elastic · benironside · Jan 9, 2023 · Nov 30, 2022 · Nov 30, 2022 · Nov 30, 2022
@@ -31,6 +31,7 @@ This section summarizes the changes in each release.
 :issue: https://github.com/elastic/kibana/issues/
 :pull: https://github.com/elastic/kibana/pull/
 
+include::release-notes/8.6.asciidoc[]
 include::release-notes/8.5.asciidoc[]
 include::release-notes/8.4.asciidoc[]
 include::release-notes/8.3.asciidoc[]

@@ -0,0 +1,91 @@
+[[release-notes-header-8.6.0]]
+== 8.6
+
+[discrete]
+[[release-notes-8.6.0]]
+=== 8.6.0
+
+[discrete]
+[[known-issue-8.6.0]]
+==== Known issues
+There are no known issues in 8.6.0.
+
+[discrete]
+[[breaking-changes-8.6.0]]
+==== Breaking changes
+// tag::breaking-changes[]
+// NOTE: The breaking-changes tagged regions are reused in the Elastic Installation and Upgrade Guide. The pull attribute is defined within this snippet so it properly resolves in the output.
+:pull: {pull}
+There are no breaking changes in 8.6.0.
+// end::breaking-changes[]
+
+
+[discrete]
+[[deprecations-8.6.0]]
+==== Deprecations
+There are no deprecations in 8.6.0.
+
+
+[discrete]
+[[features-8.6.0]]
+==== Features
+* Allows you to add indicators to new or existing cases ({pull}145121[#145121]).
+* Adds the `is one of` operator to the *Add field* menu in Timeline ({pull}144988[#144988]).
+* Adds an "Add to timeline investigation" button to the User Risk Scores and Host Risk Scores cards on the Entity Analytics dashboard ({pull}144819[#144819]).
+* Provides the option to duplicate rules and their exceptions or rules only ({pull}144782[#144782]).
+* Improves the Rule Exceptions interface and allows you to export read-only exception lists ({pull}144383[#144383]).
+* Enables a technical preview of functionality that allows users to create runtime queries that can be parameterized from alert data or hard coded literal values. ({pull}145240[#145240]).
+* Allows users to deploy Osquery across all {agent} policies or on specified policies only ({pull}143948[#143948]).
+* Creates a new connector for Tines ({pull}143505[#143505]).
+* Updates the UI for adding and editing exceptions ({pull}143127[#143127]).
+* Creates a Rule Exceptions page for creating, viewing, and modifying shared exception lists ({pull}143041[#143041]).
+* Enables you to bulk-add events to Timeline (up to 4000) ({pull}142737[#142737]).
+* Enables alert suppression per rule execution for custom query rules ({pull}142686[#142686]).
+* Improves role-based-access-controls for {kib} users performing response actions to allow security teams to practice least privilege ({pull}142825[#142825]).
+
+[discrete]
+[[bug-fixes-8.6.0]]
+==== Bug fixes and enhancements
+* Adds the *View indicators* button to the Threat Intelligence card ({pull}145125[#145125]).
+* Improves the interface for creating rule exceptions and shared exception lists ({pull}144575[#144575]).
+* Adds cases metadata to the alert alert details page, in the Cases panel ({pull}144430[#144430]).
+* Improves the UX for managing {ml} jobs while managing {ml} rules ({pull}144080[#144080]).
+* Enables you to run {ml} jobs from the Notable Anomalies table ({pull}142861[#142861]).
+* Adds a guided onboarding flow to help you create your first rules ({pull}144016[#144016], {pull}143598[#143598]).
+* Updates the take action UI for charts on the Hosts, Users, and Network pages ({pull}138369[#138369]).
+* Adds a *Respond* button to the Host Details page for hosts with an {agent} installed ({pull}143988[#143988]).
+* Allows you to add up to three new terms to New Terms rule queries, enabling you to create alerts when multiple new terms appear in the same event ({pull}143943[#143943]).
+* Allows you to launch Timeline from the Entity Analytics dashboard by clicking alert counts ({pull}143841[#143841]).
+* Adds missing TLP Marking badges to the Indicators table and Indicator details page ({pull}143431[#143431]).
+* Ensures the empty state of the Indicators page does not appear when any threat intelligence integrations are installed ({pull}143328[#143328]).
+* Turns the anomalies count on the Entity Analytics dashboard into a link that jumps down the page to the Anomalies table ({pull}143085[#143085])
+* Pre-selects the `threat` category when you open the Fields browser ({pull}142698[#142698]).
+* Adds a `copy to clipboard` action for indicators throughout the Threat Intelligence plugin ({pull}142675[#142675]).
+* Adds a `User risk classification` column to the Users table ({pull}142610[#142610]).
+* Adds a label to the Indicators page that states when it was last updated ({pull}142560[#142560]).
+* Specifies that links from the Threat Intelligence plugin to the Integrations page should open the Threat Intelligence integrations category ({pull}142538[#142538]).
+* Enables full-screen mode on the Indicators table ({pull}142519[#142519]).
+* Implements the standard searchbar and date picker on the Threat Intelligence page ({pull}142336[#142336]).
+* Updates the design of the Rule Exceptions page ({pull}142289[#142289]).
+* Displays comments for expanded items in the Action history page ({pull}141938[#141938]).
+// Items below this line were labeled as "bugfixes" rather than "enhancements"
+* Replaces the *Run job* button with a *Stop job* button when the job is running ({pull}146407[#146407]).
+* Fixes a bug that prevented you from editing an exception while adding a comment to it from the Rules details flyout ({pull}145575[#145575]).
+* Fixes a bug that could cause rule previews for New Terms rules to fail ({pull}145707[#145707]).
+* Fixes a bug that could cause a `Page not found` error when you navigated to a shared exception list ({pull}145833[#145833]).
+* Fixes a bug with the loading indicator that appears when bulk actions are pending ({pull}145905[#145905]).
+* Fixes a bug with the display of the count of linked rules for shared exception lists ({pull}145976[#145976]).
+* Fixes a bug that prevented you from editing {endpoint} policies created before version 8.3.0 if you had a basic license ({pull}146050[#146050]).
+* Fixes a bug that sometimes prevented the Rules table from updating as expected ({pull}146271[#146271]).
+* Fixes a bug that sometimes prevented the display of rule preview graphs for custom rules ({pull}142120[#142120]).
+* Removes the "Optional" label from the `Additional look-back time` rule setting ({pull}142375[#142375]).
+* Fixes a bug that could result in duplicate entries in the Host's page's Events table query ({pull}143239[#143239]).
+* Fixes a bug that could interfere with Platinum users' access to the Host Isolation page ({pull}143366[#143366]).
+* Fixes a bug that prevented Analyzer's state from persisting when you switched tabs on the Alerts page ({pull}144291[#144291]).
+* Fixes a bug that sometimes caused a page crash when you searched for an indicator ID on the Intelligence page ({pull}144344[#144344]).
+* Fixes a bug that prevented newly imported rules from appearing on the Rules page before the page was refreshed ({pull}144359[#144359]).
+* Fixes a bug with the toast message for successful bulk editing of rules ({pull}144497[#144497]).
+* Fixes a bug that prevented Analyzer from opening in Timeline when the "Show only detection alerts" option is enabled ({pull}144705[#144705]).
+* Fixes bugs that affected the display and persistence of event action menus ({pull}145025[#145025]).
+* Fixes a bug that limited the display of breadcrumbs on the Rule Exceptions page ({pull}145605[#145605]).
+* Fixes various minor UI bugs on the Rule exceptions page ({pull}145334[#145334]).