Skip to content

[8.8] 8.8 release notes (backport #3282) #3360

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
benironside merged 1 commit into from
May 25, 2023
Merged

[8.8] 8.8 release notes (backport #3282) #3360

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions docs/release-notes.asciidoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@

This section summarizes the changes in each release.

* <<release-notes-8.8.0, {elastic-sec} version 8.8.0>>
* <<release-notes-8.7.1, {elastic-sec} version 8.7.1>>
* <<release-notes-8.7.0, {elastic-sec} version 8.7.0>>
* <<release-notes-8.6.2, {elastic-sec} version 8.6.2>>
Expand Down Expand Up @@ -37,6 +38,7 @@ This section summarizes the changes in each release.
:issue: https://github.com/elastic/kibana/issues/
:pull: https://github.com/elastic/kibana/pull/

include::release-notes/8.8.asciidoc[]
include::release-notes/8.7.asciidoc[]
include::release-notes/8.6.asciidoc[]
include::release-notes/8.5.asciidoc[]
Expand Down
98 changes: 98 additions & 0 deletions docs/release-notes/8.8.asciidoc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,98 @@
[[release-notes-header-8.8.0]]
== 8.8

[[release-notes-8.8.0]]
=== 8.8.0

To view a detailed summary of new features and enhancements we've documented this release, check out our {security-guide}/whats-new.html[8.8 release highlights].

[discrete]
[[known-issue-8.8.0]]
==== Known issues

* Setting the `max_signals` value higher than the {kibana-ref}/alert-action-settings-kb.html#alert-settings[`xpack.alerting.rules.run.alerts.max`] value will lead to rule failure.

[discrete]
[[breaking-changes-8.8.0]]
==== Breaking changes

//tag::breaking-changes[]
// NOTE: The breaking-changes tagged regions are reused in the Elastic Installation and Upgrade Guide. The pull attribute is defined within this snippet so it properly resolves in the output.
:pull: https://github.com/elastic/kibana/pull/
* The privileges for attaching alerts to cases have changed. Now, you need at least `Read` privileges for Security and `All` privileges for Cases ({pull}147985[#147985]).
* Adds conditional actions to the rules API. In {elastic-sec} 8.7 and earlier, action frequencies were set on a rule level by defining the `throttle` field. In 8.8 and later, action frequencies are set at the action level, and the `throttle` field is replaced by the `frequency` and `alert_filters` fields. The following APIs are affected:
** <<rules-api-get,Get rule>>
** <<rules-api-find,Find rules>>
** <<rules-api-create,Create rule>>
** <<rules-api-update,Update rule>>
** <<bulk-actions-rules-api,Bulk rule actions>>

//end::breaking-changes[]


[discrete]
[[deprecations-8.8.0]]
==== Deprecations

* The rule level `throttle` field is deprecated in {elastic-sec} 8.8 and is scheduled for end of life in Q4 of 2024. In {elastic-sec} 8.8 and later, we strongly recommend using the action level `frequency` field to set frequencies for individual rule actions.


[discrete]
[[features-8.8.0]]
==== New features

* Introduces <<vuln-management-overview, Cloud native vulnerability management>>, which scans your cloud VMs for vulnerabilities, and adds a tab to the Findings page that displays vulnerabilities ({pull}154388[#154388], {pull}154873[#154873], {pull}155045[#155045]).
* Introduces <<d4c-overview, container workload protection>>, which allows you to monitor and protect your Kubernetes workloads.
* Adds a new response action that allows you to execute commands on a selected host ({pull}150202[#150202]).
* Adds the `kibana.alert.url` field to alert documents. This field provides a shareable URL for the alert ({pull}155069[#155069]).
* Adds the ability to duplicate a shared exception list ({pull}154991[#154991]).
* Allows Timeline notes to be deleted ({pull}154834[#154834]).
* Allows you to specify conditions for when rule actions should run ({pull}154680[#154680]).
* Adds the ability to snooze rule notifications from the Rules table, the rule details page, or the Actions tab when editing a rule ({pull}153083[#153083], {pull}155407[#155407], {pull}155612[#155612]).
* Adds controls to the Alerts page that allow you to customize which filters appear at the top of the page ({pull}152450[#152450]).



