From 24238374c8da3968919b0e25c74702a2d9494660 Mon Sep 17 00:00:00 2001 From: "nastasha.solomon" Date: Mon, 4 Nov 2024 19:29:49 -0500 Subject: [PATCH 01/10] First draft --- docs/release-notes.asciidoc | 1 + docs/release-notes/8.15.asciidoc | 24 ++++++++++++++++++++++++ 2 files changed, 25 insertions(+) diff --git a/docs/release-notes.asciidoc b/docs/release-notes.asciidoc index 7a6c8db425..9d05852221 100644 --- a/docs/release-notes.asciidoc +++ b/docs/release-notes.asciidoc @@ -3,6 +3,7 @@ This section summarizes the changes in each release. +* <> * <> * <> * <> diff --git a/docs/release-notes/8.15.asciidoc b/docs/release-notes/8.15.asciidoc index 7a3a786bf5..40732b4e91 100644 --- a/docs/release-notes/8.15.asciidoc +++ b/docs/release-notes/8.15.asciidoc @@ -1,6 +1,30 @@ [[release-notes-header-8.15.0]] == 8.15 +[discrete] +[[release-notes-8.15.4]] +=== 8.15.4 + +[discrete] +[[bug-fixes-8.15.4]] +==== Bug fixes +* Fixes a bug that caused an Elastic AI Assistant error if you had over 20 conversations and tried to access or update any of them ({kibana-pull}197305[#197305]). + +[discrete] +[[known-issue-8.15.4]] +==== Known issues + +// tag::known-issue-189676[] +[discrete] +.Tags appear in Elastic AI Assistant's responses +[%collapsible] +==== +*Details* + +On August 1, 2024, it was discovered that Elastic AI Assistant's responses when using Bedrock Sonnet 3.5 may include `` tags, for example `` ({kibana-issue}189676[#189676]). + +==== +// end::known-issue-189676[] + [discrete] [[release-notes-8.15.3]] === 8.15.3 From 536efd3056cb48da899c6978cabd6a6c7579a2a8 Mon Sep 17 00:00:00 2001 From: "nastasha.solomon" Date: Tue, 5 Nov 2024 13:47:42 -0500 Subject: [PATCH 02/10] Adds endpoint PRs --- docs/release-notes/8.15.asciidoc | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/docs/release-notes/8.15.asciidoc b/docs/release-notes/8.15.asciidoc index 40732b4e91..8f4e12e8a7 100644 --- a/docs/release-notes/8.15.asciidoc +++ b/docs/release-notes/8.15.asciidoc @@ -5,11 +5,6 @@ [[release-notes-8.15.4]] === 8.15.4 -[discrete] -[[bug-fixes-8.15.4]] -==== Bug fixes -* Fixes a bug that caused an Elastic AI Assistant error if you had over 20 conversations and tried to access or update any of them ({kibana-pull}197305[#197305]). - [discrete] [[known-issue-8.15.4]] ==== Known issues @@ -25,6 +20,21 @@ On August 1, 2024, it was discovered that Elastic AI Assistant's responses when ==== // end::known-issue-189676[] +[discrete] +[[enhancements-8.15.4]] +==== Enhancements +* Enhances {elastic-defend} by improving the `call_stack_final_user_module` attribution where potential `proxy_call` modules are encountered during Windows call stack analysis. + +[discrete] +[[bug-fixes-8.15.4]] +==== Bug fixes +* Fixes a bug that caused an Elastic AI Assistant error if you had over 20 conversations and tried to access or update any of them ({kibana-pull}197305[#197305]). +* Improves {elastic-defend} by making the `elastic-endpoint status` command more reliable. Before this fix, the command occasionally failed with an I/O error. +* Fixes an {elastic-defend} process crash that could occur if it was configured to use the Kafka output. +* Fixes a bug where {elastic-defend} could fail to properly enrich Windows API events for short-lived processes on older operating systems that don't natively include this telemetry, such as Windows Server 2019. This might result in dropped or unattributed API events. +* Ensures that {elastic-defend} does not emit an empty `memory_region` if it can't enrich a memory region in an API event. With this fix, {elastic-defend} removes these fields. +* Fixes an {elastic-defend} bug where Windows API events might be dropped if they contain Unicode characters that can't be converted to ANSI. + [discrete] [[release-notes-8.15.3]] === 8.15.3 From 69b577b8412a216a0992ec528ac9f1f09420820a Mon Sep 17 00:00:00 2001 From: "nastasha.solomon" Date: Tue, 5 Nov 2024 15:05:25 -0500 Subject: [PATCH 03/10] DE PR --- docs/release-notes/8.15.asciidoc | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/release-notes/8.15.asciidoc b/docs/release-notes/8.15.asciidoc index 8f4e12e8a7..a94fd674a3 100644 --- a/docs/release-notes/8.15.asciidoc +++ b/docs/release-notes/8.15.asciidoc @@ -29,6 +29,7 @@ On August 1, 2024, it was discovered that Elastic AI Assistant's responses when [[bug-fixes-8.15.4]] ==== Bug fixes * Fixes a bug that caused an Elastic AI Assistant