/pull/138331[#138331]).
+* Fixes the preview button for {ml} rules (https://github.com/elastic/kibana/pull/137878[#137878]).
+* Fixes a bug that could crash the Endpoint list when a policy ID was missing (https://github.com/elastic/kibana/pull/137788[#137788]).
+* Fixes a bug that could interfere with opening host or user details pages (https://github.com/elastic/kibana/pull/137719[#137719]).
+* Fixes several bugs related to refreshing the Alerts page (https://github.com/elastic/kibana/pull/137620[#137620]).
+* Fixes a bug with bulk rule deletion with a defined data view (https://github.com/elastic/kibana/pull/137585[#137585]).
+* Fixes a bug with look-back time in advanced query previews (https://github.com/elastic/kibana/pull/137517[#137517]).
+* Fixes a bug that prevented Threshold Rules' timeline templates from being respected during investigations (https://github.com/elastic/kibana/pull/137233[#137233]).
+* Fixes a permissions bug related to the Save Timeline button (https://github.com/elastic/kibana/pull/136724[#136724]).
+* Fixes a bug with selecting timeline templates with the same name (https://github.com/elastic/kibana/pull/135694[#135694]).
+* Fixes field aliases to `signal-threshold_result.*` (https://github.com/elastic/kibana/pull/135565[#135565]).
+* Fixes a bug that lost track of which rules you had selected after refreshing the Rules page (https://github.com/elastic/kibana/pull/135533[#135533]).
+* Fixes a bug that lost track of which rules you had selected alter applying a bulk action on the Rules page (https://github.com/elastic/kibana/pull/135291[#135291]).
+* Fixes a bug that prevented the rule details table from pausing auto-refresh while bulk actions are being applied (https://github.com/elastic/kibana/pull/135208[135208]).
+* Fixes a bug that could cuase queries with nested fields to fail open (https://github.com/elastic/kibana/pull/134866[#134866]).
+* Fixes a bug that slowed down the display of Network details (https://github.com/elastic/kibana/pull/133539[#133539]).
+* Various minor bug fixes and enhancements (https://github.com/elastic/kibana/pull/133079[#133079], https://github.com/elastic/kibana/pull/138135[#138135], https://github.com/elastic/kibana/pull/138286[#138286], https://github.com/elastic/kibana/pull/138131[#138131], https://github.com/elastic/kibana/pull/137588[#137588], https://github.com/elastic/kibana/pull/137511[#137511], https://github.com/elastic/kibana/pull/137492[#137492], https://github.com/elastic/kibana/pull/135907[#135907], https://github.com/elastic/kibana/pull/135426[#135426]).

From 88cd71ff0e191fd5789434095375cdb4f88c813b Mon Sep 17 00:00:00 2001
From: benironside <benjamin.ironside@elastic.co>
Date: Wed, 17 Aug 2022 11:57:31 -0700
Subject: [PATCH 02/58] Adds RN to index

---
 docs/release-notes.asciidoc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/release-notes.asciidoc b/docs/release-notes.asciidoc
index bcb626fd38..61ffa8c888 100644
--- a/docs/release-notes.asciidoc
+++ b/docs/release-notes.asciidoc
@@ -3,6 +3,7 @@
 
 This section summarizes the changes in each release.
 
+* <<release-notes-8.4.0, {elastic-sec} version 8.4.0>>
 * <<release-notes-8.3.3, {elastic-sec} version 8.3.3>>
 * <<release-notes-8.3.2, {elastic-sec} version 8.3.2>>
 * <<release-notes-8.3.1, {elastic-sec} version 8.3.1>>
@@ -24,6 +25,7 @@ This section summarizes the changes in each release.
 :issue: https://github.com/elastic/kibana/issues/
 :pull: https://github.com/elastic/kibana/pull/
 
+include::release-notes/8.4.asciidoc[]
 include::release-notes/8.3.asciidoc[]
 include::release-notes/8.2.asciidoc[]
 include::release-notes/8.1.asciidoc[]

From a5e0b63e0a486ce409616acbb0843a4a80165817 Mon Sep 17 00:00:00 2001
From: benironside <benjamin.ironside@elastic.co>
Date: Wed, 17 Aug 2022 13:17:08 -0700
Subject: [PATCH 03/58] Fixes title bug

---
 docs/release-notes/8.4.asciidoc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/release-notes/8.4.asciidoc b/docs/release-notes/8.4.asciidoc
index aad0d09925..a0fc0a5e7e 100644
--- a/docs/release-notes/8.4.asciidoc
+++ b/docs/release-notes/8.4.asciidoc
@@ -1,9 +1,9 @@
 [[release-notes-header-8.4.0]]
-== 8.3
+== 8.4
 
 [discrete]
 [[release-notes-8.4.0]]
-=== 8.3.0
+=== 8.4.0
 
 [discrete]
 [[known-issue-8.4.0]]

From 7a5f85ddbc782fe05264861529e6e1fbcff16065 Mon Sep 17 00:00:00 2001
From: benironside <benjamin.ironside@elastic.co>
Date: Wed, 17 Aug 2022 14:03:38 -0700
Subject: [PATCH 04/58] Fixes pull links

---
 docs/release-notes/8.4.asciidoc | 94 ++++++++++++++++-----------------
 1 file changed, 47 insertions(+), 47 deletions(-)

diff --git a/docs/release-notes/8.4.asciidoc b/docs/release-notes/8.4.asciidoc
index a0fc0a5e7e..390306f71c 100644
--- a/docs/release-notes/8.4.asciidoc
+++ b/docs/release-notes/8.4.asciidoc
@@ -15,60 +15,60 @@
 ==== Breaking changes
 // tag::breaking-changes[]
 // NOTE: The breaking-changes tagged regions are reused in the Elastic Installation and Upgrade Guide. The pull attribute is defined within this snippet so it properly resolves in the output.
-:pull: https://github.com/elastic/kibana/pull/
+:pull: {pull}
 // end::breaking-changes[]
 
 [discrete]
 [[features-8.4.0]]
 ==== Features
-* Creates a new rule type, New Terms, that fires when a value appears for the first time in a particular field (https://github.com/elastic/kibana/pull/134526[#134526]).
-* Adds related alerts based on process ancestry to alert details (https://github.com/elastic/kibana/pull/136009[#136009], https://github.com/elastic/kibana/pull/138419[#138419], https://github.com/elastic/kibana/pull/135340[#135340]).
-* Adds docs for Osquery API (https://github.com/elastic/kibana/pull/137162[#137162]).
-* Creates the "Create dashboard" button to the Dashboards landing page (https://github.com/elastic/kibana/pull/136671[#136671]).
-* Adds support for wildcard exceptions for detection rules. New operators are "matches" and "does not match" (https://github.com/elastic/kibana/pull/136147[#136147]).
-* Adds a new search query parameter, `dry_run`, to the bulk actions API that allows you to simulate a bulk action without updating rules (https://github.com/elastic/kibana/pull/134664[#134664]).
-* Creates the Responder, an interface that enables you to take actions on specific hosts (https://github.com/elastic/kibana/pull/134520[#134520])
-* Enables a new method for the Task Manager API: `bulkUpdateSchedules`, which enables you to update the execution timing of `idle` tasks (https://github.com/elastic/kibana/pull/132637[#132637]).
+* Creates a new rule type, New Terms, that fires when a value appears for the first time in a particular field ({pull}134526[#134526]).
+* Adds related alerts based on process ancestry to alert details ({pull}136009[#136009], {pull}138419[#138419], {pull}135340[#135340]).
+* Adds docs for Osquery API ({pull}137162[#137162]).
+* Creates the "Create dashboard" button to the Dashboards landing page ({pull}136671[#136671]).
+* Adds support for wildcard exceptions for detection rules. New operators are "matches" and "does not match" ({pull}136147[#136147]).
+* Adds a new search query parameter, `dry_run`, to the bulk actions API that allows you to simulate a bulk action without updating rules ({pull}134664[#134664]).
+* Creates the Responder, an interface that enables you to take actions on specific hosts ({pull}134520[#134520])
+* Enables a new method for the Task Manager API: `bulkUpdateSchedules`, which enables you to update the execution timing of `idle` tasks ({pull}132637[#132637]).
 
 [discrete]
 [[bug-fixes-8.4.0]]
 ==== Bug fixes and enhancements
-* Updates the Network page's UI to match other overview pages (https://github.com/elastic/kibana/pull/137541[#137541], https://github.com/elastic/kibana/pull/136913[#136913]).
-* Fixes an error that could occur when you tried to apply an index pattern to rules as a bulk action (https://github.com/elastic/kibana/pull/134664[#134664]).
-* Enhances rule previews with configurable rule intervals and look-back times (https://github.com/elastic/kibana/pull/137102[#137102]).
-* Enhances the "status pending" badge for endpoint actions with detailed status when you hover on it (https://github.com/elastic/kibana/pull/136966[#136966]).
-* Turns grouped navigation on by default (https://github.com/elastic/kibana/pull/136819[#136819]).
-* Adds a confirmation dialog to bulk rule export (https://github.com/elastic/kibana/pull/136418[#136418]).
-* Adds index pattern info to the Inspect panel(https://github.com/elastic/kibana/pull/136407[#136407]).
-* Adds a custom dashboards table to the Dashboards page (https://github.com/elastic/kibana/pull/136221[#136221]).
-* Fixes a performance issue with alerts that have large fields (https://github.com/elastic/kibana/pull/135956[#135956]).
-* Replaces the response actions timeline with the response actions log (https://github.com/elastic/kibana/pull/135360[#135360]).
-* Updates the UI for displaying Exceptions (https://github.com/elastic/kibana/pull/135255[#135255]).
-* Fixes performance issues with rules management (https://github.com/elastic/kibana/pull/135311[#135311]).
-* Allows you to define a fallback `@timestamp` when you've defined a timestamp override (https://github.com/elastic/kibana/pull/135116[#135116]).
-* Enhances the Host risk score modal UI (https://github.com/elastic/kibana/pull/133708[#133708]).
-* Updates the lists index template to new logic (https://github.com/elastic/kibana/pull/133067[#133067]).
-* Adds event filters to the Event Correlation rule type (https://github.com/elastic/kibana/pull/132507[#132507]).
-* Allows you to define a data view or index pattern for rules (https://github.com/elastic/kibana/pull/130929[#130929]).
-* Adds a treemap and multi-dimensional alert grouping to the Alerts page (https://github.com/elastic/kibana/pull/126896[#126896]).
+* Updates the Network page's UI to match other overview pages ({pull}137541[#137541], {pull}136913[#136913]).
+* Fixes an error that could occur when you tried to apply an index pattern to rules as a bulk action ({pull}134664[#134664]).
+* Enhances rule previews with configurable rule intervals and look-back times ({pull}137102[#137102]).
+* Enhances the "status pending" badge for endpoint actions with detailed status when you hover on it ({pull}136966[#136966]).
+* Turns grouped navigation on by default ({pull}136819[#136819]).
+* Adds a confirmation dialog to bulk rule export ({pull}136418[#136418]).
+* Adds index pattern info to the Inspect panel({pull}136407[#136407]).
+* Adds a custom dashboards table to the Dashboards page ({pull}136221[#136221]).
+* Fixes a performance issue with alerts that have large fields ({pull}135956[#135956]).
+* Replaces the response actions timeline with the response actions log ({pull}135360[#135360]).
+* Updates the UI for displaying Exceptions ({pull}135255[#135255]).
+* Fixes performance issues with rules management ({pull}135311[#135311]).
+* Allows you to define a fallback `@timestamp` when you've defined a timestamp override ({pull}135116[#135116]).
+* Enhances the Host risk score modal UI ({pull}133708[#133708]).
+* Updates the lists index template to new logic ({pull}133067[#133067]).
+* Adds event filters to the Event Correlation rule type ({pull}132507[#132507]).
+* Allows you to define a data view or index pattern for rules ({pull}130929[#130929]).
+* Adds a treemap and multi-dimensional alert grouping to the Alerts page ({pull}126896[#126896]).
 