[discrete]
[[enhancements-8.8.0]]
==== Enhancements

* Renames the Notable Anomalies section in the Entity Analytics dashboard to Anomalies ({pull}155687[#155687]).
* Displays additional {ml} anomaly jobs on the Entity Analytics dashboard ({pull}155520[#155520]).
* Makes alert count links on the Entity Analytics dashboard navigate to the Alerts page instead of opening in Timeline ({pull}153372[#153372]).
* Updates the Data Quality dashboard to include a new tree map and storage size metrics for each index ({pull}155581[#155581]).
* Adds cloud infrastructure-related fields to the alert details flyout highlighted fields section ({pull}155247[#155247]).
* Allows you to specify how to handle alert suppression for alerts with missing fields ({pull}155055[#155055]).
* Gives users more control over how they receive alert notifications and lets them define conditions that must be met for a notification to occur ({pull}154526[#154526]).
* Adds a warning message to tell you when a rule has reached the maximum number of alerts limit ({pull}154112[#154112]).
* Updates how browser field descriptions are provided to {kib} ({pull}153498[#153498]).
* Enables multi-level grouping for alerts on the Alerts page, based on various fields ({pull}152862[#152862]).
* Adds links to the Detection & Response and Entity Analytics dashboards that jump to the Alerts page with filters enabled ({pull}152714[#152714]).
* Updates the visualizations throughout {elastic-sec} to Lens visualizations ({pull}150531[#150531]).
* Adds a *Share alert* link to the alert details flyout ({pull}148800[#148800]).
* Adds a warning message to the Rules page when a maintenance window is running ({pull}155386[#155386]).
* Adds a global search bar to the Detections and Response and Entity Analytics dashboards ({pull}156832[#156832]).
* Adds the "Investigate in timeline" inline action to alert counts on the Detections and Response and Entity Analytics dashboards ({pull}154299[#154299]).
* Session view: Makes the row representing the session leader remain visible when you scroll past it, and adds a button to this row that allows you to collapse child processes ({pull}154982[#154982]).
* Reduces Linux process event volume by about 50% by combining `fork`, `exec`, and `end` events when they occur around the same time (does not affect queries of this data) ({pull}153213[#153213]).
* Updates where the technical preview tags appear for host risk score features ({pull}156659[#156659], {pull}156514[#156514]).

[discrete]
[[bug-fixes-8.8.0]]
==== Bug fixes

* Fixes a bug that interfered with the default time range when you opened an alert in Timeline ({pull}156884[#156884]).
* Fixes a bug that could cause the Alerts page to become unresponsive after entering an invalid query ({pull}156542[#156542]).
* Updates the colors used for entity analytic graphs to match those used for alert graphs ({pull}156383[#156383]).
* Fixes a bug that caused errors on the Data Quality dashboard when a `basePath` was configured ({pull}156233[#156233]).
* Fixes a bug that could cause problems when different users simultaneously edited a Timeline ({pull}155663[#155663]).
* Fixes a bug that could cause the wrong number of rules to appear in the modal for duplicating rules ({pull}155959[#155959]).
* Fixes a bug that could cause a blank option to appear in the Create rule exception form ({pull}155221[#155221]).
* Fixes issues that affected tags in the Add rule exception component of the Shared Exception Lists page ({pull}155219[#155219]).
* Fixes a bug that displayed an outdated count of affected rules on the Shared Exception Lists page ({pull}155108[#155108]).
* Improves performance for rendering indicator match alerts on the Alerts page ({pull}154821[#154821]).
* Fixes a bug that could affect alert prevalence counts on the Alerts page ({pull}154544[#154544]).
* Fixes a bug that could prevent you from using breadcrumbs to return to the Rules page ({pull}150322[#150322]).
* Fixes a bug that could prevent the *View all open alerts* button on the Detection and Response dashboard from applying the correct filters ({pull}156893[#156893]).
* Fixes several bugs related to session view and and Kubernetes dashboard ({pull}154982[#154982]).
* Fixes the delete index API so it only removes {elastic-sec} 7.x signals indices (`.siem-signals-<space-id>`), index templates, and ILMs and doesn't delete 8.x alert indices (`.alerts-security.alerts-<space-id>`).