error if you had over 20 conversations and tried to access or update any of them ({kibana-pull}197305[#197305]). +* Fixes a bug that caused fields from all indices to display when adding a filter to a rule that you were editing. Now, only fields from the rule's specified indices appear ({kibana-pull}194678[#194678]). * Improves {elastic-defend} by making the `elastic-endpoint status` command more reliable. Before this fix, the command occasionally failed with an I/O error. * Fixes an {elastic-defend} process crash that could occur if it was configured to use the Kafka output. * Fixes a bug where {elastic-defend} could fail to properly enrich Windows API events for short-lived processes on older operating systems that don't natively include this telemetry, such as Windows Server 2019. This might result in dropped or unattributed API events. From e7b110d72403612e5276ea1f0fb4fc56e2c0da6e Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Tue, 5 Nov 2024 16:33:33 -0500 Subject: [PATCH 04/10] Update docs/release-notes/8.15.asciidoc Co-authored-by: Gabriel Landau <42078554+gabriellandau@users.noreply.github.com> --- docs/release-notes/8.15.asciidoc | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/release-notes/8.15.asciidoc b/docs/release-notes/8.15.asciidoc index a94fd674a3..40e60dc41a 100644 --- a/docs/release-notes/8.15.asciidoc +++ b/docs/release-notes/8.15.asciidoc @@ -28,6 +28,7 @@ On August 1, 2024, it was discovered that Elastic AI Assistant's responses when [discrete] [[bug-fixes-8.15.4]] ==== Bug fixes +* Fixes a conflict that can result in a Windows boot failure `0xC000007B` for `ElasticElam.sys` when {elastic-defend} 8.15.2 or 8.15.3 is installed alongside CrowdStrike. * Fixes a bug that caused an Elastic AI Assistant error if you had over 20 conversations and tried to access or update any of them ({kibana-pull}197305[#197305]). * Fixes a bug that caused fields from all indices to display when adding a filter to a rule that you were editing. Now, only fields from the rule's specified indices appear ({kibana-pull}194678[#194678]). * Improves {elastic-defend} by making the `elastic-endpoint status` command more reliable. Before this fix, the command occasionally failed with an I/O error. From 82fbb50f8ef78c4f4640c7dcc2ed4bdbeecd65c1 Mon Sep 17 00:00:00 2001 From: "nastasha.solomon" Date: Tue, 5 Nov 2024 16:44:08 -0500 Subject: [PATCH 05/10] Moves 195167 to 8.15.4 --- docs/release-notes/8.15.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/release-notes/8.15.asciidoc b/docs/release-notes/8.15.asciidoc index a94fd674a3..6c6b0df77a 100644 --- a/docs/release-notes/8.15.asciidoc +++ b/docs/release-notes/8.15.asciidoc @@ -29,6 +29,7 @@ On August 1, 2024, it was discovered that Elastic AI Assistant's responses when [[bug-fixes-8.15.4]] ==== Bug fixes * Fixes a bug that caused an Elastic AI Assistant error if you had over 20 conversations and tried to access or update any of them ({kibana-pull}197305[#197305]). +* Makes Automatic Import more forgiving if LLMs return ECS mappings in unexpected formats ({kibana-pull}195167[#195167]). * Fixes a bug that caused fields from all indices to display when adding a filter to a rule that you were editing. Now, only fields from the rule's specified indices appear ({kibana-pull}194678[#194678]). * Improves {elastic-defend} by making the `elastic-endpoint status` command more reliable. Before this fix, the command occasionally failed with an I/O error. * Fixes an {elastic-defend} process crash that could occur if it was configured to use the Kafka output. @@ -61,7 +62,6 @@ On August 1, 2024, it was discovered that Elastic AI Assistant's responses when * Fixes a bug that could cause {elastic-defend} to crash on Linux when scanning paths (or paths with children) which include virtual file systems, such as procfs. * Fixes a bug that made alerts wrongfully inherit previously-selected tags ({kibana-pull}194428[#194428]). * Prevents Automatic Import from requesting that LLMs map to reserved ECS fields ({kibana-pull}195168[#195168]). -* Makes Automatic Import more forgiving if LLMs return ECS mappings in unexpected formats ({kibana-pull}195167[#195167]). * Fixes an Automatic Import bug that prevented non-ECS compatible fields from resolving in structured and unstructured system logs ({kibana-pull}194727[#194727]). * Fixes an Automatic Import bug that occurred when uploading a new version of an existing integration ({kibana-pull}194298[#194298]). * Fixes an Automatic Import bug that caused integration deployments to fail after you edited the ingest pipeline ({kibana-pull}194203[#194203]). From e378bd6c9443d5a55c7a55c898f3085f24997af9 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Wed, 6 Nov 2024 11:00:06 -0500 Subject: [PATCH 06/10] Update docs/release-notes/8.15.asciidoc --- docs/release-notes/8.15.