-* Fixes an incorrect counter for exported rules (https://github.com/elastic/kibana/pull/138598[#138598]).
-* Fixes event filters based on OS version (https://github.com/elastic/kibana/pull/138517[#138517]).
-* Fixes a bug that could change the batch size for event search in Indicator Rules (https://github.com/elastic/kibana/pull/138356[#138356]).
-* Fixes a bug that could crash the alert flyout (https://github.com/elastic/kibana/pull/138331[#138331]).
-* Fixes the preview button for {ml} rules (https://github.com/elastic/kibana/pull/137878[#137878]).
-* Fixes a bug that could crash the Endpoint list when a policy ID was missing (https://github.com/elastic/kibana/pull/137788[#137788]).
-* Fixes a bug that could interfere with opening host or user details pages (https://github.com/elastic/kibana/pull/137719[#137719]).
-* Fixes several bugs related to refreshing the Alerts page (https://github.com/elastic/kibana/pull/137620[#137620]).
-* Fixes a bug with bulk rule deletion with a defined data view (https://github.com/elastic/kibana/pull/137585[#137585]).
-* Fixes a bug with look-back time in advanced query previews (https://github.com/elastic/kibana/pull/137517[#137517]).
-* Fixes a bug that prevented Threshold Rules' timeline templates from being respected during investigations (https://github.com/elastic/kibana/pull/137233[#137233]).
-* Fixes a permissions bug related to the Save Timeline button (https://github.com/elastic/kibana/pull/136724[#136724]).
-* Fixes a bug with selecting timeline templates with the same name (https://github.com/elastic/kibana/pull/135694[#135694]).
-* Fixes field aliases to `signal-threshold_result.*` (https://github.com/elastic/kibana/pull/135565[#135565]).
-* Fixes a bug that lost track of which rules you had selected after refreshing the Rules page (https://github.com/elastic/kibana/pull/135533[#135533]).
-* Fixes a bug that lost track of which rules you had selected alter applying a bulk action on the Rules page (https://github.com/elastic/kibana/pull/135291[#135291]).
-* Fixes a bug that prevented the rule details table from pausing auto-refresh while bulk actions are being applied (https://github.com/elastic/kibana/pull/135208[135208]).
-* Fixes a bug that could cuase queries with nested fields to fail open (https://github.com/elastic/kibana/pull/134866[#134866]).
-* Fixes a bug that slowed down the display of Network details (https://github.com/elastic/kibana/pull/133539[#133539]).
-* Various minor bug fixes and enhancements (https://github.com/elastic/kibana/pull/133079[#133079], https://github.com/elastic/kibana/pull/138135[#138135], https://github.com/elastic/kibana/pull/138286[#138286], https://github.com/elastic/kibana/pull/138131[#138131], https://github.com/elastic/kibana/pull/137588[#137588], https://github.com/elastic/kibana/pull/137511[#137511], https://github.com/elastic/kibana/pull/137492[#137492], https://github.com/elastic/kibana/pull/135907[#135907], https://github.com/elastic/kibana/pull/135426[#135426]).
+* Fixes an incorrect counter for exported rules ({pull}138598[#138598]).
+* Fixes event filters based on OS version ({pull}138517[#138517]).
+* Fixes a bug that could change the batch size for event search in Indicator Rules ({pull}138356[#138356]).
+* Fixes a bug that could crash the alert flyout ({pull}138331[#138331]).
+* Fixes the preview button for {ml} rules ({pull}137878[#137878]).
+* Fixes a bug that could crash the Endpoint list when a policy ID was missing ({pull}137788[#137788]).
+* Fixes a bug that could interfere with opening host or user details pages ({pull}137719[#137719]).
+* Fixes several bugs related to refreshing the Alerts page ({pull}137620[#137620]).
+* Fixes a bug with bulk rule deletion with a defined data view ({pull}137585[#137585]).
+* Fixes a bug with look-back time in advanced query previews ({pull}137517[#137517]).
+* Fixes a bug that prevented Threshold Rules' timeline templates from being respected during investigations ({pull}137233[#137233]).
+* Fixes a permissions bug related to the Save Timeline button ({pull}136724[#136724]).
+* Fixes a bug with selecting timeline templates with the same name ({pull}135694[#135694]).
+* Fixes field aliases to `signal-threshold_result.*` ({pull}135565[#135565]).
+* Fixes a bug that lost track of which rules you had selected after refreshing the Rules page ({pull}135533[#135533]).
+* Fixes a bug that lost track of which rules you had selected alter applying a bulk action on the Rules page ({pull}135291[#135291]).
+* Fixes a bug that prevented the rule details table from pausing auto-refresh while bulk actions are being applied ({pull}135208[135208]).
+* Fixes a bug that could cuase queries with nested fields to fail open ({pull}134866[#134866]).
+* Fixes a bug that slowed down the display of Network details ({pull}133539[#133539]).
+* Various minor bug fixes and enhancements ({pull}133079[#133079], {pull}138135[#138135], {pull}138286[#138286], {pull}138131[#138131], {pull}137588[#137588], {pull}137511[#137511], {pull}137492[#137492], {pull}135907[#135907], {pull}135426[#135426]).

From 3aca26d85688164cb5eae6b2904df1bcdf7eda31 Mon Sep 17 00:00:00 2001
From: Benjamin Ironside Goldstein
 <91905639+benironside@users.noreply.github.com>
Date: Wed, 17 Aug 2022 18:52:06 -0400
Subject: [PATCH 05/58] Update docs/release-notes/8.4.asciidoc

Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com>
---
 docs/release-notes/8.4.asciidoc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/docs/release-notes/8.4.asciidoc b/docs/release-notes/8.4.asciidoc
index 390306f71c..c826bbfb19 100644
--- a/docs/release-notes/8.4.asciidoc
+++ b/docs/release-notes/8.4.asciidoc
@@ -22,7 +22,8 @@
 [[features-8.4.0]]
 ==== Features
 * Creates a new rule type, New Terms, that fires when a value appears for the first time in a particular field ({pull}134526[#134526]).
-* Adds related alerts based on process ancestry to alert details ({pull}136009[#136009], {pull}138419[#138419], {pull}135340[#135340]).
+* Adds the Insights section to the Alert details flyout to show related cases and alerts ({pull}136009[#136009], {pull}138419[#138419])
+* Shows process alerts in the event process analyzer {pull}135340[#135340]).
 * Adds docs for Osquery API ({pull}137162[#137162]).
 * Creates the "Create dashboard" button to the Dashboards landing page ({pull}136671[#136671]).
 * Adds support for wildcard exceptions for detection rules. New operators are "matches" and "does not match" ({pull}136147[#136147]).

From fbb1bbedb4c7a8cf7f930374f1a394e6f4a43f28 Mon Sep 17 00:00:00 2001
From: Benjamin Ironside Goldstein
 <91905639+benironside@users.noreply.github.com>
Date: Wed, 17 Aug 2022 18:52:22 -0400
Subject: [PATCH 06/58] Update docs/release-notes/8.4.asciidoc

Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com>
---
 docs/release-notes/8.4.asciidoc | 1 -
 1 file changed, 1 deletion(-)

diff --git a/docs/release-notes/8.4.asciidoc b/docs/release-notes/8.4.asciidoc
index c826bbfb19..2ce31e3ab0 100644
--- a/docs/release-notes/8.4.asciidoc
+++ b/docs/release-notes/8.4.asciidoc
@@ -24,7 +24,6 @@
 * Creates a new rule type, New Terms, that fires when a value appears for the first time in a particular field ({pull}134526[#134526]).
 * Adds the Insights section to the Alert details flyout to show related cases and alerts ({pull}136009[#136009], {pull}138419[#138419])
 * Shows process alerts in the event process analyzer {pull}135340[#135340]).
-* Adds docs for Osquery API ({pull}137162[#137162]).
 * Creates the "Create dashboard" button to the Dashboards landing page ({pull}136671[#136671]).
 * Adds support for wildcard exceptions for detection rules. New operators are "matches" and "does not match" ({pull}136147[#136147]).
 * Adds a new search query parameter, `dry_run`, to the bulk actions API that allows you to simulate a bulk action without updating rules ({pull}134664[#134664]).

From ac01d7cb64466d9de848fb2c57b24db2f7b4e53b Mon Sep 17 00:00:00 2001
From: Benjamin Ironside Goldstein
 <91905639+benironside@users.noreply.github.com>
Date: Wed, 17 Aug 2022 18:52:52 -0400
Subject: [PATCH 07/58] Update docs/release-notes/8.4.asciidoc

Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com>
---
 docs/release-notes/8.4.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release-notes/8.4.asciidoc b/docs/release-notes/8.4.asciidoc
index 2ce31e3ab0..0db001cb2e 100644
--- a/docs/release-notes/8.4.asciidoc
+++ b/docs/release-notes/8.4.asciidoc
@@ -25,7 +25,7 @@
 * Adds the Insights section to the Alert details flyout to show related cases and alerts ({pull}136009[#136009], {pull}138419[#138419])
 * Shows process alerts in the event process analyzer {pull}135340[#135340]).
 * Creates the "Create dashboard" button to the Dashboards landing page ({pull}136671[#136671]).
-* Adds support for wildcard exceptions for detection rules. New operators are "matches" and "does not match" ({pull}136147[#136147]).
+* Adds support for wildcard exceptions for detection rules. New operators are `matches` and `does not match` ({pull}136147[#136147]).
 * Adds a new search query parameter, `dry_run`, to the bulk actions API that allows you to simulate a bulk action without updating rules ({pull}134664[#134664]).
 * Creates the Responder, an interface that enables you to take actions on specific hosts ({pull}134520[#134520])
 * Enables a new method for the Task Manager API: `bulkUpdateSchedules`, which enables you to update the execution timing of `idle` tasks ({pull}132637[#132637]).

From c26ec379a731f96b95c1ebae58fdc89d308eb515 Mon Sep 17 00:00:00 2001
From: Benjamin Ironside Goldstein
 <91905639+benironside@users.noreply.github.com>
Date: Wed, 17 Aug 2022 18:53:07 -0400
Subject: [PATCH 08/58] Update docs/release-notes/8.4.asciidoc

Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com>
---
 docs/release-notes/8.4.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release-notes/8.4.asciidoc b/docs/release-notes/8.4.asciidoc
index 0db001cb2e..2d068d2a29 100644
--- a/docs/release-notes/8.4.asciidoc
+++ b/docs/release-notes/8.4.asciidoc
@@ -26,7 +26,7 @@
 * Shows process alerts in the event process analyzer {pull}135340[#135340]).
 * Creates the "Create dashboard" button to the Dashboards landing page ({pull}136671[#136671]).
 * Adds support for wildcard exceptions for detection rules. New operators are `matches` and `does not match` ({pull}136147[#136147]).
-* Adds a new search query parameter, `dry_run`, to the bulk actions API that allows you to simulate a bulk action without updating rules ({pull}134664[#134664]).
+* Adds a new search query parameter, `dry_run`, to the bulk actions API that allows you to simulate a bulk action without permanently updating rules ({pull}134664[#134664]).
 * Creates the Responder, an interface that enables you to take actions on specific hosts ({pull}134520[#134520])
 * Enables a new method for the Task Manager API: `bulkUpdateSchedules`, which enables you to update the execution timing of `idle` tasks ({pull}132637[#132637]).
 

From 50e05ca2a88ab3e46cd2eeb4601f15ece69b8829 Mon Sep 17 00:00:00 2001
From: Benjamin Ironside Goldstein
 <91905639+benironside@users.noreply.github.com>
Date: Wed, 17 Aug 2022 18:53:22 -0400
Subject: [PATCH 09/58] Update docs/release-notes/8.4.asciidoc

Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com>
---
 docs/release-notes/8.4.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release-notes/8.4.asciidoc b/docs/release-notes/8.4.asciidoc
index 2d068d2a29..4204037f18 100644
--- a/docs/release-notes/8.4.asciidoc
+++ b/docs/release-notes/8.4.asciidoc
@@ -33,7 +33,7 @@
 [discrete]
 [[bug-fixes-8.4.0]]
 ==== Bug fixes and enhancements
-* Updates the Network page's UI to match other overview pages ({pull}137541[#137541], {pull}136913[#136913]).
+* Updates the Network page's UI to match the Hosts and Users pages ({pull}137541[#137541], {pull}136913[#136913]).
 * Fixes an error that could occur when you tried to apply an index pattern to rules as a bulk action ({pull}134664[#134664]).
 * Enhances rule previews with configurable rule intervals and look-back times ({pull}137102[#137102]).
 * Enhances the "status pending" badge for endpoint actions with detailed status when you hover on it ({pull}136966[#136966]).

From 0ea082f4dfda478705407ab43c091db3ca8d76d1 Mon Sep 17 00:00:00 2001
From: Benjamin Ironside Goldstein
 <91905639+benironside@users.noreply.github.com>
Date: Wed, 17 Aug 2022 18:53:45 -0400
Subject: [PATCH 10/58] Update docs/release-notes/8.4.asciidoc

Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com>
---
 docs/release-notes/8.4.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release-notes/8.4.asciidoc b/docs/release-notes/8.4.asciidoc
index 4204037f18..7d576ee16d 100644
--- a/docs/release-notes/8.4.asciidoc
+++ b/docs/release-notes/8.4.asciidoc
@@ -34,7 +34,7 @@
 [[bug-fixes-8.4.0]]
 ==== Bug fixes and enhancements
 * Updates the Network page's UI to match the Hosts and Users pages ({pull}137541[#137541], {pull}136913[#136913]).
-* Fixes an error that could occur when you tried to apply an index pattern to rules as a bulk action ({pull}134664[#134664]).
+* Fixes an error that could occur when you tried to apply an index pattern to rules using the bulk action option ({pull}134664[#134664]).
 * Enhances rule previews with configurable rule intervals and look-back times ({pull}137102[#137102]).
 * Enhances the "status pending" badge for endpoint actions with detailed status when you hover on it ({pull}136966[#136966]).
 * Turns grouped navigation on by default ({pull}136819[#136819]).

