From 18c5b8608ae78b27854b76a997c316f7237de468 Mon Sep 17 00:00:00 2001
From: "nastasha.solomon" <nastasha.solomon@elastic.co>
Date: Mon, 10 Feb 2025 09:30:03 -0500
Subject: [PATCH 01/12] First draft

---
 docs/release-notes/9.0.asciidoc | 36 +++++++++++++++++++++++----------
 1 file changed, 25 insertions(+), 11 deletions(-)

diff --git a/docs/release-notes/9.0.asciidoc b/docs/release-notes/9.0.asciidoc
index 684005c91a..7f28335af4 100644
--- a/docs/release-notes/9.0.asciidoc
+++ b/docs/release-notes/9.0.asciidoc
@@ -4,29 +4,43 @@
 coming::[9.0.0]
 
 [discrete]
-[[release-notes-9.0.0]]
-=== 9.0.0
+[[release-notes-9.0.0-beta]]
+=== 9.0.0-beta
 
 [discrete]
-[[known-issue-9.0.0]]
-==== Known issues
-
-[discrete]
-[[breaking-changes-9.0.0]]
+[[breaking-changes-9.0.0-beta]]
 ==== Breaking changes
+* Remove deprecated bulk endpoints from v9.0.0 ({kibana-pull}207906[#207906]).
+* Refactor timeline HTTP API ({kibana-pull}200633[#200633]).
+* Remove deprecated API's ({kibana-pull}199598[#199598]).
+* Disable deprecated rules bulk CRUD API endpoints in Serverless and 9.0 ({kibana-pull}197422[#197422]).
 
 [discrete]
-[[deprecations-9.0.0]]
+[[deprecations-9.0.0-beta]]
 ==== Deprecations
+* Rename plugin to automatic import ({kibana-pull}207325[#207325]).
+* Remove all legacy risk engine code and features ({kibana-pull}201810[#201810]).
+* Remove deprecated API's ({kibana-pull}199598[#199598]).
 
 [discrete]
-[[features-9.0.0]]
+[[features-9.0.0-beta]]
 ==== New features
+* Update CEL flow to UX design ({kibana-pull}206491[#206491]).
+* Eui Refresh ({kibana-pull}204007[#204007]).
 
 [discrete]
-[[enhancements-9.0.0]]
+[[enhancements-9.0.0-beta]]
 ==== Enhancements
+* Use setup and troubleshooting templates in readme ({kibana-pull}206477[#206477]).
+* UI changes for Risk Engine to include closed alerts for risk score calculation ({kibana-pull}201909[#201909]).
+* Adds button to skip empty data page on EA dashboard ({kibana-pull}201363[#201363]).
+* Only check read privileges of extant indices during rule execution ({kibana-pull}177658[#177658]).
 
 [discrete]
-[[bug-fixes-9.0.0]]
+[[bug-fixes-9.0.0-beta]]
 ==== Bug fixes
+* Borealis - Fix table leading actions standardized color ({kibana-pull}207743[#207743]).
+* EUI refresh: Rename color variables ({kibana-pull}204908[#204908]).
+* Only show data warning screen on Serverless ({kibana-pull}201920[#201920]).
+* Assign test files to cloud-security-posture team ({kibana-pull}201003[#201003]).
+

From f2103a7de635d8cdb5b703fb5a2b309a57e814dc Mon Sep 17 00:00:00 2001
From: "nastasha.solomon" <nastasha.solomon@elastic.co>
Date: Mon, 10 Feb 2025 10:28:52 -0500
Subject: [PATCH 02/12] Fixing conflict

---
 docs/release-notes.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release-notes.asciidoc b/docs/release-notes.asciidoc
index 511b9e59bd..3da513e039 100644
--- a/docs/release-notes.asciidoc
+++ b/docs/release-notes.asciidoc
@@ -3,6 +3,6 @@
 
 This section summarizes the changes in each release.
 