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/release-notes/8.15.asciidoc b/docs/release-notes/8.15.asciidoc index 429622e8d3..e61982990c 100644 --- a/docs/release-notes/8.15.asciidoc +++ b/docs/release-notes/8.15.asciidoc @@ -31,7 +31,7 @@ On August 1, 2024, it was discovered that Elastic AI Assistant's responses when * Fixes a conflict that can result in a Windows boot failure `0xC000007B` for `ElasticElam.sys` when {elastic-defend} 8.15.2 or 8.15.3 is installed alongside CrowdStrike. * Fixes a bug that caused an Elastic AI Assistant error if you had over 20 conversations and tried to access or update any of them ({kibana-pull}197305[#197305]). * Makes Automatic Import more forgiving if LLMs return ECS mappings in unexpected formats ({kibana-pull}195167[#195167]). -* Fixes a bug that caused fields from all indices to display when adding a filter to a rule that you were editing. Now, only fields from the rule's specified indices appear ({kibana-pull}194678[#194678]). +* Fixes a bug that caused fields from all indices to display when adding a filter to a rule that you were editing. Now, only fields from the rule's specified indices appear ({kibana-pull}194678[#194678], {kibana-pull}181643[#181643]). * Improves {elastic-defend} by making the `elastic-endpoint status` command more reliable. Before this fix, the command occasionally failed with an I/O error. * Fixes an {elastic-defend} process crash that could occur if it was configured to use the Kafka output. * Fixes a bug where {elastic-defend} could fail to properly enrich Windows API events for short-lived processes on older operating systems that don't natively include this telemetry, such as Windows Server 2019. This might result in dropped or unattributed API events. From 68038d592c02b6ddb71ded26401a73b61c283934 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Thu, 7 Nov 2024 16:56:53 -0500 Subject: [PATCH 07/10] Update docs/release-notes/8.15.asciidoc Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com> --- docs/release-notes/8.15.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/release-notes/8.15.asciidoc b/docs/release-notes/8.15.asciidoc index e61982990c..422546d1dc 100644 --- a/docs/release-notes/8.15.asciidoc +++ b/docs/release-notes/8.15.asciidoc @@ -28,7 +28,7 @@ On August 1, 2024, it was discovered that Elastic AI Assistant's responses when [discrete] [[bug-fixes-8.15.4]] ==== Bug fixes -* Fixes a conflict that can result in a Windows boot failure `0xC000007B` for `ElasticElam.sys` when {elastic-defend} 8.15.2 or 8.15.3 is installed alongside CrowdStrike. +* Fixes a conflict that could result in a Windows boot failure `0xC000007B` for `ElasticElam.sys` when {elastic-defend} 8.15.2 or 8.15.3 was installed alongside CrowdStrike. * Fixes a bug that caused an Elastic AI Assistant error if you had over 20 conversations and tried to access or update any of them ({kibana-pull}197305[#197305]). * Makes Automatic Import more forgiving if LLMs return ECS mappings in unexpected formats ({kibana-pull}195167[#195167]). * Fixes a bug that caused fields from all indices to display when adding a filter to a rule that you were editing. Now, only fields from the rule's specified indices appear ({kibana-pull}194678[#194678], {kibana-pull}181643[#181643]). From ee39929e9b8185e0bb4ba14432fee4625be1061b Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Thu, 7 Nov 2024 16:56:59 -0500 Subject: [PATCH 08/10] Update docs/release-notes/8.15.asciidoc Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com> --- docs/release-notes/8.15.