From 9925a8c2e98ae75bf26230901fb80dcadf32bf87 Mon Sep 17 00:00:00 2001
From: Benjamin Ironside Goldstein
 <91905639+benironside@users.noreply.github.com>
Date: Wed, 17 Aug 2022 18:54:14 -0400
Subject: [PATCH 11/58] Update docs/release-notes/8.4.asciidoc

Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com>
---
 docs/release-notes/8.4.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release-notes/8.4.asciidoc b/docs/release-notes/8.4.asciidoc
index 7d576ee16d..0716e373b6 100644
--- a/docs/release-notes/8.4.asciidoc
+++ b/docs/release-notes/8.4.asciidoc
@@ -36,7 +36,7 @@
 * Updates the Network page's UI to match the Hosts and Users pages ({pull}137541[#137541], {pull}136913[#136913]).
 * Fixes an error that could occur when you tried to apply an index pattern to rules using the bulk action option ({pull}134664[#134664]).
 * Enhances rule previews with configurable rule intervals and look-back times ({pull}137102[#137102]).
-* Enhances the "status pending" badge for endpoint actions with detailed status when you hover on it ({pull}136966[#136966]).
+* Enhances the `status pending` badge for endpoint actions with a detailed status when you hover on it ({pull}136966[#136966]).
 * Turns grouped navigation on by default ({pull}136819[#136819]).
 * Adds a confirmation dialog to bulk rule export ({pull}136418[#136418]).
 * Adds index pattern info to the Inspect panel({pull}136407[#136407]).

From f67bced2552e5eb7f00ee13dfc4606d868cb048c Mon Sep 17 00:00:00 2001
From: Benjamin Ironside Goldstein
 <91905639+benironside@users.noreply.github.com>
Date: Wed, 17 Aug 2022 18:54:39 -0400
Subject: [PATCH 12/58] Update docs/release-notes/8.4.asciidoc

Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com>
---
 docs/release-notes/8.4.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release-notes/8.4.asciidoc b/docs/release-notes/8.4.asciidoc
index 0716e373b6..fc7b33c75d 100644
--- a/docs/release-notes/8.4.asciidoc
+++ b/docs/release-notes/8.4.asciidoc
@@ -39,7 +39,7 @@
 * Enhances the `status pending` badge for endpoint actions with a detailed status when you hover on it ({pull}136966[#136966]).
 * Turns grouped navigation on by default ({pull}136819[#136819]).
 * Adds a confirmation dialog to bulk rule export ({pull}136418[#136418]).
-* Adds index pattern info to the Inspect panel({pull}136407[#136407]).
+* Adds index pattern information to the Inspect panel ({pull}136407[#136407]).
 * Adds a custom dashboards table to the Dashboards page ({pull}136221[#136221]).
 * Fixes a performance issue with alerts that have large fields ({pull}135956[#135956]).
 * Replaces the response actions timeline with the response actions log ({pull}135360[#135360]).

From b5691cfadbe82271998174ea3e3374407bb97a5e Mon Sep 17 00:00:00 2001
From: Benjamin Ironside Goldstein
 <91905639+benironside@users.noreply.github.com>
Date: Wed, 17 Aug 2022 18:55:04 -0400
Subject: [PATCH 13/58] Update docs/release-notes/8.4.asciidoc

Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com>
---
 docs/release-notes/8.4.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release-notes/8.4.asciidoc b/docs/release-notes/8.4.asciidoc
index fc7b33c75d..32877c1698 100644
--- a/docs/release-notes/8.4.asciidoc
+++ b/docs/release-notes/8.4.asciidoc
@@ -43,7 +43,7 @@
 * Adds a custom dashboards table to the Dashboards page ({pull}136221[#136221]).
 * Fixes a performance issue with alerts that have large fields ({pull}135956[#135956]).
 * Replaces the response actions timeline with the response actions log ({pull}135360[#135360]).
-* Updates the UI for displaying Exceptions ({pull}135255[#135255]).
+* Updates the rule exceptions UI ({pull}135255[#135255]).
 * Fixes performance issues with rules management ({pull}135311[#135311]).
 * Allows you to define a fallback `@timestamp` when you've defined a timestamp override ({pull}135116[#135116]).
 * Enhances the Host risk score modal UI ({pull}133708[#133708]).

From 88040a38af5fd71ae0fca23b90ddceade2de9331 Mon Sep 17 00:00:00 2001
From: Benjamin Ironside Goldstein
 <91905639+benironside@users.noreply.github.com>
Date: Wed, 17 Aug 2022 18:55:41 -0400
Subject: [PATCH 14/58] Update docs/release-notes/8.4.asciidoc

Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com>
---
 docs/release-notes/8.4.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release-notes/8.4.asciidoc b/docs/release-notes/8.4.asciidoc
index 32877c1698..ce6e760882 100644
--- a/docs/release-notes/8.4.asciidoc
+++ b/docs/release-notes/8.4.asciidoc
@@ -46,7 +46,7 @@
 * Updates the rule exceptions UI ({pull}135255[#135255]).
 * Fixes performance issues with rules management ({pull}135311[#135311]).
 * Allows you to define a fallback `@timestamp` when you've defined a timestamp override ({pull}135116[#135116]).
-* Enhances the Host risk score modal UI ({pull}133708[#133708]).
+* Enhances the host risk score modal UI ({pull}133708[#133708]).
 * Updates the lists index template to new logic ({pull}133067[#133067]).
 * Adds event filters to the Event Correlation rule type ({pull}132507[#132507]).
 * Allows you to define a data view or index pattern for rules ({pull}130929[#130929]).

From 3230f036b55161c14594813c8e8cc054b2cd82aa Mon Sep 17 00:00:00 2001
From: Benjamin Ironside Goldstein
 <91905639+benironside@users.noreply.github.com>
Date: Wed, 17 Aug 2022 18:57:09 -0400
Subject: [PATCH 15/58] Update docs/release-notes/8.4.asciidoc

Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com>
---
 docs/release-notes/8.4.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release-notes/8.4.asciidoc b/docs/release-notes/8.4.asciidoc
index ce6e760882..659b29a888 100644
--- a/docs/release-notes/8.4.asciidoc
+++ b/docs/release-notes/8.4.asciidoc
@@ -70,5 +70,5 @@
 * Fixes a bug that lost track of which rules you had selected alter applying a bulk action on the Rules page ({pull}135291[#135291]).
 * Fixes a bug that prevented the rule details table from pausing auto-refresh while bulk actions are being applied ({pull}135208[135208]).
 * Fixes a bug that could cuase queries with nested fields to fail open ({pull}134866[#134866]).
-* Fixes a bug that slowed down the display of Network details ({pull}133539[#133539]).
+* Fixes a bug that slowed down the display of network details ({pull}133539[#133539]).
 * Various minor bug fixes and enhancements ({pull}133079[#133079], {pull}138135[#138135], {pull}138286[#138286], {pull}138131[#138131], {pull}137588[#137588], {pull}137511[#137511], {pull}137492[#137492], {pull}135907[#135907], {pull}135426[#135426]).

From c717710d5b467b05ff673977609c7fdb55aa3d3f Mon Sep 17 00:00:00 2001
From: Benjamin Ironside Goldstein
 <91905639+benironside@users.noreply.github.com>
Date: Wed, 17 Aug 2022 18:57:15 -0400
Subject: [PATCH 16/58] Update docs/release-notes/8.4.asciidoc

Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com>
---
 docs/release-notes/8.4.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release-notes/8.4.asciidoc b/docs/release-notes/8.4.asciidoc
index 659b29a888..3e07459f36 100644
--- a/docs/release-notes/8.4.asciidoc
+++ b/docs/release-notes/8.4.asciidoc
@@ -69,6 +69,6 @@
 * Fixes a bug that lost track of which rules you had selected after refreshing the Rules page ({pull}135533[#135533]).
 * Fixes a bug that lost track of which rules you had selected alter applying a bulk action on the Rules page ({pull}135291[#135291]).
 * Fixes a bug that prevented the rule details table from pausing auto-refresh while bulk actions are being applied ({pull}135208[135208]).
-* Fixes a bug that could cuase queries with nested fields to fail open ({pull}134866[#134866]).
+* Fixes a bug that could cause queries with nested fields to fail open ({pull}134866[#134866]).
 * Fixes a bug that slowed down the display of network details ({pull}133539[#133539]).
 * Various minor bug fixes and enhancements ({pull}133079[#133079], {pull}138135[#138135], {pull}138286[#138286], {pull}138131[#138131], {pull}137588[#137588], {pull}137511[#137511], {pull}137492[#137492], {pull}135907[#135907], {pull}135426[#135426]).

From 3165e5ffe6eb5855f11a51e16349351106f4925b Mon Sep 17 00:00:00 2001
From: Benjamin Ironside Goldstein
 <91905639+benironside@users.noreply.github.com>
Date: Wed, 17 Aug 2022 18:57:26 -0400
Subject: [PATCH 17/58] Update docs/release-notes/8.4.asciidoc

Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com>
---
 docs/release-notes/8.4.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release-notes/8.4.asciidoc b/docs/release-notes/8.4.asciidoc
index 3e07459f36..cd52778ab9 100644
--- a/docs/release-notes/8.4.asciidoc
+++ b/docs/release-notes/8.4.asciidoc
@@ -67,7 +67,7 @@
 * Fixes a bug with selecting timeline templates with the same name ({pull}135694[#135694]).
 * Fixes field aliases to `signal-threshold_result.*` ({pull}135565[#135565]).
 * Fixes a bug that lost track of which rules you had selected after refreshing the Rules page ({pull}135533[#135533]).
-* Fixes a bug that lost track of which rules you had selected alter applying a bulk action on the Rules page ({pull}135291[#135291]).
+* Fixes a bug that lost track of which rules you had selected after applying a bulk action on the Rules page ({pull}135291[#135291]).
 * Fixes a bug that prevented the rule details table from pausing auto-refresh while bulk actions are being applied ({pull}135208[135208]).
 * Fixes a bug that could cause queries with nested fields to fail open ({pull}134866[#134866]).
 * Fixes a bug that slowed down the display of network details ({pull}133539[#133539]).

From 44017f226c8eeb87852b40ca1445894cf1e9766d Mon Sep 17 00:00:00 2001
From: Benjamin Ironside Goldstein
 <91905639+benironside@users.noreply.github.com>
Date: Wed, 17 Aug 2022 18:57:33 -0400
Subject: [PATCH 18/58] Update docs/release-notes/8.4.asciidoc

Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com>
---
 docs/release-notes/8.4.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release-notes/8.4.asciidoc b/docs/release-notes/8.4.asciidoc
index cd52778ab9..b71bebf034 100644
--- a/docs/release-notes/8.4.asciidoc
+++ b/docs/release-notes/8.4.asciidoc
@@ -64,7 +64,7 @@
 * Fixes a bug with look-back time in advanced query previews ({pull}137517[#137517]).
 * Fixes a bug that prevented Threshold Rules' timeline templates from being respected during investigations ({pull}137233[#137233]).
 * Fixes a permissions bug related to the Save Timeline button ({pull}136724[#136724]).
-* Fixes a bug with selecting timeline templates with the same name ({pull}135694[#135694]).
+* Fixes a bug with selecting Timeline templates with the same name ({pull}135694[#135694]).
 * Fixes field aliases to `signal-threshold_result.*` ({pull}135565[#135565]).
 * Fixes a bug that lost track of which rules you had selected after refreshing the Rules page ({pull}135533[#135533]).
 * Fixes a bug that lost track of which rules you had selected after applying a bulk action on the Rules page ({pull}135291[#135291]).

From 357f2730740acd1de5714e9cc74b30294382bebf Mon Sep 17 00:00:00 2001
From: Benjamin Ironside Goldstein
 <91905639+benironside@users.noreply.github.com>
Date: Wed, 17 Aug 2022 18:57:41 -0400
Subject: [PATCH 19/58] Update docs/release-notes/8.4.asciidoc

Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com>
---
 docs/release-notes/8.4.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release-notes/8.4.asciidoc b/docs/release-notes/8.4.asciidoc
index b71bebf034..831fd02e7a 100644
--- a/docs/release-notes/8.4.asciidoc
+++ b/docs/release-notes/8.4.asciidoc
@@ -63,7 +63,7 @@
 * Fixes a bug with bulk rule deletion with a defined data view ({pull}137585[#137585]).
 * Fixes a bug with look-back time in advanced query previews ({pull}137517[#137517]).
 * Fixes a bug that prevented Threshold Rules' timeline templates from being respected during investigations ({pull}137233[#137233]).
-* Fixes a permissions bug related to the Save Timeline button ({pull}136724[#136724]).
+* Fixes a permissions bug related to the **Save Timeline** button ({pull}136724[#136724]).
 * Fixes a bug with selecting Timeline templates with the same name ({pull}135694[#135694]).
 * Fixes field aliases to `signal-threshold_result.*` ({pull}135565[#135565]).
 * Fixes a bug that lost track of which rules you had selected after refreshing the Rules page ({pull}135533[#135533]).