-* <<release-notes-9.0.0, {elastic-sec} version 9.0.0>>
+* <<release-notes-9.0.0-beta, {elastic-sec} version 9.0.0-beta>>
 
 include::release-notes/9.0.asciidoc[]
\ No newline at end of file

From 135f7628a45e9dbe48eed84f559b716a2089a971 Mon Sep 17 00:00:00 2001
From: Benjamin Ironside Goldstein
 <91905639+benironside@users.noreply.github.com>
Date: Tue, 11 Feb 2025 17:07:08 -0800
Subject: [PATCH 03/12] Update docs/release-notes/9.0.asciidoc

---
 docs/release-notes/9.0.asciidoc | 1 -
 1 file changed, 1 deletion(-)

diff --git a/docs/release-notes/9.0.asciidoc b/docs/release-notes/9.0.asciidoc
index 7f28335af4..4ae363ae08 100644
--- a/docs/release-notes/9.0.asciidoc
+++ b/docs/release-notes/9.0.asciidoc
@@ -42,5 +42,4 @@ coming::[9.0.0]
 * Borealis - Fix table leading actions standardized color ({kibana-pull}207743[#207743]).
 * EUI refresh: Rename color variables ({kibana-pull}204908[#204908]).
 * Only show data warning screen on Serverless ({kibana-pull}201920[#201920]).
-* Assign test files to cloud-security-posture team ({kibana-pull}201003[#201003]).
 

From fad8a8aa3a36e08d7f4af33492b0d2a8e0bf04f2 Mon Sep 17 00:00:00 2001
From: Benjamin Ironside Goldstein
 <91905639+benironside@users.noreply.github.com>
Date: Tue, 11 Feb 2025 17:07:13 -0800
Subject: [PATCH 04/12] Update docs/release-notes/9.0.asciidoc

---
 docs/release-notes/9.0.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release-notes/9.0.asciidoc b/docs/release-notes/9.0.asciidoc
index 4ae363ae08..c9af4d6ec5 100644
--- a/docs/release-notes/9.0.asciidoc
+++ b/docs/release-notes/9.0.asciidoc
@@ -25,7 +25,7 @@ coming::[9.0.0]
 [discrete]
 [[features-9.0.0-beta]]
 ==== New features
-* Update CEL flow to UX design ({kibana-pull}206491[#206491]).
+* Enables automatic import to accept CEL log samples ({kibana-pull}206491[#206491]).
 * Eui Refresh ({kibana-pull}204007[#204007]).
 
 [discrete]

From 6f7179c7f6ef2861660a52978b1140610aaa2ace Mon Sep 17 00:00:00 2001
From: Benjamin Ironside Goldstein
 <91905639+benironside@users.noreply.github.com>
Date: Tue, 11 Feb 2025 17:07:18 -0800
Subject: [PATCH 05/12] Update docs/release-notes/9.0.asciidoc

---
 docs/release-notes/9.0.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release-notes/9.0.asciidoc b/docs/release-notes/9.0.asciidoc
index c9af4d6ec5..92cd426fea 100644
--- a/docs/release-notes/9.0.asciidoc
+++ b/docs/release-notes/9.0.asciidoc
@@ -18,7 +18,7 @@ coming::[9.0.0]
 [discrete]
 [[deprecations-9.0.0-beta]]
 ==== Deprecations
-* Rename plugin to automatic import ({kibana-pull}207325[#207325]).
+* Renames the `integration-assistant` plugin to `automatic-import` to match the associated feature ({kibana-pull}207325[#207325]).
 * Remove all legacy risk engine code and features ({kibana-pull}201810[#201810]).
 * Remove deprecated API's ({kibana-pull}199598[#199598]).
 

From c0031d4207e1912e7b609d71f399654e055ca79d Mon Sep 17 00:00:00 2001
From: "nastasha.solomon" <nastasha.solomon@elastic.co>
Date: Tue, 11 Feb 2025 23:39:16 -0500
Subject: [PATCH 06/12] Adds KIs and make minor edits

