diff --git a/docs/getting-started/detections-req.asciidoc b/docs/getting-started/detections-req.asciidoc index bc69fe38d3..c639378a6a 100644 --- a/docs/getting-started/detections-req.asciidoc +++ b/docs/getting-started/detections-req.asciidoc @@ -51,6 +51,7 @@ these privileges must visit (click on) the *Detections* page: ** `.items-` + Where `` is the {kib} space name. +* The ability to `view_index_metadata`. * If you want to allow the user to create rules as well as enable the Detections feature, {kib} space `All` privileges for the `Saved Objects Management`. diff --git a/docs/images/detection-rule-failure.png b/docs/images/detection-rule-failure.png new file mode 100644 index 0000000000..c15a63432a Binary files /dev/null and b/docs/images/detection-rule-failure.png differ diff --git a/docs/release-notes.asciidoc b/docs/release-notes.asciidoc index 7d6fbb1f32..9d7da904d3 100644 --- a/docs/release-notes.asciidoc +++ b/docs/release-notes.asciidoc @@ -20,6 +20,62 @@ required to enable the UI. * <>. This is only required if you want to view <>. +[discrete] +[[release-notes-7.10.0]] +== 7.10.0 + +[discrete] +[[breaking-changes-7.10.0]] +==== Breaking changes + +*Signals template updated for rollover indices* + +The `create_index_route` now checks if the template needs to be upgraded +before creating the index. If the index already exists and the template was upgraded, +the index rolls over so that the write index has the upgraded mapping. +This breaks the old mappings that have `risk_score mapped` as a keyword. +In the new mapping, `signal.rule.risk_score` is a float. After rolling over, +there is a conflict between the old and new `signal.rule.risk_score` for some +features, such as aggregations. + +This requires the `view_index_metadata` permission in Kibana. See ({pull}/80019[#80019]) for details. + +*Connect incident fields allowed when cases are sent* + +You can now specify connector incident fields when cases are sent. This includes: +* Jira: issue type, priority, and parent issue in the case of a subtask. +* IBM Resilient: issue types, and severity. +* ServiceNow: urgency, severity, and impact. + +See ({pull}77327[#77327]) for details. + +[discrete] +[[bug-fixes-7.10.0]] +==== Bug fixes and enhancements +* Adds Metadata and Discovery Analysis Jobs to Security Integration ({pull}76023[#76023]). +* Improves Alert Telemetry for the Security app ({pull}77200[#77200]). +* Allows passwords to be visible on security screens ({pull}77394[#77394]). +* Groups features for role management ({pull}78152[#78152]). +* Warns users when security is not configured ({pull}78545[#78545]). +* Enhancements for saved object management workflows ({pull}75444[#75444]). +* Adds EQL search strategy for security ({pull}78645[#78645]). +* Fetches related events from specified devices ({pull}78780[#78780]). +* Excludes cloud alias index from EQL query ({pull}81551[#81551]). +* Telemetry: Displays collected security event sample ({pull}78963[#78963]). +* Analyze Events: Requests data from new event API ({pull}78782[#78782]). +* Detections: Handle conflicts on alert status update ({pull}75492[#75492]). + +[discrete] +[[known-issues-7.10.0]] +==== Known issues + +* If you edit a rule while that rule is running, the rule fails. Subsequent successful runs will retain the previous failure message ({pull}82320[#82320]). ++ +[role="screenshot"] +image::images/detection-rule-failure.png[] + + + [discrete] [[release-notes-7.9.1]] == 7.9.1 @@ -38,6 +94,7 @@ required to enable the UI. * Increases permissions granularity for the `.lists` system index ({pull}75378[#75378]). + [discrete] [[release-notes-7.9.0]] == 7.9.0