From 3e09ac09916d143ed3204e30fcdb41866638bfab Mon Sep 17 00:00:00 2001
From: Benjamin Ironside Goldstein
 <91905639+benironside@users.noreply.github.com>
Date: Wed, 17 Aug 2022 18:57:50 -0400
Subject: [PATCH 20/58] Update docs/release-notes/8.4.asciidoc

Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com>
---
 docs/release-notes/8.4.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release-notes/8.4.asciidoc b/docs/release-notes/8.4.asciidoc
index 831fd02e7a..9050c5d766 100644
--- a/docs/release-notes/8.4.asciidoc
+++ b/docs/release-notes/8.4.asciidoc
@@ -62,7 +62,7 @@
 * Fixes several bugs related to refreshing the Alerts page ({pull}137620[#137620]).
 * Fixes a bug with bulk rule deletion with a defined data view ({pull}137585[#137585]).
 * Fixes a bug with look-back time in advanced query previews ({pull}137517[#137517]).
-* Fixes a bug that prevented Threshold Rules' timeline templates from being respected during investigations ({pull}137233[#137233]).
+* Fixes a bug that prevented threshold rules' Timeline templates from being respected during investigations ({pull}137233[#137233]).
 * Fixes a permissions bug related to the **Save Timeline** button ({pull}136724[#136724]).
 * Fixes a bug with selecting Timeline templates with the same name ({pull}135694[#135694]).
 * Fixes field aliases to `signal-threshold_result.*` ({pull}135565[#135565]).

From 8686ecf5a77e3124ec1d1b4a6a0b7244e14a0d31 Mon Sep 17 00:00:00 2001
From: Benjamin Ironside Goldstein
 <91905639+benironside@users.noreply.github.com>
Date: Wed, 17 Aug 2022 18:58:08 -0400
Subject: [PATCH 21/58] Update docs/release-notes/8.4.asciidoc

Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com>
---
 docs/release-notes/8.4.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release-notes/8.4.asciidoc b/docs/release-notes/8.4.asciidoc
index 9050c5d766..2b7e6feb30 100644
--- a/docs/release-notes/8.4.asciidoc
+++ b/docs/release-notes/8.4.asciidoc
@@ -61,7 +61,7 @@
 * Fixes a bug that could interfere with opening host or user details pages ({pull}137719[#137719]).
 * Fixes several bugs related to refreshing the Alerts page ({pull}137620[#137620]).
 * Fixes a bug with bulk rule deletion with a defined data view ({pull}137585[#137585]).
-* Fixes a bug with look-back time in advanced query previews ({pull}137517[#137517]).
+* Fixes a bug with look-back time in the **Advanced query preview** ({pull}137517[#137517]).
 * Fixes a bug that prevented threshold rules' Timeline templates from being respected during investigations ({pull}137233[#137233]).
 * Fixes a permissions bug related to the **Save Timeline** button ({pull}136724[#136724]).
 * Fixes a bug with selecting Timeline templates with the same name ({pull}135694[#135694]).

From a4ebc8565d06f6b3e927ec8715a2427572314894 Mon Sep 17 00:00:00 2001
From: Benjamin Ironside Goldstein
 <91905639+benironside@users.noreply.github.com>
Date: Wed, 17 Aug 2022 18:59:04 -0400
Subject: [PATCH 22/58] Update docs/release-notes/8.4.asciidoc

Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com>
---
 docs/release-notes/8.4.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release-notes/8.4.asciidoc b/docs/release-notes/8.4.asciidoc
index 2b7e6feb30..49114c2ed3 100644
--- a/docs/release-notes/8.4.asciidoc
+++ b/docs/release-notes/8.4.asciidoc
@@ -57,7 +57,7 @@
 * Fixes a bug that could change the batch size for event search in Indicator Rules ({pull}138356[#138356]).
 * Fixes a bug that could crash the alert flyout ({pull}138331[#138331]).
 * Fixes the preview button for {ml} rules ({pull}137878[#137878]).
-* Fixes a bug that could crash the Endpoint list when a policy ID was missing ({pull}137788[#137788]).
+* Fixes a bug that could crash the Endpoints list when a policy ID was missing ({pull}137788[#137788]).
 * Fixes a bug that could interfere with opening host or user details pages ({pull}137719[#137719]).
 * Fixes several bugs related to refreshing the Alerts page ({pull}137620[#137620]).
 * Fixes a bug with bulk rule deletion with a defined data view ({pull}137585[#137585]).

From 70263986566b18975a9453f318a6bb5c12b1ecf3 Mon Sep 17 00:00:00 2001
From: Benjamin Ironside Goldstein
 <91905639+benironside@users.noreply.github.com>
Date: Wed, 17 Aug 2022 18:59:10 -0400
Subject: [PATCH 23/58] Update docs/release-notes/8.4.asciidoc

Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com>
---
 docs/release-notes/8.4.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release-notes/8.4.asciidoc b/docs/release-notes/8.4.asciidoc
index 49114c2ed3..ce3b2ea219 100644
--- a/docs/release-notes/8.4.asciidoc
+++ b/docs/release-notes/8.4.asciidoc
@@ -55,7 +55,7 @@
 * Fixes an incorrect counter for exported rules ({pull}138598[#138598]).
 * Fixes event filters based on OS version ({pull}138517[#138517]).
 * Fixes a bug that could change the batch size for event search in Indicator Rules ({pull}138356[#138356]).
-* Fixes a bug that could crash the alert flyout ({pull}138331[#138331]).
+* Fixes a bug that could crash the Alert details flyout ({pull}138331[#138331]).
 * Fixes the preview button for {ml} rules ({pull}137878[#137878]).
 * Fixes a bug that could crash the Endpoints list when a policy ID was missing ({pull}137788[#137788]).
 * Fixes a bug that could interfere with opening host or user details pages ({pull}137719[#137719]).

From 29e4976399794bc724156350b7049ec52e4f9ec7 Mon Sep 17 00:00:00 2001
From: Benjamin Ironside Goldstein
 <91905639+benironside@users.noreply.github.com>
Date: Wed, 17 Aug 2022 18:59:21 -0400
Subject: [PATCH 24/58] Update docs/release-notes/8.4.asciidoc

Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com>
---
 docs/release-notes/8.4.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release-notes/8.4.asciidoc b/docs/release-notes/8.4.asciidoc
index ce3b2ea219..0bc058046e 100644
--- a/docs/release-notes/8.4.asciidoc
+++ b/docs/release-notes/8.4.asciidoc
@@ -54,7 +54,7 @@
 
 * Fixes an incorrect counter for exported rules ({pull}138598[#138598]).
 * Fixes event filters based on OS version ({pull}138517[#138517]).
-* Fixes a bug that could change the batch size for event search in Indicator Rules ({pull}138356[#138356]).
+* Fixes a bug that could change the batch size for event search in indicator rules ({pull}138356[#138356]).
 * Fixes a bug that could crash the Alert details flyout ({pull}138331[#138331]).
 * Fixes the preview button for {ml} rules ({pull}137878[#137878]).
 * Fixes a bug that could crash the Endpoints list when a policy ID was missing ({pull}137788[#137788]).

From cd6937f7e68651d767a44f975699f94e8e0c566a Mon Sep 17 00:00:00 2001
From: Benjamin Ironside Goldstein
 <91905639+benironside@users.noreply.github.com>
Date: Wed, 17 Aug 2022 18:59:31 -0400
Subject: [PATCH 25/58] Update docs/release-notes/8.4.asciidoc

Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com>
---
 docs/release-notes/8.4.asciidoc | 1 -
 1 file changed, 1 deletion(-)

diff --git a/docs/release-notes/8.4.asciidoc b/docs/release-notes/8.4.asciidoc
index 0bc058046e..0f0ee5ab82 100644
--- a/docs/release-notes/8.4.asciidoc
+++ b/docs/release-notes/8.4.asciidoc
@@ -51,7 +51,6 @@
 * Adds event filters to the Event Correlation rule type ({pull}132507[#132507]).
 * Allows you to define a data view or index pattern for rules ({pull}130929[#130929]).
 * Adds a treemap and multi-dimensional alert grouping to the Alerts page ({pull}126896[#126896]).
-
 * Fixes an incorrect counter for exported rules ({pull}138598[#138598]).
 * Fixes event filters based on OS version ({pull}138517[#138517]).
 * Fixes a bug that could change the batch size for event search in indicator rules ({pull}138356[#138356]).

From 319fd0106214e3413362d96c740efa165fcf3087 Mon Sep 17 00:00:00 2001
From: Benjamin Ironside Goldstein
 <91905639+benironside@users.noreply.github.com>
Date: Wed, 17 Aug 2022 18:59:40 -0400
Subject: [PATCH 26/58] Update docs/release-notes/8.4.asciidoc

Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com>
---
 docs/release-notes/8.4.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release-notes/8.4.asciidoc b/docs/release-notes/8.4.asciidoc
index 0f0ee5ab82..bf2e8f22e3 100644
--- a/docs/release-notes/8.4.asciidoc
+++ b/docs/release-notes/8.4.asciidoc
@@ -48,7 +48,7 @@
 * Allows you to define a fallback `@timestamp` when you've defined a timestamp override ({pull}135116[#135116]).
 * Enhances the host risk score modal UI ({pull}133708[#133708]).
 * Updates the lists index template to new logic ({pull}133067[#133067]).
-* Adds event filters to the Event Correlation rule type ({pull}132507[#132507]).
+* Adds event filters to event correlation rules ({pull}132507[#132507]).
 * Allows you to define a data view or index pattern for rules ({pull}130929[#130929]).
 * Adds a treemap and multi-dimensional alert grouping to the Alerts page ({pull}126896[#126896]).
 * Fixes an incorrect counter for exported rules ({pull}138598[#138598]).

From 1c3d531c3c5f9feca8494e2a60587cadeeb9875e Mon Sep 17 00:00:00 2001
From: Benjamin Ironside Goldstein
 <91905639+benironside@users.noreply.github.com>
Date: Wed, 17 Aug 2022 18:59:47 -0400
Subject: [PATCH 27/58] Update docs/release-notes/8.4.asciidoc

Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com>
---
 docs/release-notes/8.4.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release-notes/8.4.asciidoc b/docs/release-notes/8.4.asciidoc
index bf2e8f22e3..ade1344921 100644
--- a/docs/release-notes/8.4.asciidoc
+++ b/docs/release-notes/8.4.asciidoc
@@ -47,7 +47,7 @@
 * Fixes performance issues with rules management ({pull}135311[#135311]).
 * Allows you to define a fallback `@timestamp` when you've defined a timestamp override ({pull}135116[#135116]).
 * Enhances the host risk score modal UI ({pull}133708[#133708]).
-* Updates the lists index template to new logic ({pull}133067[#133067]).
+* Updates the lists index template to use new logic ({pull}133067[#133067]).
 * Adds event filters to event correlation rules ({pull}132507[#132507]).
 * Allows you to define a data view or index pattern for rules ({pull}130929[#130929]).
 * Adds a treemap and multi-dimensional alert grouping to the Alerts page ({pull}126896[#126896]).

From f8b922b5499fad1f24dc5acc2c44ce02d6370df1 Mon Sep 17 00:00:00 2001
From: benironside <benjamin.ironside@elastic.co>
Date: Wed, 17 Aug 2022 16:05:07 -0700
Subject: [PATCH 28/58] Incorporate Nastasha's feedback

---
 docs/release-notes/8.4.asciidoc | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/docs/release-notes/8.4.asciidoc b/docs/release-notes/8.4.asciidoc
index ade1344921..a38810d32b 100644
--- a/docs/release-notes/8.4.asciidoc
+++ b/docs/release-notes/8.4.asciidoc
@@ -8,7 +8,7 @@
 [discrete]
 [[known-issue-8.4.0]]
 ==== Known issue
-
+* If additional look-back time is set for the advanced query rule preview, alerts from source documents that are outside the preview time frame may not appear in the preview ({pull}137422[#137422]).
 
 [discrete]
 [[breaking-changes-8.4.0]]
@@ -24,10 +24,9 @@
 * Creates a new rule type, New Terms, that fires when a value appears for the first time in a particular field ({pull}134526[#134526]).
 * Adds the Insights section to the Alert details flyout to show related cases and alerts ({pull}136009[#136009], {pull}138419[#138419])
 * Shows process alerts in the event process analyzer {pull}135340[#135340]).
-* Creates the "Create dashboard" button to the Dashboards landing page ({pull}136671[#136671]).
 * Adds support for wildcard exceptions for detection rules. New operators are `matches` and `does not match` ({pull}136147[#136147]).
 * Adds a new search query parameter, `dry_run`, to the bulk actions API that allows you to simulate a bulk action without permanently updating rules ({pull}134664[#134664]).
-* Creates the Responder, an interface that enables you to take actions on specific hosts ({pull}134520[#134520])
+* Creates the Responder, an interface that enables you to take actions on specific hosts ({pull}135360[#135360], {pull}134520[#134520])
 * Enables a new method for the Task Manager API: `bulkUpdateSchedules`, which enables you to update the execution timing of `idle` tasks ({pull}132637[#132637]).
 
 [discrete]
@@ -40,9 +39,8 @@
 * Turns grouped navigation on by default ({pull}136819[#136819]).
 * Adds a confirmation dialog to bulk rule export ({pull}136418[#136418]).
 * Adds index pattern information to the Inspect panel ({pull}136407[#136407]).
-* Adds a custom dashboards table to the Dashboards page ({pull}136221[#136221]).
+* Adds a custom dashboards table to the Dashboards page ({pull}136221[#136221], {pull}136671[#136671]).).
 * Fixes a performance issue with alerts that have large fields ({pull}135956[#135956]).
-* Replaces the response actions timeline with the response actions log ({pull}135360[#135360]).
 * Updates the rule exceptions UI ({pull}135255[#135255]).
 * Fixes performance issues with rules management ({pull}135311[#135311]).
 * Allows you to define a fallback `@timestamp` when you've defined a timestamp override ({pull}135116[#135116]).