---
 docs/release-notes/9.0.asciidoc | 41 +++++++++++++++++++++++++--------
 1 file changed, 32 insertions(+), 9 deletions(-)

diff --git a/docs/release-notes/9.0.asciidoc b/docs/release-notes/9.0.asciidoc
index 92cd426fea..55331a5c31 100644
--- a/docs/release-notes/9.0.asciidoc
+++ b/docs/release-notes/9.0.asciidoc
@@ -10,23 +10,48 @@ coming::[9.0.0]
 [discrete]
 [[breaking-changes-9.0.0-beta]]
 ==== Breaking changes
-* Remove deprecated bulk endpoints from v9.0.0 ({kibana-pull}207906[#207906]).
-* Refactor timeline HTTP API ({kibana-pull}200633[#200633]).
-* Remove deprecated API's ({kibana-pull}199598[#199598]).
-* Disable deprecated rules bulk CRUD API endpoints in Serverless and 9.0 ({kibana-pull}197422[#197422]).
+* Removes deprecated bulk endpoints from v9.0.0 ({kibana-pull}207906[#207906]).
+* Refactors timeline HTTP API ({kibana-pull}200633[#200633]).
+* Removes deprecated API's ({kibana-pull}199598[#199598]).
+* Disables deprecated rules bulk CRUD API endpoints ({kibana-pull}197422[#197422]).
 
 [discrete]
 [[deprecations-9.0.0-beta]]
 ==== Deprecations
 * Renames the `integration-assistant` plugin to `automatic-import` to match the associated feature ({kibana-pull}207325[#207325]).
-* Remove all legacy risk engine code and features ({kibana-pull}201810[#201810]).
-* Remove deprecated API's ({kibana-pull}199598[#199598]).
+* Removes all legacy risk engine code and features ({kibana-pull}201810[#201810]).
+* Removes deprecated API's ({kibana-pull}199598[#199598]).
+* Deprecates the siem signals migration APIs ({kibana-pull}202662[#202662]). 
+
+[discrete]
+[[known-issue-9.0.0-beta]]
+==== Known issues
+
+// tag::known-issue[]
+[discrete]
+.Duplicate alerts can be produced from manually running threshold rules 
+[%collapsible]
+====
+*Details* +
+On November 12, 2024, it was discovered that manually running threshold rules could produce duplicate alerts if the date range was already covered by a scheduled rule execution.
+====
+// end::known-issue[]
+
+// tag::known-issue[]
+[discrete]
+.Manually running custom query rules with suppression could suppress more alerts than expected
+[%collapsible]
+====
+*Details* +
+On November 12, 2024, it was discovered that manually running a custom query rule with suppression could incorrectly inflate the number of suppressed alerts. 
+====
+// end::known-issue[]
 
 [discrete]
 [[features-9.0.0-beta]]
 ==== New features
 * Enables automatic import to accept CEL log samples ({kibana-pull}206491[#206491]).
-* Eui Refresh ({kibana-pull}204007[#204007]).
+* Applies the latest Elastic UI framework (EUI) to {elastic-sec} features ({kibana-pull}204007[#204007], {kibana-pull}204908[#204908]).
 
 [discrete]
 [[enhancements-9.0.0-beta]]
@@ -40,6 +65,4 @@ coming::[9.0.0]
 [[bug-fixes-9.0.0-beta]]
 ==== Bug fixes
 * Borealis - Fix table leading actions standardized color ({kibana-pull}207743[#207743]).
-* EUI refresh: Rename color variables ({kibana-pull}204908[#204908]).
-* Only show data warning screen on Serverless ({kibana-pull}201920[#201920]).
 

From 2a639ca60178c4f7f43f000d36c6a42d8951e8ee Mon Sep 17 00:00:00 2001
From: "nastasha.solomon" <nastasha.solomon@elastic.co>
Date: Tue, 11 Feb 2025 23:50:48 -0500
Subject: [PATCH 07/12] Revised summaries

---
 docs/release-notes/9.0.asciidoc | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/docs/release-notes/9.0.asciidoc b/docs/release-notes/9.0.asciidoc
index 55331a5c31..6e725e74f5 100644
--- a/docs/release-notes/9.0.asciidoc
+++ b/docs/release-notes/9.0.asciidoc
@@ -10,18 +10,18 @@ coming::[9.0.0]
 [discrete]
 [[breaking-changes-9.0.0-beta]]
 ==== Breaking changes
-* Removes deprecated bulk endpoints from v9.0.0 ({kibana-pull}207906[#207906]).
-* Refactors timeline HTTP API ({kibana-pull}200633[#200633]).
-* Removes deprecated API's ({kibana-pull}199598[#199598]).
-* Disables deprecated rules bulk CRUD API endpoints ({kibana-pull}197422[#197422]).
+* Removes deprecated bulk action API endpoints ({kibana-pull}207906[#207906]).
+* Refactors the Timeline HTTP API endpoints ({kibana-pull}200633[#200633]).
+* Removes deprecated API endpoints for {elastic-defend} ({kibana-pull}199598[#199598]).
+* Disables deprecated API endpoints for bulk CRUD actions ({kibana-pull}197422[#197422]).
 
