diff --git a/docs/release-notes.asciidoc b/docs/release-notes.asciidoc index ca0c04c2e4..0455ed1078 100644 --- a/docs/release-notes.asciidoc +++ b/docs/release-notes.asciidoc @@ -3,6 +3,7 @@ This section summarizes the changes in each release. +* <> * <> * <> * <> @@ -37,6 +38,7 @@ This section summarizes the changes in each release. :issue: https://github.com/elastic/kibana/issues/ :pull: https://github.com/elastic/kibana/pull/ +include::release-notes/8.8.asciidoc[] include::release-notes/8.7.asciidoc[] include::release-notes/8.6.asciidoc[] include::release-notes/8.5.asciidoc[] diff --git a/docs/release-notes/8.8.asciidoc b/docs/release-notes/8.8.asciidoc new file mode 100644 index 0000000000..deeef29b0c --- /dev/null +++ b/docs/release-notes/8.8.asciidoc @@ -0,0 +1,98 @@ +[[release-notes-header-8.8.0]] +== 8.8 + +[[release-notes-8.8.0]] +=== 8.8.0 + +To view a detailed summary of new features and enhancements we've documented this release, check out our {security-guide}/whats-new.html[8.8 release highlights]. + +[discrete] +[[known-issue-8.8.0]] +==== Known issues + +* Setting the `max_signals` value higher than the {kibana-ref}/alert-action-settings-kb.html#alert-settings[`xpack.alerting.rules.run.alerts.max`] value will lead to rule failure. + +[discrete] +[[breaking-changes-8.8.0]] +==== Breaking changes + +//tag::breaking-changes[] +// NOTE: The breaking-changes tagged regions are reused in the Elastic Installation and Upgrade Guide. The pull attribute is defined within this snippet so it properly resolves in the output. +:pull: https://github.com/elastic/kibana/pull/ +* The privileges for attaching alerts to cases have changed. Now, you need at least `Read` privileges for Security and `All` privileges for Cases ({pull}147985[#147985]). +* Adds conditional actions to the rules API. In {elastic-sec} 8.7 and earlier, action frequencies were set on a rule level by defining the `throttle` field. In 8.8 and later, action frequencies are set at the action level, and the `throttle` field is replaced by the `frequency` and `alert_filters` fields. The following APIs are affected: +** <> +** <> +** <> +** <> +** <> + +//end::breaking-changes[] + + +[discrete] +[[deprecations-8.8.0]] +==== Deprecations + +* The rule level `throttle` field is deprecated in {elastic-sec} 8.8 and is scheduled for end of life in Q4 of 2024. In {elastic-sec} 8.8 and later, we strongly recommend using the action level `frequency` field to set frequencies for individual rule actions. + + +[discrete] +[[features-8.8.0]] +==== New features + +* Introduces <>, which scans your cloud VMs for vulnerabilities, and adds a tab to the Findings page that displays vulnerabilities ({pull}154388[#154388], {pull}154873[#154873], {pull}155045[#155045]). +* Introduces <>, which allows you to monitor and protect your Kubernetes workloads. +* Adds a new response action that allows you to execute commands on a selected host ({pull}150202[#150202]). +* Adds the `kibana.alert.url` field to alert documents. This field provides a shareable URL for the alert ({pull}155069[#155069]). +* Adds the ability to duplicate a shared exception list ({pull}154991[#154991]). +* Allows Timeline notes to be deleted ({pull}154834[#154834]). +* Allows you to specify conditions for when rule actions should run ({pull}154680[#154680]). +* Adds the ability to snooze rule notifications from the Rules table, the rule details page, or the Actions tab when editing a rule ({pull}153083[#153083], {pull}155407[#155407], {pull}155612[#155612]). +* Adds controls to the Alerts page that allow you to customize which filters appear at the top of the page ({pull}152450[#152450]). + + + +[discrete] +[[enhancements-8.8.0]] +==== Enhancements + +* Renames the Notable Anomalies section in the Entity Analytics dashboard to Anomalies ({pull}155687[#155687]). +* Displays additional {ml} anomaly jobs on the Entity Analytics dashboard ({pull}155520[#155520]). +* Makes alert count links on the Entity Analytics dashboard navigate to the Alerts page instead of opening in Timeline ({pull}153372[#153372]). +* Updates the Data Quality dashboard to include a new tree map and storage size metrics for each index ({pull}155581[#155581]). +* Adds cloud infrastructure-related fields to the alert details flyout highlighted fields section ({pull}155247[#155247]). +* Allows you to specify how to handle alert suppression for alerts with missing fields ({pull}155055[#155055]). +* Gives users more control over how they receive alert notifications and lets them define conditions that must be met for a notification to occur ({pull}154526[#154526]). +* Adds a warning message to tell you when a rule has reached the maximum number of alerts limit ({pull}154112[#154112]). +* Updates how browser field descriptions are provided to {kib} ({pull}153498[#153498]). +* Enables multi-level grouping for alerts on the Alerts page, based on various fields ({pull}152862[#152862]). +* Adds links to the Detection & Response and Entity Analytics dashboards that jump to the Alerts page with filters enabled ({pull}152714[#152714]). +* Updates the visualizations throughout {elastic-sec} to Lens visualizations ({pull}150531[#150531]). +* Adds a *Share alert* link to the alert details flyout ({pull}148800[#148800]). +* Adds a warning message to the Rules page when a maintenance window is running ({pull}155386[#155386]). +* Adds a global search bar to the Detections and Response and Entity Analytics dashboards ({pull}156832[#156832]). +* Adds the "Investigate in timeline" inline action to alert counts on the Detections and Response and Entity Analytics dashboards ({pull}154299[#154299]). +* Session view: Makes the row representing the session leader remain visible when you scroll past it, and adds a button to this row that allows you to collapse child processes ({pull}154982[#154982]). +* Reduces Linux process event volume by about 50% by combining `fork`, `exec`, and `end` events when they occur around the same time (does not affect queries of this data) ({pull}153213[#153213]). +* Updates where the technical preview tags appear for host risk score features ({pull}156659[#156659], {pull}156514[#156514]). + +[discrete] +[[bug-fixes-8.8.0]] +==== Bug fixes + +* Fixes a bug that interfered with the default time range when you opened an alert in Timeline ({pull}156884[#156884]). +* Fixes a bug that could cause the Alerts page to become unresponsive after entering an invalid query ({pull}156542[#156542]). +* Updates the colors used for entity analytic graphs to match those used for alert graphs ({pull}156383[#156383]). +* Fixes a bug that caused errors on the Data Quality dashboard when a `basePath` was configured ({pull}156233[#156233]). +* Fixes a bug that could cause problems when different users simultaneously edited a Timeline ({pull}155663[#155663]). +* Fixes a bug that could cause the wrong number of rules to appear in the modal for duplicating rules ({pull}155959[#155959]). +* Fixes a bug that could cause a blank option to appear in the Create rule exception form ({pull}155221[#155221]). +* Fixes issues that affected tags in the Add rule exception component of the Shared Exception Lists page ({pull}155219[#155219]). +* Fixes a bug that displayed an outdated count of affected rules on the Shared Exception Lists page ({pull}155108[#155108]). +* Improves performance for rendering indicator match alerts on the Alerts page ({pull}154821[#154821]). +* Fixes a bug that could affect alert prevalence counts on the Alerts page ({pull}154544[#154544]). +* Fixes a bug that could prevent you from using breadcrumbs to return to the Rules page ({pull}150322[#150322]). +* Fixes a bug that could prevent the *View all open alerts* button on the Detection and Response dashboard from applying the correct filters ({pull}156893[#156893]). +* Fixes several bugs related to session view and and Kubernetes dashboard ({pull}154982[#154982]). +* Fixes the delete index API so it only removes {elastic-sec} 7.x signals indices (`.siem-signals-`), index templates, and ILMs and doesn't delete 8.x alert indices (`.alerts-security.alerts-`).