From 3c048760954d3132b4cf02f3545d3d350eb7956d Mon Sep 17 00:00:00 2001
From: benironside <benjamin.ironside@elastic.co>
Date: Wed, 17 Aug 2022 17:10:09 -0700
Subject: [PATCH 29/58] Incorporates Nastasha's feedback

---
 docs/release-notes/8.4.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release-notes/8.4.asciidoc b/docs/release-notes/8.4.asciidoc
index a38810d32b..77f8eabf29 100644
--- a/docs/release-notes/8.4.asciidoc
+++ b/docs/release-notes/8.4.asciidoc
@@ -59,7 +59,7 @@
 * Fixes several bugs related to refreshing the Alerts page ({pull}137620[#137620]).
 * Fixes a bug with bulk rule deletion with a defined data view ({pull}137585[#137585]).
 * Fixes a bug with look-back time in the **Advanced query preview** ({pull}137517[#137517]).
-* Fixes a bug that prevented threshold rules' Timeline templates from being respected during investigations ({pull}137233[#137233]).
+* Fixes a bug that prevented Threshold Rules' Timeline templates from being respected during investigations ({pull}137233[#137233]).
 * Fixes a permissions bug related to the **Save Timeline** button ({pull}136724[#136724]).
 * Fixes a bug with selecting Timeline templates with the same name ({pull}135694[#135694]).
 * Fixes field aliases to `signal-threshold_result.*` ({pull}135565[#135565]).

From 4302e85d5bebd69924b452b4130891275d1e25e2 Mon Sep 17 00:00:00 2001
From: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com>
Date: Thu, 18 Aug 2022 14:26:01 -0400
Subject: [PATCH 30/58] Update docs/release-notes/8.4.asciidoc

Co-authored-by: Joe Peeples <joe.peeples@elastic.co>
---
 docs/release-notes/8.4.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release-notes/8.4.asciidoc b/docs/release-notes/8.4.asciidoc
index 77f8eabf29..c14679ae4a 100644
--- a/docs/release-notes/8.4.asciidoc
+++ b/docs/release-notes/8.4.asciidoc
@@ -21,7 +21,7 @@
 [discrete]
 [[features-8.4.0]]
 ==== Features
-* Creates a new rule type, New Terms, that fires when a value appears for the first time in a particular field ({pull}134526[#134526]).
+* Creates a new rule type, New Terms, that creates an alert when a value appears for the first time in a particular field ({pull}134526[#134526]).
 * Adds the Insights section to the Alert details flyout to show related cases and alerts ({pull}136009[#136009], {pull}138419[#138419])
 * Shows process alerts in the event process analyzer {pull}135340[#135340]).
 * Adds support for wildcard exceptions for detection rules. New operators are `matches` and `does not match` ({pull}136147[#136147]).

From 55599dd92d4aa184c74234d5d5ae35c71ad76d74 Mon Sep 17 00:00:00 2001
From: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com>
Date: Thu, 18 Aug 2022 14:26:10 -0400
Subject: [PATCH 31/58] Update docs/release-notes/8.4.asciidoc

Co-authored-by: Joe Peeples <joe.peeples@elastic.co>
---
 docs/release-notes/8.4.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release-notes/8.4.asciidoc b/docs/release-notes/8.4.asciidoc
index c14679ae4a..692132bc73 100644
--- a/docs/release-notes/8.4.asciidoc
+++ b/docs/release-notes/8.4.asciidoc
@@ -26,7 +26,7 @@
 * Shows process alerts in the event process analyzer {pull}135340[#135340]).
 * Adds support for wildcard exceptions for detection rules. New operators are `matches` and `does not match` ({pull}136147[#136147]).
 * Adds a new search query parameter, `dry_run`, to the bulk actions API that allows you to simulate a bulk action without permanently updating rules ({pull}134664[#134664]).
-* Creates the Responder, an interface that enables you to take actions on specific hosts ({pull}135360[#135360], {pull}134520[#134520])
+* Creates the response console, an interface that enables you to take actions on specific hosts ({pull}135360[#135360], {pull}134520[#134520])
 * Enables a new method for the Task Manager API: `bulkUpdateSchedules`, which enables you to update the execution timing of `idle` tasks ({pull}132637[#132637]).
 
 [discrete]

From aad41ae077ecc6db6da253500871a70865167a4c Mon Sep 17 00:00:00 2001
From: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com>
Date: Thu, 18 Aug 2022 14:26:16 -0400
Subject: [PATCH 32/58] Update docs/release-notes/8.4.asciidoc

Co-authored-by: Joe Peeples <joe.peeples@elastic.co>
---
 docs/release-notes/8.4.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release-notes/8.4.asciidoc b/docs/release-notes/8.4.asciidoc
index 692132bc73..9ed1eadad9 100644
--- a/docs/release-notes/8.4.asciidoc
+++ b/docs/release-notes/8.4.asciidoc
@@ -39,7 +39,7 @@
 * Turns grouped navigation on by default ({pull}136819[#136819]).
 * Adds a confirmation dialog to bulk rule export ({pull}136418[#136418]).
 * Adds index pattern information to the Inspect panel ({pull}136407[#136407]).
-* Adds a custom dashboards table to the Dashboards page ({pull}136221[#136221], {pull}136671[#136671]).).
+* Adds a custom dashboards table to the Dashboards page ({pull}136221[#136221], {pull}136671[#136671]).
 * Fixes a performance issue with alerts that have large fields ({pull}135956[#135956]).
 * Updates the rule exceptions UI ({pull}135255[#135255]).
 * Fixes performance issues with rules management ({pull}135311[#135311]).

From 5aec400b25416148375ac756e3f77a148a87f93b Mon Sep 17 00:00:00 2001
From: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com>
Date: Thu, 18 Aug 2022 14:26:22 -0400
Subject: [PATCH 33/58] Update docs/release-notes/8.4.asciidoc

Co-authored-by: Joe Peeples <joe.peeples@elastic.co>
---
 docs/release-notes/8.4.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release-notes/8.4.asciidoc b/docs/release-notes/8.4.asciidoc
index 9ed1eadad9..f967b00427 100644
--- a/docs/release-notes/8.4.asciidoc
+++ b/docs/release-notes/8.4.asciidoc
@@ -48,7 +48,7 @@
 * Updates the lists index template to use new logic ({pull}133067[#133067]).
 * Adds event filters to event correlation rules ({pull}132507[#132507]).
 * Allows you to define a data view or index pattern for rules ({pull}130929[#130929]).
-* Adds a treemap and multi-dimensional alert grouping to the Alerts page ({pull}126896[#126896]).
+* Creates a single visualization pane on the Alerts page, and adds a treemap view that shows the distribution of alerts as nested, proportionally-sized tiles. ({pull}126896[#126896]).
 * Fixes an incorrect counter for exported rules ({pull}138598[#138598]).
 * Fixes event filters based on OS version ({pull}138517[#138517]).
 * Fixes a bug that could change the batch size for event search in indicator rules ({pull}138356[#138356]).

From 6ec539c168bc520f6989f2897e7482ff1ee2ed5e Mon Sep 17 00:00:00 2001
From: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com>
Date: Thu, 18 Aug 2022 14:26:28 -0400
Subject: [PATCH 34/58] Update docs/release-notes/8.4.asciidoc

Co-authored-by: Joe Peeples <joe.peeples@elastic.co>
---
 docs/release-notes/8.4.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release-notes/8.4.asciidoc b/docs/release-notes/8.4.asciidoc
index f967b00427..96b333365d 100644
--- a/docs/release-notes/8.4.asciidoc
+++ b/docs/release-notes/8.4.asciidoc
@@ -59,7 +59,7 @@
 * Fixes several bugs related to refreshing the Alerts page ({pull}137620[#137620]).
 * Fixes a bug with bulk rule deletion with a defined data view ({pull}137585[#137585]).
 * Fixes a bug with look-back time in the **Advanced query preview** ({pull}137517[#137517]).
-* Fixes a bug that prevented Threshold Rules' Timeline templates from being respected during investigations ({pull}137233[#137233]).
+* Fixes a bug that prevented threshold rules' Timeline templates from being respected during investigations ({pull}137233[#137233]).
 * Fixes a permissions bug related to the **Save Timeline** button ({pull}136724[#136724]).
 * Fixes a bug with selecting Timeline templates with the same name ({pull}135694[#135694]).
 * Fixes field aliases to `signal-threshold_result.*` ({pull}135565[#135565]).

From 393dd742e780218ec3a5c94aadde715e2ce4ebe1 Mon Sep 17 00:00:00 2001
From: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com>
Date: Thu, 18 Aug 2022 14:26:59 -0400
Subject: [PATCH 35/58] Update docs/release-notes/8.4.asciidoc

Co-authored-by: Joe Peeples <joe.peeples@elastic.co>
---
 docs/release-notes/8.4.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release-notes/8.4.asciidoc b/docs/release-notes/8.4.asciidoc
index 96b333365d..12a1693eb0 100644
--- a/docs/release-notes/8.4.asciidoc
+++ b/docs/release-notes/8.4.asciidoc
@@ -65,7 +65,7 @@
 * Fixes field aliases to `signal-threshold_result.*` ({pull}135565[#135565]).
 * Fixes a bug that lost track of which rules you had selected after refreshing the Rules page ({pull}135533[#135533]).
 * Fixes a bug that lost track of which rules you had selected after applying a bulk action on the Rules page ({pull}135291[#135291]).
-* Fixes a bug that prevented the rule details table from pausing auto-refresh while bulk actions are being applied ({pull}135208[135208]).
+* Fixes a bug that prevented the Rules table from pausing auto-refresh while bulk actions are being applied ({pull}135208[135208]).
 * Fixes a bug that could cause queries with nested fields to fail open ({pull}134866[#134866]).
 * Fixes a bug that slowed down the display of network details ({pull}133539[#133539]).
 * Various minor bug fixes and enhancements ({pull}133079[#133079], {pull}138135[#138135], {pull}138286[#138286], {pull}138131[#138131], {pull}137588[#137588], {pull}137511[#137511], {pull}137492[#137492], {pull}135907[#135907], {pull}135426[#135426]).

From 995dc0a226f8c672d364c5f2c1a371c7b80d0f26 Mon Sep 17 00:00:00 2001
From: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com>
Date: Thu, 18 Aug 2022 14:27:06 -0400
Subject: [PATCH 36/58] Update docs/release-notes/8.4.asciidoc

Co-authored-by: Joe Peeples <joe.peeples@elastic.co>
---
 docs/release-notes/8.4.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release-notes/8.4.asciidoc b/docs/release-notes/8.4.asciidoc
index 12a1693eb0..0e8c975731 100644
--- a/docs/release-notes/8.4.asciidoc
+++ b/docs/release-notes/8.4.asciidoc
@@ -23,7 +23,7 @@
 ==== Features
 * Creates a new rule type, New Terms, that creates an alert when a value appears for the first time in a particular field ({pull}134526[#134526]).
 * Adds the Insights section to the Alert details flyout to show related cases and alerts ({pull}136009[#136009], {pull}138419[#138419])
-* Shows process alerts in the event process analyzer {pull}135340[#135340]).
+* Shows process alerts in the event process analyzer ({pull}135340[#135340]).
 * Adds support for wildcard exceptions for detection rules. New operators are `matches` and `does not match` ({pull}136147[#136147]).
 * Adds a new search query parameter, `dry_run`, to the bulk actions API that allows you to simulate a bulk action without permanently updating rules ({pull}134664[#134664]).
 * Creates the response console, an interface that enables you to take actions on specific hosts ({pull}135360[#135360], {pull}134520[#134520])

From 6aa40e1fdefc5e6808238d9308d4b9d5298260b6 Mon Sep 17 00:00:00 2001
From: "nastasha.solomon" <nastasha.solomon@elastic.co>
Date: Thu, 18 Aug 2022 14:34:35 -0400
Subject: [PATCH 37/58] Part 1 of Daniel's requests

---
 docs/release-notes/8.4.asciidoc | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/docs/release-notes/8.4.asciidoc b/docs/release-notes/8.4.asciidoc
index 0e8c975731..47972356ac 100644
--- a/docs/release-notes/8.4.asciidoc
+++ b/docs/release-notes/8.4.asciidoc
@@ -16,6 +16,7 @@
 // tag::breaking-changes[]
 // NOTE: The breaking-changes tagged regions are reused in the Elastic Installation and Upgrade Guide. The pull attribute is defined within this snippet so it properly resolves in the output.
 :pull: {pull}
+There are no breaking changes in 8.4.0.
 // end::breaking-changes[]
 
 [discrete]
@@ -69,3 +70,6 @@
 * Fixes a bug that could cause queries with nested fields to fail open ({pull}134866[#134866]).
 * Fixes a bug that slowed down the display of network details ({pull}133539[#133539]).
 * Various minor bug fixes and enhancements ({pull}133079[#133079], {pull}138135[#138135], {pull}138286[#138286], {pull}138131[#138131], {pull}137588[#137588], {pull}137511[#137511], {pull}137492[#137492], {pull}135907[#135907], {pull}135426[#135426]).
+* Fixes an {endpoint-cloud-sec} bug on macOS and Linux that could cause CPU spikes if malware protection is enabled on an {endpoint-cloud-sec} integration policy (https://github.com/elastic/endpoint/issues/22[#22]).
+* Fixes a bug that could cause {elastic-endpoint} to crash when outputting log data to {ls}.
+* Adds support for Ubuntu 22.04 and Debian 11 to {endpoint-cloud-sec}.