 [discrete]
 [[deprecations-9.0.0-beta]]
 ==== Deprecations
 * Renames the `integration-assistant` plugin to `automatic-import` to match the associated feature ({kibana-pull}207325[#207325]).
 * Removes all legacy risk engine code and features ({kibana-pull}201810[#201810]).
-* Removes deprecated API's ({kibana-pull}199598[#199598]).
-* Deprecates the siem signals migration APIs ({kibana-pull}202662[#202662]). 
+* Removes deprecated API endpoints for {elastic-defend} ({kibana-pull}199598[#199598]).
+* Deprecates the SIEM signals migration APIs ({kibana-pull}202662[#202662]). 
 
 [discrete]
 [[known-issue-9.0.0-beta]]
@@ -56,13 +56,13 @@ On November 12, 2024, it was discovered that manually running a custom query rul
 [discrete]
 [[enhancements-9.0.0-beta]]
 ==== Enhancements
-* Use setup and troubleshooting templates in readme ({kibana-pull}206477[#206477]).
-* UI changes for Risk Engine to include closed alerts for risk score calculation ({kibana-pull}201909[#201909]).
-* Adds button to skip empty data page on EA dashboard ({kibana-pull}201363[#201363]).
-* Only check read privileges of extant indices during rule execution ({kibana-pull}177658[#177658]).
+* Enhances Automatic Import by including setup and troubleshooting documentation for each input type that's selected in the readme ({kibana-pull}206477[#206477]).
+* Allows users to include `closed`` alerts in risk score calculations ({kibana-pull}201909[#201909]).
+* Adds the ability to continue to the Entity Analytics dashboard when there is no data ({kibana-pull}201363[#201363]).
+* Modifies the privilege-checking behavior during rule execution. Now, only read privileges of extant indices are checked during rule execution ({kibana-pull}177658[#177658]).
 
 [discrete]
 [[bug-fixes-9.0.0-beta]]
 ==== Bug fixes
-* Borealis - Fix table leading actions standardized color ({kibana-pull}207743[#207743]).
+* Ensures that table leading actions are using standardized colors ({kibana-pull}207743[#207743]).
 

From 0da14ae891570682a7c714a2b9ecf9851fc6f7dc Mon Sep 17 00:00:00 2001
From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com>
Date: Wed, 12 Feb 2025 00:22:10 -0500
Subject: [PATCH 08/12] Update docs/release-notes/9.0.asciidoc

---
 docs/release-notes/9.0.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release-notes/9.0.asciidoc b/docs/release-notes/9.0.asciidoc
index 6e725e74f5..cb8dd54abf 100644
--- a/docs/release-notes/9.0.asciidoc
+++ b/docs/release-notes/9.0.asciidoc
@@ -57,7 +57,7 @@ On November 12, 2024, it was discovered that manually running a custom query rul
 [[enhancements-9.0.0-beta]]
 ==== Enhancements
 * Enhances Automatic Import by including setup and troubleshooting documentation for each input type that's selected in the readme ({kibana-pull}206477[#206477]).
-* Allows users to include `closed`` alerts in risk score calculations ({kibana-pull}201909[#201909]).
+* Allows users to include `closed` alerts in risk score calculations ({kibana-pull}201909[#201909]).
 * Adds the ability to continue to the Entity Analytics dashboard when there is no data ({kibana-pull}201363[#201363]).
 * Modifies the privilege-checking behavior during rule execution. Now, only read privileges of extant indices are checked during rule execution ({kibana-pull}177658[#177658]).
 