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/release-notes/8.15.asciidoc b/docs/release-notes/8.15.asciidoc index 422546d1dc..641c117bb4 100644 --- a/docs/release-notes/8.15.asciidoc +++ b/docs/release-notes/8.15.asciidoc @@ -35,7 +35,7 @@ On August 1, 2024, it was discovered that Elastic AI Assistant's responses when * Improves {elastic-defend} by making the `elastic-endpoint status` command more reliable. Before this fix, the command occasionally failed with an I/O error. * Fixes an {elastic-defend} process crash that could occur if it was configured to use the Kafka output. * Fixes a bug where {elastic-defend} could fail to properly enrich Windows API events for short-lived processes on older operating systems that don't natively include this telemetry, such as Windows Server 2019. This might result in dropped or unattributed API events. -* Ensures that {elastic-defend} does not emit an empty `memory_region` if it can't enrich a memory region in an API event. With this fix, {elastic-defend} removes these fields. +* Ensures that {elastic-defend} does not emit an empty `memory_region` if it can't enrich a memory region in an API event. After this fix, {elastic-defend} removes these fields. * Fixes an {elastic-defend} bug where Windows API events might be dropped if they contain Unicode characters that can't be converted to ANSI. [discrete] From 7fcef0908b160c3bf8b37f36d94aa60c40650927 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Thu, 7 Nov 2024 16:57:05 -0500 Subject: [PATCH 09/10] Update docs/release-notes/8.15.asciidoc Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com> --- docs/release-notes/8.15.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/release-notes/8.15.asciidoc b/docs/release-notes/8.15.asciidoc index 641c117bb4..d9dce02d32 100644 --- a/docs/release-notes/8.15.asciidoc +++ b/docs/release-notes/8.15.asciidoc @@ -36,7 +36,7 @@ On August 1, 2024, it was discovered that Elastic AI Assistant's responses when * Fixes an {elastic-defend} process crash that could occur if it was configured to use the Kafka output. * Fixes a bug where {elastic-defend} could fail to properly enrich Windows API events for short-lived processes on older operating systems that don't natively include this telemetry, such as Windows Server 2019. This might result in dropped or unattributed API events. * Ensures that {elastic-defend} does not emit an empty `memory_region` if it can't enrich a memory region in an API event. After this fix, {elastic-defend} removes these fields. -* Fixes an {elastic-defend} bug where Windows API events might be dropped if they contain Unicode characters that can't be converted to ANSI. +* Fixes an {elastic-defend} bug where Windows API events could be dropped if they contained Unicode characters that couldn't be converted to ANSI. [discrete] [[release-notes-8.15.3]] From edc579cbbe91a50beffc98d4ce7c3ae39dc323ea Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Thu, 7 Nov 2024 16:57:09 -0500 Subject: [PATCH 10/10] Update docs/release-notes/8.15.asciidoc Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com> --- docs/release-notes/8.15.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/release-notes/8.15.asciidoc b/docs/release-notes/8.15.asciidoc index d9dce02d32..27940a5810 100644 --- a/docs/release-notes/8.15.asciidoc +++ b/docs/release-notes/8.15.asciidoc @@ -34,7 +34,7 @@ On August 1, 2024, it was discovered that Elastic AI Assistant's responses when * Fixes a bug that caused fields from all indices to display when adding a filter to a rule that you were editing. Now, only fields from the rule's specified indices appear ({kibana-pull}194678[#194678], {kibana-pull}181643[#181643]). * Improves {elastic-defend} by making the `elastic-endpoint status` command more reliable. Before this fix, the command occasionally failed with an I/O error. * Fixes an {elastic-defend} process crash that could occur if it was configured to use the Kafka output. -* Fixes a bug where {elastic-defend} could fail to properly enrich Windows API events for short-lived processes on older operating systems that don't natively include this telemetry, such as Windows Server 2019. This might result in dropped or unattributed API events. +* Fixes a bug where {elastic-defend} could fail to properly enrich Windows API events for short-lived processes on older operating systems that didn't natively include this telemetry, such as Windows Server 2019. This could result in dropped or unattributed API events. * Ensures that {elastic-defend} does not emit an empty `memory_region` if it can't enrich a memory region in an API event. After this fix, {elastic-defend} removes these fields. * Fixes an {elastic-defend} bug where Windows API events could be dropped if they contained Unicode characters that couldn't be converted to ANSI.