From 6743a61078786f18df14cde03199b9b4adf89738 Mon Sep 17 00:00:00 2001
From: "nastasha.solomon" <nastasha.solomon@elastic.co>
Date: Thu, 18 Aug 2022 14:43:29 -0400
Subject: [PATCH 38/58] Minor edit

---
 docs/release-notes/8.4.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release-notes/8.4.asciidoc b/docs/release-notes/8.4.asciidoc
index 47972356ac..62edc53eb0 100644
--- a/docs/release-notes/8.4.asciidoc
+++ b/docs/release-notes/8.4.asciidoc
@@ -72,4 +72,4 @@ There are no breaking changes in 8.4.0.
 * Various minor bug fixes and enhancements ({pull}133079[#133079], {pull}138135[#138135], {pull}138286[#138286], {pull}138131[#138131], {pull}137588[#137588], {pull}137511[#137511], {pull}137492[#137492], {pull}135907[#135907], {pull}135426[#135426]).
 * Fixes an {endpoint-cloud-sec} bug on macOS and Linux that could cause CPU spikes if malware protection is enabled on an {endpoint-cloud-sec} integration policy (https://github.com/elastic/endpoint/issues/22[#22]).
 * Fixes a bug that could cause {elastic-endpoint} to crash when outputting log data to {ls}.
-* Adds support for Ubuntu 22.04 and Debian 11 to {endpoint-cloud-sec}.
+* Adds support for Ubuntu 22.04 and Debian 11 to {elastic-endpoint}.

From 4064f3c330122e571ac2a841a4acb17a128e99d9 Mon Sep 17 00:00:00 2001
From: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com>
Date: Thu, 18 Aug 2022 16:32:59 -0400
Subject: [PATCH 39/58] Update docs/release-notes/8.4.asciidoc

Co-authored-by: Joe Peeples <joe.peeples@elastic.co>
---
 docs/release-notes/8.4.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release-notes/8.4.asciidoc b/docs/release-notes/8.4.asciidoc
index 62edc53eb0..247705f8b8 100644
--- a/docs/release-notes/8.4.asciidoc
+++ b/docs/release-notes/8.4.asciidoc
@@ -27,7 +27,7 @@ There are no breaking changes in 8.4.0.
 * Shows process alerts in the event process analyzer ({pull}135340[#135340]).
 * Adds support for wildcard exceptions for detection rules. New operators are `matches` and `does not match` ({pull}136147[#136147]).
 * Adds a new search query parameter, `dry_run`, to the bulk actions API that allows you to simulate a bulk action without permanently updating rules ({pull}134664[#134664]).
-* Creates the response console, an interface that enables you to take actions on specific hosts ({pull}135360[#135360], {pull}134520[#134520])
+* Creates the response console, an interface that enables you to take actions on specific hosts ({pull}135360[#135360], {pull}134520[#134520]).
 * Enables a new method for the Task Manager API: `bulkUpdateSchedules`, which enables you to update the execution timing of `idle` tasks ({pull}132637[#132637]).
 
 [discrete]

From 1238916b35231a12bb3b4595c76f0e08c05a5a41 Mon Sep 17 00:00:00 2001
From: "nastasha.solomon" <nastasha.solomon@elastic.co>
Date: Thu, 18 Aug 2022 16:36:30 -0400
Subject: [PATCH 40/58] Part 2 of Daniel's requests

---
 docs/release-notes/8.4.asciidoc | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/docs/release-notes/8.4.asciidoc b/docs/release-notes/8.4.asciidoc
index 247705f8b8..123b6497bd 100644
--- a/docs/release-notes/8.4.asciidoc
+++ b/docs/release-notes/8.4.asciidoc
@@ -29,6 +29,9 @@ There are no breaking changes in 8.4.0.
 * Adds a new search query parameter, `dry_run`, to the bulk actions API that allows you to simulate a bulk action without permanently updating rules ({pull}134664[#134664]).
 * Creates the response console, an interface that enables you to take actions on specific hosts ({pull}135360[#135360], {pull}134520[#134520]).
 * Enables a new method for the Task Manager API: `bulkUpdateSchedules`, which enables you to update the execution timing of `idle` tasks ({pull}132637[#132637]).
+* Includes integration policy errors and statuses in both {fleet} and {elastic-security} to help troubleshoot when an {agent} has an `Unhealthy` status.
+* Adds Attack surface reduction protections feature to reduce vulnerabilities on Windows endpoints. Credential hardening prevents attackers from stealing credentials stored in Windows system process memory.
+* Adds an endpoint self-healing feature to roll back file changes and processes on Windows endpoints when a prevention alert is generated by enabled protection features.
 
 [discrete]
 [[bug-fixes-8.4.0]]
@@ -71,5 +74,5 @@ There are no breaking changes in 8.4.0.
 * Fixes a bug that slowed down the display of network details ({pull}133539[#133539]).
 * Various minor bug fixes and enhancements ({pull}133079[#133079], {pull}138135[#138135], {pull}138286[#138286], {pull}138131[#138131], {pull}137588[#137588], {pull}137511[#137511], {pull}137492[#137492], {pull}135907[#135907], {pull}135426[#135426]).
 * Fixes an {endpoint-cloud-sec} bug on macOS and Linux that could cause CPU spikes if malware protection is enabled on an {endpoint-cloud-sec} integration policy (https://github.com/elastic/endpoint/issues/22[#22]).
-* Fixes a bug that could cause {elastic-endpoint} to crash when outputting log data to {ls}.
-* Adds support for Ubuntu 22.04 and Debian 11 to {elastic-endpoint}.
+* Fixes a bug that could cause {endpoint-cloud-sec} to crash when outputting log data to {ls}.
+* {endpoint-cloud-sec} can now be added to {agent}s running on Ubuntu 22.04 and Debian 11.

From 31844d91ae3574878ba7dff532e9ce03f81750a9 Mon Sep 17 00:00:00 2001
From: "nastasha.solomon" <nastasha.solomon@elastic.co>
Date: Thu, 18 Aug 2022 16:41:38 -0400
Subject: [PATCH 41/58] Minor changes

---
 docs/release-notes/8.4.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release-notes/8.4.asciidoc b/docs/release-notes/8.4.asciidoc
index 123b6497bd..0b2dedd647 100644
--- a/docs/release-notes/8.4.asciidoc
+++ b/docs/release-notes/8.4.asciidoc
@@ -75,4 +75,4 @@ There are no breaking changes in 8.4.0.
 * Various minor bug fixes and enhancements ({pull}133079[#133079], {pull}138135[#138135], {pull}138286[#138286], {pull}138131[#138131], {pull}137588[#137588], {pull}137511[#137511], {pull}137492[#137492], {pull}135907[#135907], {pull}135426[#135426]).
 * Fixes an {endpoint-cloud-sec} bug on macOS and Linux that could cause CPU spikes if malware protection is enabled on an {endpoint-cloud-sec} integration policy (https://github.com/elastic/endpoint/issues/22[#22]).
 * Fixes a bug that could cause {endpoint-cloud-sec} to crash when outputting log data to {ls}.
-* {endpoint-cloud-sec} can now be added to {agent}s running on Ubuntu 22.04 and Debian 11.
+* Allows {endpoint-cloud-sec} to be added to agents running on Ubuntu 22.04 and Debian 11.

From aed63284f35cd5da78b28e3e093047835923c6f1 Mon Sep 17 00:00:00 2001
From: "nastasha.solomon" <nastasha.solomon@elastic.co>
Date: Thu, 18 Aug 2022 17:24:06 -0400
Subject: [PATCH 42/58] Added osquery feature

---
 docs/release-notes/8.4.asciidoc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docs/release-notes/8.4.asciidoc b/docs/release-notes/8.4.asciidoc
index 0b2dedd647..94d8eb481d 100644
--- a/docs/release-notes/8.4.asciidoc
+++ b/docs/release-notes/8.4.asciidoc
@@ -32,6 +32,7 @@ There are no breaking changes in 8.4.0.
 * Includes integration policy errors and statuses in both {fleet} and {elastic-security} to help troubleshoot when an {agent} has an `Unhealthy` status.
 * Adds Attack surface reduction protections feature to reduce vulnerabilities on Windows endpoints. Credential hardening prevents attackers from stealing credentials stored in Windows system process memory.
 * Adds an endpoint self-healing feature to roll back file changes and processes on Windows endpoints when a prevention alert is generated by enabled protection features.
+* Adds the ability to run query packs as live queries ({pull}132198[#132198]).
 
 [discrete]
 [[bug-fixes-8.4.0]]

From 57ccd20cc96f1c0610a6158a49bfe9927fa83fa0 Mon Sep 17 00:00:00 2001
From: "nastasha.solomon" <nastasha.solomon@elastic.co>
Date: Mon, 22 Aug 2022 10:45:58 -0400
Subject: [PATCH 43/58] Adding input from Lovel

---
 docs/release-notes/8.4.asciidoc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docs/release-notes/8.4.asciidoc b/docs/release-notes/8.4.asciidoc
index 94d8eb481d..c840c52df9 100644
--- a/docs/release-notes/8.4.asciidoc
+++ b/docs/release-notes/8.4.asciidoc
@@ -33,6 +33,7 @@ There are no breaking changes in 8.4.0.
 * Adds Attack surface reduction protections feature to reduce vulnerabilities on Windows endpoints. Credential hardening prevents attackers from stealing credentials stored in Windows system process memory.
 * Adds an endpoint self-healing feature to roll back file changes and processes on Windows endpoints when a prevention alert is generated by enabled protection features.
 * Adds the ability to run query packs as live queries ({pull}132198[#132198]).
+* Provides support for process, file, and network events in Kubernetes. You must enable the session view data setting on your {endpoint-cloud-sec} integration policy to enrich these events with session data and Kubernetes metadata fields.
 
 [discrete]
 [[bug-fixes-8.4.0]]

From fbf8b06c92ba416a30643b0baf5b48220850a950 Mon Sep 17 00:00:00 2001
From: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com>
Date: Tue, 23 Aug 2022 10:18:55 -0400
Subject: [PATCH 44/58] Update docs/release-notes/8.4.asciidoc

---
 docs/release-notes/8.4.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release-notes/8.4.asciidoc b/docs/release-notes/8.4.asciidoc
index c840c52df9..6b4e9c898a 100644
--- a/docs/release-notes/8.4.asciidoc
+++ b/docs/release-notes/8.4.asciidoc
@@ -46,7 +46,7 @@ There are no breaking changes in 8.4.0.
 * Adds a confirmation dialog to bulk rule export ({pull}136418[#136418]).
 * Adds index pattern information to the Inspect panel ({pull}136407[#136407]).
 * Adds a custom dashboards table to the Dashboards page ({pull}136221[#136221], {pull}136671[#136671]).
-* Fixes a performance issue with alerts that have large fields ({pull}135956[#135956]).
+* Fixes a performance issue with creating alerts from source documents that contain a large number of fields. ({pull}135956[#135956]).
 * Updates the rule exceptions UI ({pull}135255[#135255]).
 * Fixes performance issues with rules management ({pull}135311[#135311]).
 * Allows you to define a fallback `@timestamp` when you've defined a timestamp override ({pull}135116[#135116]).

From 29fd5fd915228afdc507617395a165d116c51f67 Mon Sep 17 00:00:00 2001
From: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com>
Date: Tue, 23 Aug 2022 10:27:16 -0400
Subject: [PATCH 45/58] Update docs/release-notes/8.4.asciidoc

---
 docs/release-notes/8.4.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release-notes/8.4.asciidoc b/docs/release-notes/8.4.asciidoc
index 6b4e9c898a..54f5c5a52d 100644
--- a/docs/release-notes/8.4.asciidoc
+++ b/docs/release-notes/8.4.asciidoc
@@ -54,7 +54,7 @@ There are no breaking changes in 8.4.0.
 * Updates the lists index template to use new logic ({pull}133067[#133067]).
 * Adds event filters to event correlation rules ({pull}132507[#132507]).
 * Allows you to define a data view or index pattern for rules ({pull}130929[#130929]).
-* Creates a single visualization pane on the Alerts page, and adds a treemap view that shows the distribution of alerts as nested, proportionally-sized tiles. ({pull}126896[#126896]).
+* Creates a single visualization pane on the Alerts page, and adds a treemap visualization that shows the distribution of alerts as nested, proportionally-sized tiles ({pull}126896[#126896]).
 * Fixes an incorrect counter for exported rules ({pull}138598[#138598]).
 * Fixes event filters based on OS version ({pull}138517[#138517]).
 * Fixes a bug that could change the batch size for event search in indicator rules ({pull}138356[#138356]).

