elastic · benironside · May 25, 2023 · May 12, 2023 · May 15, 2023 · May 16, 2023
@@ -3,6 +3,7 @@
 
 This section summarizes the changes in each release.
 
+* <<release-notes-8.8.0, {elastic-sec} version 8.8.0>>
 * <<release-notes-8.7.1, {elastic-sec} version 8.7.1>>
 * <<release-notes-8.7.0, {elastic-sec} version 8.7.0>>
 * <<release-notes-8.6.2, {elastic-sec} version 8.6.2>>
@@ -37,6 +38,7 @@ This section summarizes the changes in each release.
 :issue: https://github.com/elastic/kibana/issues/
 :pull: https://github.com/elastic/kibana/pull/
 
+include::release-notes/8.8.asciidoc[]
 include::release-notes/8.7.asciidoc[]
 include::release-notes/8.6.asciidoc[]
 include::release-notes/8.5.asciidoc[]

@@ -0,0 +1,98 @@
+[[release-notes-header-8.8.0]]
+== 8.8
+
+[[release-notes-8.8.0]]
+=== 8.8.0
+
+To view a detailed summary of new features and enhancements we've documented this release, check out our {security-guide}/whats-new.html[8.8 release highlights].
+
+[discrete]
+[[known-issue-8.8.0]]
+==== Known issues
+
+* Setting the `max_signals` value higher than the {kibana-ref}/alert-action-settings-kb.html#alert-settings[`xpack.alerting.rules.run.alerts.max`] value will lead to rule failure.
+
+[discrete]
+[[breaking-changes-8.8.0]]
+==== Breaking changes
+
+//tag::breaking-changes[]
+// NOTE: The breaking-changes tagged regions are reused in the Elastic Installation and Upgrade Guide. The pull attribute is defined within this snippet so it properly resolves in the output.
+:pull: https://github.com/elastic/kibana/pull/
+* The privileges for attaching alerts to cases have changed. Now, you need at least `Read` privileges for Security and `All` privileges for Cases ({pull}147985[#147985]).
+* Adds conditional actions to the rules API. In {elastic-sec} 8.7 and earlier, action frequencies were set on a rule level by defining the `throttle` field. In 8.8 and later, action frequencies are set at the action level, and the `throttle` field is replaced by the `frequency` and `alert_filters` fields. The following APIs are affected:
+** <<rules-api-get,Get rule>>
+** <<rules-api-find,Find rules>>
+** <<rules-api-create,Create rule>>
+** <<rules-api-update,Update rule>>
+** <<bulk-actions-rules-api,Bulk rule actions>>
+
+//end::breaking-changes[]
+
+
+[discrete]
+[[deprecations-8.8.0]]
+==== Deprecations
+
+* The rule level `throttle` field is deprecated in {elastic-sec} 8.8 and is scheduled for end of life in Q4 of 2024. In {elastic-sec} 8.8 and later, we strongly recommend using the action level `frequency` field to set frequencies for individual rule actions.
+
+
+[discrete]
+[[features-8.8.0]]
+==== New features
+
+* Introduces <<vuln-management-overview, Cloud native vulnerability management>>, which scans your cloud VMs for vulnerabilities, and adds a tab to the Findings page that displays vulnerabilities ({pull}154388[#154388], {pull}154873[#154873], {pull}155045[#155045]).
+* Introduces <<d4c-overview, container workload protection>>, which allows you to monitor and protect your Kubernetes workloads.
+* Adds a new response action that allows you to execute commands on a selected host ({pull}150202[#150202]).
+* Adds the `kibana.alert.url` field to alert documents. This field provides a shareable URL for the alert ({pull}155069[#155069]).
+* Adds the ability to duplicate a shared exception list ({pull}154991[#154991]).
+* Allows Timeline notes to be deleted ({pull}154834[#154834]).
+* Allows you to specify conditions for when rule actions should run ({pull}154680[#154680]).
+* Adds the ability to snooze rule notifications from the Rules table, the rule details page, or the Actions tab when editing a rule ({pull}153083[#153083], {pull}155407[#155407], {pull}155612[#155612]).
+* Adds controls to the Alerts page that allow you to customize which filters appear at the top of the page ({pull}152450[#152450]).
+
+
+
+[discrete]
+[[enhancements-8.8.0]]
+==== Enhancements
+
+* Renames the Notable Anomalies section in the Entity Analytics dashboard to Anomalies ({pull}155687[#155687]).
+* Displays additional {ml} anomaly jobs on the Entity Analytics dashboard ({pull}155520[#155520]).
