[DOCS] 8.4 release notes

docs/release-notes.asciidoc

@@ -3,6 +3,7 @@
 
 This section summarizes the changes in each release.
 
+* <<release-notes-8.4.0, {elastic-sec} version 8.4.0>>
 * <<release-notes-8.3.3, {elastic-sec} version 8.3.3>>
 * <<release-notes-8.3.2, {elastic-sec} version 8.3.2>>
 * <<release-notes-8.3.1, {elastic-sec} version 8.3.1>>
@@ -24,6 +25,7 @@ This section summarizes the changes in each release.
 :issue: https://github.com/elastic/kibana/issues/
 :pull: https://github.com/elastic/kibana/pull/
 
+include::release-notes/8.4.asciidoc[]
 include::release-notes/8.3.asciidoc[]
 include::release-notes/8.2.asciidoc[]
 include::release-notes/8.1.asciidoc[]

docs/release-notes/8.4.asciidoc

@@ -0,0 +1,75 @@
+[[release-notes-header-8.4.0]]
+== 8.4
+
+[discrete]
+[[release-notes-8.4.0]]
+=== 8.4.0
+
+[discrete]
+[[known-issue-8.4.0]]
+==== Known issue
+* If additional look-back time is set for the advanced query rule preview, alerts from source documents that are outside the preview time frame may not appear in the preview ({pull}137422[#137422]).
+
+[discrete]
+[[breaking-changes-8.4.0]]
+==== Breaking changes
+// tag::breaking-changes[]
+// NOTE: The breaking-changes tagged regions are reused in the Elastic Installation and Upgrade Guide. The pull attribute is defined within this snippet so it properly resolves in the output.
+:pull: {pull}
+There are no breaking changes in 8.4.0.
+// end::breaking-changes[]
+
+[discrete]
+[[features-8.4.0]]
+==== Features
+* Creates a new rule type, New Terms, that creates an alert when a value appears for the first time in a particular field ({pull}134526[#134526]).
+* Adds the Insights section to the Alert details flyout to show related cases and alerts ({pull}136009[#136009], {pull}138419[#138419])
+* Shows process alerts in the event process analyzer ({pull}135340[#135340]).
+* Adds support for wildcard exceptions for detection rules. New operators are `matches` and `does not match` ({pull}136147[#136147]).
+* Adds a new search query parameter, `dry_run`, to the bulk actions API that allows you to simulate a bulk action without permanently updating rules ({pull}134664[#134664]).
+* Creates the response console, an interface that enables you to take actions on specific hosts ({pull}135360[#135360], {pull}134520[#134520])
+* Enables a new method for the Task Manager API: `bulkUpdateSchedules`, which enables you to update the execution timing of `idle` tasks ({pull}132637[#132637]).
+
+[discrete]
+[[bug-fixes-8.4.0]]
+==== Bug fixes and enhancements
+* Updates the Network page's UI to match the Hosts and Users pages ({pull}137541[#137541], {pull}136913[#136913]).
+* Fixes an error that could occur when you tried to apply an index pattern to rules using the bulk action option ({pull}134664[#134664]).
+* Enhances rule previews with configurable rule intervals and look-back times ({pull}137102[#137102]).
+* Enhances the `status pending` badge for endpoint actions with a detailed status when you hover on it ({pull}136966[#136966]).
+* Turns grouped navigation on by default ({pull}136819[#136819]).
+* Adds a confirmation dialog to bulk rule export ({pull}136418[#136418]).
+* Adds index pattern information to the Inspect panel ({pull}136407[#136407]).
+* Adds a custom dashboards table to the Dashboards page ({pull}136221[#136221], {pull}136671[#136671]).
+* Fixes a performance issue with alerts that have large fields ({pull}135956[#135956]).
+* Updates the rule exceptions UI ({pull}135255[#135255]).
+* Fixes performance issues with rules management ({pull}135311[#135311]).
+* Allows you to define a fallback `@timestamp` when you've defined a timestamp override ({pull}135116[#135116]).
+* Enhances the host risk score modal UI ({pull}133708[#133708]).
+* Updates the lists index template to use new logic ({pull}133067[#133067]).
+* Adds event filters to event correlation rules ({pull}132507[#132507]).
+* Allows you to define a data view or index pattern for rules ({pull}130929[#130929]).
+* Creates a single visualization pane on the Alerts page, and adds a treemap view that shows the distribution of alerts as nested, proportionally-sized tiles. ({pull}126896[#126896]).
+* Fixes an incorrect counter for exported rules ({pull}138598[#138598]).
+* Fixes event filters based on OS version ({pull}138517[#138517]).
+* Fixes a bug that could change the batch size for event search in indicator rules ({pull}138356[#138356]).
+* Fixes a bug that could crash the Alert details flyout ({pull}138331[#138331]).
+* Fixes the preview button for {ml} rules ({pull}137878[#137878]).
+* Fixes a bug that could crash the Endpoints list when a policy ID was missing ({pull}137788[#137788]).
+* Fixes a bug that could interfere with opening host or user details pages ({pull}137719[#137719]).
+* Fixes several bugs related to refreshing the Alerts page ({pull}137620[#137620]).
+* Fixes a bug with bulk rule deletion with a defined data view ({pull}137585[#137585]).
+* Fixes a bug with look-back time in the **Advanced query preview** ({pull}137517[#137517]).
+* Fixes a bug that prevented threshold rules' Timeline templates from being respected during investigations ({pull}137233[#137233]).
+* Fixes a permissions bug related to the **Save Timeline** button ({pull}136724[#136724]).
+* Fixes a bug with selecting Timeline templates with the same name ({pull}135694[#135694]).
+* Fixes field aliases to `signal-threshold_result.*` ({pull}135565[#135565]).
+* Fixes a bug that lost track of which rules you had selected after refreshing the Rules page ({pull}135533[#135533]).
+* Fixes a bug that lost track of which rules you had selected after applying a bulk action on the Rules page ({pull}135291[#135291]).
+* Fixes a bug that prevented the Rules table from pausing auto-refresh while bulk actions are being applied ({pull}135208[135208]).
+* Fixes a bug that could cause queries with nested fields to fail open ({pull}134866[#134866]).
+* Fixes a bug that slowed down the display of network details ({pull}133539[#133539]).
+* Various minor bug fixes and enhancements ({pull}133079[#133079], {pull}138135[#138135], {pull}138286[#138286], {pull}138131[#138131], {pull}137588[#137588], {pull}137511[#137511], {pull}137492[#137492], {pull}135907[#135907], {pull}135426[#135426]).
+* Fixes an {endpoint-cloud-sec} bug on macOS and Linux that could cause CPU spikes if malware protection is enabled on an {endpoint-cloud-sec} integration policy (https://github.com/elastic/endpoint/issues/22[#22]).
+* Fixes a bug that could cause {elastic-endpoint} to crash when outputting log data to {ls}.
+* Adds support for Ubuntu 22.04 and Debian 11 to {endpoint-cloud-sec}.