From afcc8ddefb17fc5d6293466bfe7a77fbdcaf33e3 Mon Sep 17 00:00:00 2001
From: "nastasha.solomon" <nastasha.solomon@elastic.co>
Date: Tue, 23 Aug 2022 11:29:29 -0400
Subject: [PATCH 46/58] Adding reviewers' input

---
 docs/release-notes/8.4.asciidoc | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/docs/release-notes/8.4.asciidoc b/docs/release-notes/8.4.asciidoc
index 54f5c5a52d..850eb1078a 100644
--- a/docs/release-notes/8.4.asciidoc
+++ b/docs/release-notes/8.4.asciidoc
@@ -9,6 +9,7 @@
 [[known-issue-8.4.0]]
 ==== Known issue
 * If additional look-back time is set for the advanced query rule preview, alerts from source documents that are outside the preview time frame may not appear in the preview ({pull}137422[#137422]).
+* A new Lucene 9 validation change causes errors when creating an event correlation rule for users who upgrade from {stack} version 7.x to 8.x. To fix this, use triple quotes `""" """` for regular expressions within an event correlation rule. 
 
 [discrete]
 [[breaking-changes-8.4.0]]
@@ -29,7 +30,7 @@ There are no breaking changes in 8.4.0.
 * Adds a new search query parameter, `dry_run`, to the bulk actions API that allows you to simulate a bulk action without permanently updating rules ({pull}134664[#134664]).
 * Creates the response console, an interface that enables you to take actions on specific hosts ({pull}135360[#135360], {pull}134520[#134520]).
 * Enables a new method for the Task Manager API: `bulkUpdateSchedules`, which enables you to update the execution timing of `idle` tasks ({pull}132637[#132637]).
-* Includes integration policy errors and statuses in both {fleet} and {elastic-security} to help troubleshoot when an {agent} has an `Unhealthy` status.
+* Includes integration policy errors and statuses in both {fleet} and {elastic-sec} to help troubleshoot when an {agent} has an `Unhealthy` status.
 * Adds Attack surface reduction protections feature to reduce vulnerabilities on Windows endpoints. Credential hardening prevents attackers from stealing credentials stored in Windows system process memory.
 * Adds an endpoint self-healing feature to roll back file changes and processes on Windows endpoints when a prevention alert is generated by enabled protection features.
 * Adds the ability to run query packs as live queries ({pull}132198[#132198]).
@@ -46,14 +47,14 @@ There are no breaking changes in 8.4.0.
 * Adds a confirmation dialog to bulk rule export ({pull}136418[#136418]).
 * Adds index pattern information to the Inspect panel ({pull}136407[#136407]).
 * Adds a custom dashboards table to the Dashboards page ({pull}136221[#136221], {pull}136671[#136671]).
-* Fixes a performance issue with creating alerts from source documents that contain a large number of fields. ({pull}135956[#135956]).
+* Fixes a performance issue with creating alerts from source documents that contain a large number of fields ({pull}135956[#135956]).
 * Updates the rule exceptions UI ({pull}135255[#135255]).
 * Fixes performance issues with rules management ({pull}135311[#135311]).
 * Allows you to define a fallback `@timestamp` when you've defined a timestamp override ({pull}135116[#135116]).
 * Enhances the host risk score modal UI ({pull}133708[#133708]).
 * Updates the lists index template to use new logic ({pull}133067[#133067]).
 * Adds event filters to event correlation rules ({pull}132507[#132507]).
-* Allows you to define a data view or index pattern for rules ({pull}130929[#130929]).
+* Allows you to define a data view as the rule's data source, making runtime fields available for rule configuration ({pull}130929[#130929]).
 * Creates a single visualization pane on the Alerts page, and adds a treemap visualization that shows the distribution of alerts as nested, proportionally-sized tiles ({pull}126896[#126896]).
 * Fixes an incorrect counter for exported rules ({pull}138598[#138598]).
 * Fixes event filters based on OS version ({pull}138517[#138517]).
@@ -63,8 +64,6 @@ There are no breaking changes in 8.4.0.
 * Fixes a bug that could crash the Endpoints list when a policy ID was missing ({pull}137788[#137788]).
 * Fixes a bug that could interfere with opening host or user details pages ({pull}137719[#137719]).
 * Fixes several bugs related to refreshing the Alerts page ({pull}137620[#137620]).
-* Fixes a bug with bulk rule deletion with a defined data view ({pull}137585[#137585]).
-* Fixes a bug with look-back time in the **Advanced query preview** ({pull}137517[#137517]).
 * Fixes a bug that prevented threshold rules' Timeline templates from being respected during investigations ({pull}137233[#137233]).
 * Fixes a permissions bug related to the **Save Timeline** button ({pull}136724[#136724]).
 * Fixes a bug with selecting Timeline templates with the same name ({pull}135694[#135694]).
@@ -74,7 +73,7 @@ There are no breaking changes in 8.4.0.
 * Fixes a bug that prevented the Rules table from pausing auto-refresh while bulk actions are being applied ({pull}135208[135208]).
 * Fixes a bug that could cause queries with nested fields to fail open ({pull}134866[#134866]).
 * Fixes a bug that slowed down the display of network details ({pull}133539[#133539]).
-* Various minor bug fixes and enhancements ({pull}133079[#133079], {pull}138135[#138135], {pull}138286[#138286], {pull}138131[#138131], {pull}137588[#137588], {pull}137511[#137511], {pull}137492[#137492], {pull}135907[#135907], {pull}135426[#135426]).
+* Various minor bug fixes and enhancements ({pull}133079[#133079], {pull}138135[#138135], {pull}137588[#137588], {pull}137511[#137511], {pull}137492[#137492], {pull}135907[#135907], {pull}135426[#135426]).
 * Fixes an {endpoint-cloud-sec} bug on macOS and Linux that could cause CPU spikes if malware protection is enabled on an {endpoint-cloud-sec} integration policy (https://github.com/elastic/endpoint/issues/22[#22]).
 * Fixes a bug that could cause {endpoint-cloud-sec} to crash when outputting log data to {ls}.
 * Allows {endpoint-cloud-sec} to be added to agents running on Ubuntu 22.04 and Debian 11.

From 0675ebeac476a8802db847ff5c6a6770858d0aaf Mon Sep 17 00:00:00 2001
From: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com>
Date: Tue, 23 Aug 2022 14:58:39 -0400
Subject: [PATCH 47/58] Update docs/release-notes/8.4.asciidoc

---
 docs/release-notes/8.4.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release-notes/8.4.asciidoc b/docs/release-notes/8.4.asciidoc
index 850eb1078a..26929c18cf 100644
--- a/docs/release-notes/8.4.asciidoc
+++ b/docs/release-notes/8.4.asciidoc
@@ -7,7 +7,7 @@
 
 [discrete]
 [[known-issue-8.4.0]]
-==== Known issue
+==== Known issues
 * If additional look-back time is set for the advanced query rule preview, alerts from source documents that are outside the preview time frame may not appear in the preview ({pull}137422[#137422]).
 * A new Lucene 9 validation change causes errors when creating an event correlation rule for users who upgrade from {stack} version 7.x to 8.x. To fix this, use triple quotes `""" """` for regular expressions within an event correlation rule. 
 

From 1f377e0b37d8a89b5aaa1e880a74b8c27ab83df6 Mon Sep 17 00:00:00 2001
From: "nastasha.solomon" <nastasha.solomon@elastic.co>
Date: Tue, 23 Aug 2022 15:34:45 -0400
Subject: [PATCH 48/58] Review feedback from Georgii and Dmitrii

---
 docs/release-notes/8.4.asciidoc | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/docs/release-notes/8.4.asciidoc b/docs/release-notes/8.4.asciidoc
index 26929c18cf..3b881f73c7 100644
--- a/docs/release-notes/8.4.asciidoc
+++ b/docs/release-notes/8.4.asciidoc
@@ -9,7 +9,8 @@
 [[known-issue-8.4.0]]
 ==== Known issues
 * If additional look-back time is set for the advanced query rule preview, alerts from source documents that are outside the preview time frame may not appear in the preview ({pull}137422[#137422]).
-* A new Lucene 9 validation change causes errors when creating an event correlation rule for users who upgrade from {stack} version 7.x to 8.x. To fix this, use triple quotes `""" """` for regular expressions within an event correlation rule. 
+* A new Lucene 9 validation change causes errors when creating an event correlation rule for users who upgrade from {stack} version 7.x to 8.x. To fix this, use triple quotes `""" """` for regular expressions within an event correlation rule.
+* The Rules page incorrectly displays a notification that an update for prebuilt rules is available even if the rules have been fully updated. Currently, there is no way to remove or hide the notification ({pull}139095[#139095]).
 
 [discrete]
 [[breaking-changes-8.4.0]]
@@ -29,7 +30,6 @@ There are no breaking changes in 8.4.0.
 * Adds support for wildcard exceptions for detection rules. New operators are `matches` and `does not match` ({pull}136147[#136147]).
 * Adds a new search query parameter, `dry_run`, to the bulk actions API that allows you to simulate a bulk action without permanently updating rules ({pull}134664[#134664]).
 * Creates the response console, an interface that enables you to take actions on specific hosts ({pull}135360[#135360], {pull}134520[#134520]).
-* Enables a new method for the Task Manager API: `bulkUpdateSchedules`, which enables you to update the execution timing of `idle` tasks ({pull}132637[#132637]).
 * Includes integration policy errors and statuses in both {fleet} and {elastic-sec} to help troubleshoot when an {agent} has an `Unhealthy` status.
 * Adds Attack surface reduction protections feature to reduce vulnerabilities on Windows endpoints. Credential hardening prevents attackers from stealing credentials stored in Windows system process memory.
 * Adds an endpoint self-healing feature to roll back file changes and processes on Windows endpoints when a prevention alert is generated by enabled protection features.
@@ -40,11 +40,11 @@ There are no breaking changes in 8.4.0.
 [[bug-fixes-8.4.0]]
 ==== Bug fixes and enhancements
 * Updates the Network page's UI to match the Hosts and Users pages ({pull}137541[#137541], {pull}136913[#136913]).
-* Fixes an error that could occur when you tried to apply an index pattern to rules using the bulk action option ({pull}134664[#134664]).
+* Improves the experience of bulk editing the index patterns on rules by warning users early that machine learning rules that can’t be edited ({pull}134664[#134664]).
 * Enhances rule previews with configurable rule intervals and look-back times ({pull}137102[#137102]).
 * Enhances the `status pending` badge for endpoint actions with a detailed status when you hover on it ({pull}136966[#136966]).
 * Turns grouped navigation on by default ({pull}136819[#136819]).
-* Adds a confirmation dialog to bulk rule export ({pull}136418[#136418]).
+* Improves the experience of bulk exporting rules by informing users early which rules can and cannot be exported ({pull}136418[#136418]).
 * Adds index pattern information to the Inspect panel ({pull}136407[#136407]).
 * Adds a custom dashboards table to the Dashboards page ({pull}136221[#136221], {pull}136671[#136671]).
 * Fixes a performance issue with creating alerts from source documents that contain a large number of fields ({pull}135956[#135956]).

From b840fd8505d7ef48f85dbd13e2f3f78b90ff3007 Mon Sep 17 00:00:00 2001
From: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com>
Date: Tue, 23 Aug 2022 15:47:55 -0400
Subject: [PATCH 49/58] Update docs/release-notes/8.4.asciidoc

---
 docs/release-notes/8.4.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release-notes/8.4.asciidoc b/docs/release-notes/8.4.asciidoc
index 3b881f73c7..45364c0d41 100644
--- a/docs/release-notes/8.4.asciidoc
+++ b/docs/release-notes/8.4.asciidoc
@@ -59,7 +59,7 @@ There are no breaking changes in 8.4.0.
 * Fixes an incorrect counter for exported rules ({pull}138598[#138598]).
 * Fixes event filters based on OS version ({pull}138517[#138517]).
 * Fixes a bug that could change the batch size for event search in indicator rules ({pull}138356[#138356]).
-* Fixes a bug that could crash the Alert details flyout ({pull}138331[#138331]).
+* Fixes a bug that prevented users from accessing alert details if they didn't have the appropriate privileges to view the internal index `.internal.alerts-security.alerts-spaceId`. Now, the Alert details flyout correctly uses the public alias index `.alerts-security,akerts-spaceId` ({pull}138331[#138331]).
 * Fixes the preview button for {ml} rules ({pull}137878[#137878]).
 * Fixes a bug that could crash the Endpoints list when a policy ID was missing ({pull}137788[#137788]).
 * Fixes a bug that could interfere with opening host or user details pages ({pull}137719[#137719]).

From 70e699dc3f4b52892c1f097f4fb377ff2ecff687 Mon Sep 17 00:00:00 2001
From: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com>
Date: Tue, 23 Aug 2022 17:46:16 -0400
Subject: [PATCH 50/58] Update docs/release-notes/8.4.asciidoc

Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com>
---
 docs/release-notes/8.4.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release-notes/8.4.asciidoc b/docs/release-notes/8.4.asciidoc
index 45364c0d41..c0d94ae057 100644
--- a/docs/release-notes/8.4.asciidoc
+++ b/docs/release-notes/8.4.asciidoc
@@ -50,7 +50,7 @@ There are no breaking changes in 8.4.0.
 * Fixes a performance issue with creating alerts from source documents that contain a large number of fields ({pull}135956[#135956]).
 * Updates the rule exceptions UI ({pull}135255[#135255]).
 * Fixes performance issues with rules management ({pull}135311[#135311]).
-* Allows you to define a fallback `@timestamp` when you've defined a timestamp override ({pull}135116[#135116]).
+* Allows you to disable `@timestamp` as a fallback timestamp field when you've defined a timestamp override ({pull}135116[#135116]).
 * Enhances the host risk score modal UI ({pull}133708[#133708]).
 * Updates the lists index template to use new logic ({pull}133067[#133067]).
 * Adds event filters to event correlation rules ({pull}132507[#132507]).