+* Makes alert count links on the Entity Analytics dashboard navigate to the Alerts page instead of opening in Timeline ({pull}153372[#153372]).
+* Updates the Data Quality dashboard to include a new tree map and storage size metrics for each index ({pull}155581[#155581]).
+* Adds cloud infrastructure-related fields to the alert details flyout highlighted fields section ({pull}155247[#155247]).
+* Allows you to specify how to handle alert suppression for alerts with missing fields ({pull}155055[#155055]).
+* Gives users more control over how they receive alert notifications and lets them define conditions that must be met for a notification to occur ({pull}154526[#154526]).
+* Adds a warning message to tell you when a rule has reached the maximum number of alerts limit ({pull}154112[#154112]).
+* Updates how browser field descriptions are provided to {kib} ({pull}153498[#153498]).
+* Enables multi-level grouping for alerts on the Alerts page, based on various fields ({pull}152862[#152862]).
+* Adds links to the Detection & Response and Entity Analytics dashboards that jump to the Alerts page with filters enabled ({pull}152714[#152714]).
+* Updates the visualizations throughout {elastic-sec} to Lens visualizations ({pull}150531[#150531]).
+* Adds a *Share alert* link to the alert details flyout ({pull}148800[#148800]).
+* Adds a warning message to the Rules page when a maintenance window is running ({pull}155386[#155386]).
+* Adds a global search bar to the Detections and Response and Entity Analytics dashboards ({pull}156832[#156832]).
+* Adds the "Investigate in timeline" inline action to alert counts on the Detections and Response and Entity Analytics dashboards ({pull}154299[#154299]).
+* Session view: Makes the row representing the session leader remain visible when you scroll past it, and adds a button to this row that allows you to collapse child processes ({pull}154982[#154982]).
+* Reduces Linux process event volume by about 50% by combining `fork`, `exec`, and `end` events when they occur around the same time (does not affect queries of this data) ({pull}153213[#153213]).
+* Updates where the technical preview tags appear for host risk score features ({pull}156659[#156659], {pull}156514[#156514]).
+
+[discrete]
+[[bug-fixes-8.8.0]]
+==== Bug fixes
+
+* Fixes a bug that interfered with the default time range when you opened an alert in Timeline ({pull}156884[#156884]).
+* Fixes a bug that could cause the Alerts page to become unresponsive after entering an invalid query ({pull}156542[#156542]).
+* Updates the colors used for entity analytic graphs to match those used for alert graphs ({pull}156383[#156383]).
+* Fixes a bug that caused errors on the Data Quality dashboard when a `basePath` was configured ({pull}156233[#156233]).
+* Fixes a bug that could cause problems when different users simultaneously edited a Timeline ({pull}155663[#155663]).
+* Fixes a bug that could cause the wrong number of rules to appear in the modal for duplicating rules ({pull}155959[#155959]).
+* Fixes a bug that could cause a blank option to appear in the Create rule exception form ({pull}155221[#155221]).
+* Fixes issues that affected tags in the Add rule exception component of the Shared Exception Lists page ({pull}155219[#155219]).
+* Fixes a bug that displayed an outdated count of affected rules on the Shared Exception Lists page ({pull}155108[#155108]).
+* Improves performance for rendering indicator match alerts on the Alerts page ({pull}154821[#154821]).
+* Fixes a bug that could affect alert prevalence counts on the Alerts page ({pull}154544[#154544]).
+* Fixes a bug that could prevent you from using breadcrumbs to return to the Rules page ({pull}150322[#150322]).
+* Fixes a bug that could prevent the *View all open alerts* button on the Detection and Response dashboard from applying the correct filters ({pull}156893[#156893]).
+* Fixes several bugs related to session view and and Kubernetes dashboard ({pull}154982[#154982]).
+* Fixes the delete index API so it only removes {elastic-sec} 7.x signals indices (`.siem-signals-<space-id>`), index templates, and ILMs and doesn't delete 8.x alert indices (`.alerts-security.alerts-<space-id>`).