From 1b9d29528dbef87646e09cf0a5e64f8236cab6e5 Mon Sep 17 00:00:00 2001
From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com>
Date: Wed, 12 Feb 2025 00:22:42 -0500
Subject: [PATCH 09/12] Update docs/release-notes/9.0.asciidoc

---
 docs/release-notes/9.0.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release-notes/9.0.asciidoc b/docs/release-notes/9.0.asciidoc
index cb8dd54abf..7e50062eff 100644
--- a/docs/release-notes/9.0.asciidoc
+++ b/docs/release-notes/9.0.asciidoc
@@ -64,5 +64,5 @@ On November 12, 2024, it was discovered that manually running a custom query rul
 [discrete]
 [[bug-fixes-9.0.0-beta]]
 ==== Bug fixes
-* Ensures that table leading actions are using standardized colors ({kibana-pull}207743[#207743]).
+* Ensures that table actions use standard colors ({kibana-pull}207743[#207743]).
 

From 5dbf720d332b491f3510ef19e36ffdcc27b78511 Mon Sep 17 00:00:00 2001
From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com>
Date: Wed, 12 Feb 2025 00:22:51 -0500
Subject: [PATCH 10/12] Update docs/release-notes/9.0.asciidoc

---
 docs/release-notes/9.0.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release-notes/9.0.asciidoc b/docs/release-notes/9.0.asciidoc
index 7e50062eff..856b50eeba 100644
--- a/docs/release-notes/9.0.asciidoc
+++ b/docs/release-notes/9.0.asciidoc
@@ -50,7 +50,7 @@ On November 12, 2024, it was discovered that manually running a custom query rul
 [discrete]
 [[features-9.0.0-beta]]
 ==== New features
-* Enables automatic import to accept CEL log samples ({kibana-pull}206491[#206491]).
+* Enables Automatic Import to accept CEL log samples ({kibana-pull}206491[#206491]).
 * Applies the latest Elastic UI framework (EUI) to {elastic-sec} features ({kibana-pull}204007[#204007], {kibana-pull}204908[#204908]).
 
 [discrete]

From 33f0e08ff2e5740722515a1c92c012e01546d657 Mon Sep 17 00:00:00 2001
From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com>
Date: Fri, 14 Feb 2025 10:16:13 -0500
Subject: [PATCH 11/12] Update docs/release-notes/9.0.asciidoc

Co-authored-by: Georgii Gorbachev <banderror@gmail.com>
---
 docs/release-notes/9.0.asciidoc | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/docs/release-notes/9.0.asciidoc b/docs/release-notes/9.0.asciidoc
index 856b50eeba..4ac2e753a3 100644
--- a/docs/release-notes/9.0.asciidoc
+++ b/docs/release-notes/9.0.asciidoc
@@ -10,10 +10,9 @@ coming::[9.0.0]
 [discrete]
 [[breaking-changes-9.0.0-beta]]
 ==== Breaking changes
-* Removes deprecated bulk action API endpoints ({kibana-pull}207906[#207906]).
 * Refactors the Timeline HTTP API endpoints ({kibana-pull}200633[#200633]).
 * Removes deprecated API endpoints for {elastic-defend} ({kibana-pull}199598[#199598]).
-* Disables deprecated API endpoints for bulk CRUD actions ({kibana-pull}197422[#197422]).
+* Removes deprecated API endpoints for bulk CRUD actions on detection rules ({kibana-pull}197422[#197422], {kibana-pull}207906[#207906]).
 
 [discrete]
 [[deprecations-9.0.0-beta]]

From 196f1162dd019f7f1316b9fa025b08e381f3b8ef Mon Sep 17 00:00:00 2001
From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com>
Date: Fri, 14 Feb 2025 17:46:03 -0500
Subject: [PATCH 12/12] Update docs/release-notes/9.0.asciidoc

---
 docs/release-notes/9.0.asciidoc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docs/release-notes/9.0.asciidoc b/docs/release-notes/9.0.asciidoc
index 4ac2e753a3..541a6c3943 100644
--- a/docs/release-notes/9.0.asciidoc
+++ b/docs/release-notes/9.0.asciidoc
@@ -51,6 +51,7 @@ On November 12, 2024, it was discovered that manually running a custom query rul
 ==== New features
 * Enables Automatic Import to accept CEL log samples ({kibana-pull}206491[#206491]).
 * Applies the latest Elastic UI framework (EUI) to {elastic-sec} features ({kibana-pull}204007[#204007], {kibana-pull}204908[#204908]).
+* Adds the option to view {es} queries that run during rule execution for threshold, custom query, and {ml} rules ({kibana-pull}203320[#203320]). 
 
 [discrete]
 [[enhancements-9.0.0-beta]]