From 16699bf686948d7fb51070e7728feb92d9a9c113 Mon Sep 17 00:00:00 2001
From: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com>
Date: Tue, 23 Aug 2022 17:46:28 -0400
Subject: [PATCH 51/58] Update docs/release-notes/8.4.asciidoc

Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com>
---
 docs/release-notes/8.4.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release-notes/8.4.asciidoc b/docs/release-notes/8.4.asciidoc
index c0d94ae057..ada9d316dc 100644
--- a/docs/release-notes/8.4.asciidoc
+++ b/docs/release-notes/8.4.asciidoc
@@ -40,7 +40,7 @@ There are no breaking changes in 8.4.0.
 [[bug-fixes-8.4.0]]
 ==== Bug fixes and enhancements
 * Updates the Network page's UI to match the Hosts and Users pages ({pull}137541[#137541], {pull}136913[#136913]).
-* Improves the experience of bulk editing the index patterns on rules by warning users early that machine learning rules that can’t be edited ({pull}134664[#134664]).
+* Improves the experience of bulk editing index patterns on rules by warning users early that machine learning rules can’t be edited ({pull}134664[#134664]).
 * Enhances rule previews with configurable rule intervals and look-back times ({pull}137102[#137102]).
 * Enhances the `status pending` badge for endpoint actions with a detailed status when you hover on it ({pull}136966[#136966]).
 * Turns grouped navigation on by default ({pull}136819[#136819]).

From 0e11986065a63dbb2473f64685f43874c73c1d3d Mon Sep 17 00:00:00 2001
From: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com>
Date: Tue, 23 Aug 2022 17:46:35 -0400
Subject: [PATCH 52/58] Update docs/release-notes/8.4.asciidoc

Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com>
---
 docs/release-notes/8.4.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release-notes/8.4.asciidoc b/docs/release-notes/8.4.asciidoc
index ada9d316dc..42f8782876 100644
--- a/docs/release-notes/8.4.asciidoc
+++ b/docs/release-notes/8.4.asciidoc
@@ -51,7 +51,7 @@ There are no breaking changes in 8.4.0.
 * Updates the rule exceptions UI ({pull}135255[#135255]).
 * Fixes performance issues with rules management ({pull}135311[#135311]).
 * Allows you to disable `@timestamp` as a fallback timestamp field when you've defined a timestamp override ({pull}135116[#135116]).
-* Enhances the host risk score modal UI ({pull}133708[#133708]).
+* Enhances the host risk score UI ({pull}133708[#133708]).
 * Updates the lists index template to use new logic ({pull}133067[#133067]).
 * Adds event filters to event correlation rules ({pull}132507[#132507]).
 * Allows you to define a data view as the rule's data source, making runtime fields available for rule configuration ({pull}130929[#130929]).

From c2b6724713bc006d6565a3156ec97fd79360879f Mon Sep 17 00:00:00 2001
From: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com>
Date: Tue, 23 Aug 2022 17:46:41 -0400
Subject: [PATCH 53/58] Update docs/release-notes/8.4.asciidoc

Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com>
---
 docs/release-notes/8.4.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release-notes/8.4.asciidoc b/docs/release-notes/8.4.asciidoc
index 42f8782876..94f83ab535 100644
--- a/docs/release-notes/8.4.asciidoc
+++ b/docs/release-notes/8.4.asciidoc
@@ -70,7 +70,7 @@ There are no breaking changes in 8.4.0.
 * Fixes field aliases to `signal-threshold_result.*` ({pull}135565[#135565]).
 * Fixes a bug that lost track of which rules you had selected after refreshing the Rules page ({pull}135533[#135533]).
 * Fixes a bug that lost track of which rules you had selected after applying a bulk action on the Rules page ({pull}135291[#135291]).
-* Fixes a bug that prevented the Rules table from pausing auto-refresh while bulk actions are being applied ({pull}135208[135208]).
+* Fixes a bug that prevented the Rules table from pausing auto-refresh while bulk actions were being applied ({pull}135208[135208]).
 * Fixes a bug that could cause queries with nested fields to fail open ({pull}134866[#134866]).
 * Fixes a bug that slowed down the display of network details ({pull}133539[#133539]).
 * Various minor bug fixes and enhancements ({pull}133079[#133079], {pull}138135[#138135], {pull}137588[#137588], {pull}137511[#137511], {pull}137492[#137492], {pull}135907[#135907], {pull}135426[#135426]).

From 6d9148b92ccaf779c1650a23a3feaecebcd179a0 Mon Sep 17 00:00:00 2001
From: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com>
Date: Tue, 23 Aug 2022 17:46:47 -0400
Subject: [PATCH 54/58] Update docs/release-notes/8.4.asciidoc

Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com>
---
 docs/release-notes/8.4.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release-notes/8.4.asciidoc b/docs/release-notes/8.4.asciidoc
index 94f83ab535..8ffef27a87 100644
--- a/docs/release-notes/8.4.asciidoc
+++ b/docs/release-notes/8.4.asciidoc
@@ -30,7 +30,7 @@ There are no breaking changes in 8.4.0.
 * Adds support for wildcard exceptions for detection rules. New operators are `matches` and `does not match` ({pull}136147[#136147]).
 * Adds a new search query parameter, `dry_run`, to the bulk actions API that allows you to simulate a bulk action without permanently updating rules ({pull}134664[#134664]).
 * Creates the response console, an interface that enables you to take actions on specific hosts ({pull}135360[#135360], {pull}134520[#134520]).
-* Includes integration policy errors and statuses in both {fleet} and {elastic-sec} to help troubleshoot when an {agent} has an `Unhealthy` status.
+* Includes integration policy errors and statuses in {fleet} and {elastic-sec} to help troubleshoot when an {agent} has an `Unhealthy` status.
 * Adds Attack surface reduction protections feature to reduce vulnerabilities on Windows endpoints. Credential hardening prevents attackers from stealing credentials stored in Windows system process memory.
 * Adds an endpoint self-healing feature to roll back file changes and processes on Windows endpoints when a prevention alert is generated by enabled protection features.
 * Adds the ability to run query packs as live queries ({pull}132198[#132198]).

From a6f44a3e0d239ebbb7f97ab598ce82a6fd120a20 Mon Sep 17 00:00:00 2001
From: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com>
Date: Tue, 23 Aug 2022 17:46:54 -0400
Subject: [PATCH 55/58] Update docs/release-notes/8.4.asciidoc

Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com>
---
 docs/release-notes/8.4.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release-notes/8.4.asciidoc b/docs/release-notes/8.4.asciidoc
index 8ffef27a87..f11c4f9bd8 100644
--- a/docs/release-notes/8.4.asciidoc
+++ b/docs/release-notes/8.4.asciidoc
@@ -71,7 +71,7 @@ There are no breaking changes in 8.4.0.
 * Fixes a bug that lost track of which rules you had selected after refreshing the Rules page ({pull}135533[#135533]).
 * Fixes a bug that lost track of which rules you had selected after applying a bulk action on the Rules page ({pull}135291[#135291]).
 * Fixes a bug that prevented the Rules table from pausing auto-refresh while bulk actions were being applied ({pull}135208[135208]).
-* Fixes a bug that could cause queries with nested fields to fail open ({pull}134866[#134866]).
+* Fixes a bug that could cause queries with nested fields to fail when opened ({pull}134866[#134866]).
 * Fixes a bug that slowed down the display of network details ({pull}133539[#133539]).
 * Various minor bug fixes and enhancements ({pull}133079[#133079], {pull}138135[#138135], {pull}137588[#137588], {pull}137511[#137511], {pull}137492[#137492], {pull}135907[#135907], {pull}135426[#135426]).
 * Fixes an {endpoint-cloud-sec} bug on macOS and Linux that could cause CPU spikes if malware protection is enabled on an {endpoint-cloud-sec} integration policy (https://github.com/elastic/endpoint/issues/22[#22]).

From eee7c188d02ad9bf9afa32ec2458dbbad1a65e25 Mon Sep 17 00:00:00 2001
From: "nastasha.solomon" <nastasha.solomon@elastic.co>
Date: Tue, 23 Aug 2022 17:51:00 -0400
Subject: [PATCH 56/58] Adding links to OLM feature

---
 docs/release-notes/8.4.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release-notes/8.4.asciidoc b/docs/release-notes/8.4.asciidoc
index f11c4f9bd8..a4b248d87a 100644
--- a/docs/release-notes/8.4.asciidoc
+++ b/docs/release-notes/8.4.asciidoc
@@ -30,7 +30,7 @@ There are no breaking changes in 8.4.0.
 * Adds support for wildcard exceptions for detection rules. New operators are `matches` and `does not match` ({pull}136147[#136147]).
 * Adds a new search query parameter, `dry_run`, to the bulk actions API that allows you to simulate a bulk action without permanently updating rules ({pull}134664[#134664]).
 * Creates the response console, an interface that enables you to take actions on specific hosts ({pull}135360[#135360], {pull}134520[#134520]).
-* Includes integration policy errors and statuses in {fleet} and {elastic-sec} to help troubleshoot when an {agent} has an `Unhealthy` status.
+* Includes integration policy errors and statuses in {fleet} and {elastic-sec} to help troubleshoot when an {agent} has an `Unhealthy` status ({pull}136241[#136241], {pull}136038[#136038]).
 * Adds Attack surface reduction protections feature to reduce vulnerabilities on Windows endpoints. Credential hardening prevents attackers from stealing credentials stored in Windows system process memory.
 * Adds an endpoint self-healing feature to roll back file changes and processes on Windows endpoints when a prevention alert is generated by enabled protection features.
 * Adds the ability to run query packs as live queries ({pull}132198[#132198]).

From 8cac0e15a89f2f2b017baa50afac28b3f9cd6a62 Mon Sep 17 00:00:00 2001
From: "nastasha.solomon" <nastasha.solomon@elastic.co>
Date: Tue, 23 Aug 2022 18:55:41 -0400
Subject: [PATCH 57/58] Made bug less spooky

---
 docs/release-notes/8.4.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release-notes/8.4.asciidoc b/docs/release-notes/8.4.asciidoc
index a4b248d87a..e28d040846 100644
--- a/docs/release-notes/8.4.asciidoc
+++ b/docs/release-notes/8.4.asciidoc
@@ -9,7 +9,7 @@
 [[known-issue-8.4.0]]
 ==== Known issues
 * If additional look-back time is set for the advanced query rule preview, alerts from source documents that are outside the preview time frame may not appear in the preview ({pull}137422[#137422]).
-* A new Lucene 9 validation change causes errors when creating an event correlation rule for users who upgrade from {stack} version 7.x to 8.x. To fix this, use triple quotes `""" """` for regular expressions within an event correlation rule.
+* A new Lucene 9 validation change causes errors whenever regular expressions are included in EQL queries. This bug affects users who upgrade from {stack} version 7.x to 8.x and are using event correlation rules. To resolve this issue, use triple quotes `""" """` for regular expressions in event correlation rule queries.
 * The Rules page incorrectly displays a notification that an update for prebuilt rules is available even if the rules have been fully updated. Currently, there is no way to remove or hide the notification ({pull}139095[#139095]).
 
 [discrete]

From d3d9b38dda323fde5b2cdffb83fb32b5378d82fd Mon Sep 17 00:00:00 2001
From: "nastasha.solomon" <nastasha.solomon@elastic.co>
Date: Tue, 23 Aug 2022 19:03:13 -0400
Subject: [PATCH 58/58] Even less spook

---
 docs/release-notes/8.4.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release-notes/8.4.asciidoc b/docs/release-notes/8.4.asciidoc
index e28d040846..625816323d 100644
--- a/docs/release-notes/8.4.asciidoc
+++ b/docs/release-notes/8.4.asciidoc
@@ -9,7 +9,7 @@
 [[known-issue-8.4.0]]
 ==== Known issues
 * If additional look-back time is set for the advanced query rule preview, alerts from source documents that are outside the preview time frame may not appear in the preview ({pull}137422[#137422]).
-* A new Lucene 9 validation change causes errors whenever regular expressions are included in EQL queries. This bug affects users who upgrade from {stack} version 7.x to 8.x and are using event correlation rules. To resolve this issue, use triple quotes `""" """` for regular expressions in event correlation rule queries.
+* A new Lucene 9 validation change may cause errors whenever regular expressions are included in EQL queries. This bug affects users who upgrade from {stack} version 7.x to 8.x and are using event correlation rules. To resolve this issue, use triple quotes `""" """` for regular expressions in event correlation rule queries.
 * The Rules page incorrectly displays a notification that an update for prebuilt rules is available even if the rules have been fully updated. Currently, there is no way to remove or hide the notification ({pull}139095[#139095]).
 
 [discrete]