elastic · benironside · May 25, 2023 · May 12, 2023 · May 15, 2023 · May 16, 2023
@@ -3,6 +3,7 @@
 
 This section summarizes the changes in each release.
 
+* <<release-notes-8.8.0, {elastic-sec} version 8.8.0>>
 * <<release-notes-8.7.1, {elastic-sec} version 8.7.1>>
 * <<release-notes-8.7.0, {elastic-sec} version 8.7.0>>
 * <<release-notes-8.6.2, {elastic-sec} version 8.6.2>>
@@ -37,6 +38,7 @@ This section summarizes the changes in each release.
 :issue: https://github.com/elastic/kibana/issues/
 :pull: https://github.com/elastic/kibana/pull/
 
+include::release-notes/8.8.asciidoc[]
 include::release-notes/8.7.asciidoc[]
 include::release-notes/8.6.asciidoc[]
 include::release-notes/8.5.asciidoc[]

@@ -0,0 +1,97 @@
+[[release-notes-header-8.8.0]]
+== 8.8
+
+[[release-notes-8.8.0]]
+=== 8.8.0
+
+[discrete]
+[[known-issue-8.8.0]]
+==== Known issues
+
+* Setting the `max_signals` value higher than the {kibana-ref}/alert-action-settings-kb.html#alert-settings[`xpack.alerting.rules.run.alerts.max`] value will lead to rule failure.
+
+[discrete]
+[[breaking-changes-8.8.0]]
+==== Breaking changes
+
+//tag::breaking-changes[]
+// NOTE: The breaking-changes tagged regions are reused in the Elastic Installation and Upgrade Guide. The pull attribute is defined within this snippet so it properly resolves in the output.
+:pull: https://github.com/elastic/kibana/pull/
+* The privileges for attaching alerts to cases has changed. Now, you need at least `Read` privileges for Security and `All` privileges for Cases ({pull}147985[#147985]).
+* Rule API changes are introduced with conditional actions. In {elastic-sec} 8.7 and earlier, action frequencies were set on a rule level by defining the `throttle` field. In 8.8, action frequencies are set on an action level and the `throttle` field is replaced by the `frequency` and `alert_filters` fields. The following APIs are affected:
+** <<rules-api-get,Get rule>>
+** <<rules-api-find,Find rules>>
+** <<rules-api-create,Create rule>>
+** <<rules-api-update,Update rule>>
+** <<bulk-actions-rules-api,Bulk rule actions>>
+
+//end::breaking-changes[]
+
+
+[discrete]
+[[deprecations-8.8.0]]
+==== Deprecations
+There are no deprecations in 8.8.0.
+
+
+[discrete]
+[[features-8.8.0]]
+==== New features
+
+* Adds a new response action that allows you to execute commands on a selected host (https://github.com/elastic/security-team/issues/5441[5441]).
+* Adds a threat intelligence overview section to alert details for alerts generated by indicator rules ({pull}155328[#155328]).
+* Adds the `kibana.alert.url` field to alert events. Its value is a link to the alert details in Kibana ({pull}155069[#155069]).
+* Adds an option to duplicate a shared exception list from its more actions menu ({pull}154991[#154991]).
+* Adds a button that allows you to delete a note from a Timeline ({pull}154834[#154834]).
+* Adds rule action filters that let you specify whether actions should only run under particular conditions ({pull}154680[#154680]).
+* Adds a "snooze rule" button to the rules table ({pull}153083[#153083]).
+* Adds a "snooze rule" button to the rule details and edit rule pages ({pull}155407[#155407], {pull}155612[#155612]).
+* Adds controls to the Alerts page that allow you to customize which filters appear at the top of the page ({pull}152450[#152450]).
+* Adds an expandable section to the alert details flyout with various additional features and information. NOTE: to access this functionality you currently need to add a line to the `kibana.json` file. {pull}152935[#152935], {pull}152767[#152767], {pull}152303[#152303], {pull}152150[#152150], {pull}152047[#152047], {pull}150240[#150240], {pull}153807[#153807], {pull}153187[#153187], {pull}153706[#153706], {pull}153074[#153074], {pull}154196[#154196], {pull}153903[#153903], {pull}154114[#154114]).
+* Adds a "visualizations" section to the Alert details flyout ({pull}154786[#154786]).
+* Adds Analyzer to the expanded alert details flyout ({pull}153709[#153709]).
+* Adds Session View to the expanded alert details flyout ({pull}154597[#154597]).
+
+
+LENS update: visualizations throughout security have been updated to Lens visualizations, and can be opened in Lens
+
+[discrete]
+[[enhancements-8.8.0]]
+==== Enhancements
+
+* Updates the Notable anomalies table, and renames it to Anomalies ({pull}155687[#155687]).
+* Updates the Data Quality dashboard to include a new tree map, and storage size metrics for each index ({pull}155581[#155581]).
+* Displays additional anomaly jobs on the Entity Analytics dashboard ({pull}155520[#155520]).
+* Adds cloud infrastructure-related fields to the alert details flyout's highlighted fields ({pull}155247[#155247]).
+* Allows you to specify how to handle alert suppression for alerts with missing fields ({pull}155055[#155055]).
+* Updates the rule settings Actions interface ({pull}154526[#154526]).
+* Adds a warning message to tell you when the maximum number of alerts for a single rule execution is exceeded ({pull}154112[#154112]).
+* Updates how browser field descriptions are provided to {kib} ({pull}153498[#153498]).
+* Makes alert links on the Entity Analytics page navigate to the Alerts page instead of opening in Timeline ({pull}153372[#153372]).
+* Enables multi-level grouping for alerts on the Alerts page, based on various fields ({pull}152862[#152862]).
+* Makes it possible to link directly to a version of the Alerts page with filters active, and makes widgets on the Detection and Response dashboard do so ({pull}152714[#152714]).
+* Updates the visualizations throughout {elastic-sec} to Lens visualizations ({pull}150531[#150531]).
+* Adds a "Share alert" button to the alert details flyout, and makes alert flyout URLs more sharable ({pull}148800[#148800]).
+* Adds a note to the Rules page when a maintenance window is running ({pull}155386[#155386]).
+* Adds a global search bar to the Detections and Response and Entity Analytics dashboards ({pull}156832[#156832]).
+
+
+[discrete]
+[[bug-fixes-8.8.0]]
+==== Bug fixes
+
+* Fixes a bug that interfered with the default time range when you opened an alert in Timeline ({pull}156884[#156884]).
+* Updates where the technical preview tags appear for host risk score features ({pull}156659[#156659], {pull}156514[#156514]).
+* Fixes a bug that could cause the alerts page to become unresponsive after you entered an invalid query ({pull}156542[#156542]).
+* Updates the colors used for entity analytics graphs to match the colors used for alerts graphs ({pull}156383[#156383]).
+* Fixes a bug that caused errors on the Data Quality dashboard when a `basePath` was configured ({pull}156233[#156233]).
+* Fixes a bug that could cause problems when different users edited a single timeline simultaneously ({pull}155663[#155663]).
+* Fixes a bug that could cause the wrong number of rules to appear in the interface for duplicating rules ({pull}155959[#155959]).
+* Fixes a bug that could cause a blank option to appear in the Create rule exception interface ({pull}155221[#155221]).
+* Fixes issues that affected tags in the Add rule exception component of the Shared Exception Lists page ({pull}155219[#155219]).
+* Fixes a bug that displayed an outdated count of affected rules on the Shared Exception Lists page ({pull}155108[#155108]).
+* Improves performance for rendering indicator match alerts on the Alerts page ({pull}154821[#154821]).
+* Fixes a bug that could affect alert prevalence counts on the Alerts page ({pull}154544[#154544]).
+* Adds the "Add to timeline" action to alert counts on the Detections and Response dashboard and the Entity Analytics dashboard ({pull}154299[#154299]).
+* Fixes a bug that could prevent you from using breadcrumbs to navigate back to the Rules page ({pull}150322[#150322]).
+* Fixes a bug that could prevent the *View all open alerts* button on the Detection and Response dashboard from applying the right filters ({pull}156893[#156893]).