[DOCS] 7.15.0 release notes

docs/release-notes/7.15.asciidoc

@@ -3,4 +3,64 @@
 [[release-notes-7.15.0]]
 === 7.15.0
 
-coming::[7.15.0]
+[discrete]
+[[breaking-changes-7.15.0]]
+==== Breaking changes
+* After upgrading to Elastic Stack version 7.15.x from a previous minor release (e.g., 7.14.x, etc.), users need to migrate detection alerts with threat intelligence to ensure threat intelligence properly displays in Elastic Security ({pull}1102[#1102]).
+* Removes the metadata query strategy v1 ({pull}104196[#104196]).
+
+
+[discrete]
+[[features-7.15.0]]
+==== Features
+* The `securitySolution:defaultThreatIndex` advanced setting defines threat intelligence indices that {elastic-sec} will use when collecting threat indicators. The setting controls features that query threat indices, such as the Threat Intelligence view on the Overview page and the default indicator index values for indicator match rules. One or more threat intelligence indices can be defined; the `filebeat-*` index is specified by default. See <<update-threat-intel-indices, Update default Elastic Security threat intelligence indices>> for more information ({pull}108389[#108389]).
+* Adds new functionality and usability improvements to the Alerts page:
+** Introduces the Grid view and Event renderer view, which allows users to view data in a tabular format or rendered as an event flow ({pull}#108644[#108644]).
+** Adds a *Reason* field to Alerts details flyout to describe the event that caused the alert ({pull}#108449[#108449], {pull}#107532[#107532]).
+** Adds a row renderer popover to the *Reason* field
+({pull}#108054[#108054]).
+** Renames the *In-progress* detection alert status to *Acknowledged* ({pull}#107972[#107972]).
+** Refactors the status filter ({pull}#107249[#107249]).
+** Removes the drag and drop functionality ({pull}#107162[#107162], {pull}#106721[#106721]).
+** Changes the *JSON View* tab name to *JSON* ({pull}#106524[#106524]).
+** Adds actions to fields within the Alert details flyout ({pull}#106362[#106362]).
+** Adds the Count table ({pull}#106358[#106358]).
+** Updates the design of the *Table* tab in the Alert details flyout ({pull}#105996[#105996]).
+* Adds the ability to attach a Lens visualization to a case ({pull}96703[#96703], {pull}109178[#109178]).
+* Adds a date time picker to the *Threat Intel* tab that allows users to query the alert for indicator matches from a specific time range ({pull}107234[#107234]).
+* Adds memory threat protection as an option for configuring integration policies. This option detects and stops in-memory threats on Windows systems, such as shellcode injection, which are used to evade traditional file-based detection techniques. Users can also make exceptions for memory protection alerts ({pull}102196[#102196], {pull}101365[#101365]).
+* Adds malicious behavior protection as an option for configuring integration policies. This option detects and stops threats by monitoring the behavior of system processes for suspicious activity. Behavioral signals are much more difficult for adversaries to evade than traditional file-based detection techniques. Users can also create exceptions for behavior protection alerts ({pull}106853[#106853], {pull}106247[#106247]).
+* For {stack} version >= 7.15.0, adds support for host isolation for endpoints in Windows, macOS, and these Linux distributions ({pull}108230[#108230]):
+
+** CentOS 7/Rehl 7
+** Ubuntu 18.04
+** Ubuntu 20.04
+** AWS Linux 2
+
+* Implements the accordion view on the *Threat Intel* tab so that threat matches and their details can be easily viewed ({pull}106609[#106609]).
+* Improves the event enrichment query performance ({pull}106150[#106150]).
+* Allows users to select a custom date range when exploring their endpoint’s activity log ({pull}104085[#104085]).
+* Adds advanced policy keys for memory signature and shellcode protection ({pull}101721[#101721]).
+
+[discrete]
+[[bug-fixes-7.15.0]]
+==== Bug fixes and enhancements
+* Allows users to bulk close exceptions to close acknowledged alerts ({pull}110147[#110147]).
+* Removes missing fields from the Trend histogram and Count table on the Alerts page ({pull}108843[#108843]).
+* Updates ECS 1.11 signal mappings ({pull}108764[#108764]).
+* Adds the `operatorsList` property in exceptions builder, which allows users to define options in the operators list ({pull}108015[#108015]).
+* Updates alerts enriched with threat intelligence data to use the latest ECS threat fields ({pull}107988[#107988]).
+* Highlights building block alerts in the Alerts table ({pull}107727[#107727]).
+* Updates MITRE ATT&CK mappings to v9.0 ({pull}107708[#107708]).
+* Makes improvements to the Timeline title and moves the Timeline description to the *Notes* tab ({pull}106544[#106544]).
+* Adds more actions to the *Take action* menu in the Alert details flyout ({pull}105767[#105767]).
+* Fixes the wrong nested package object assignation in the policy delete response ({pull}110824[#110824]).
+* Fixes a bug where parts of the *Activity Log* tab are loaded twice because data was being fetched twice ({pull}110233[#110233]).
+* Removes the clear field button (*x*) within the date and time picker on the *Activity Log* tab ({pull}110035[#110035]).
+* Removes restrictions on minimum and maximum dates in the date time picker ({pull}109452[#109452]).
+* Fixes the bug that causes fields to reset on the Timeline page when users viewed the alert in Timeline ({pull}109086[#109086]).
+* Ensures Fleet is set up before installing or upgrading the Endpoint Integration ({pull}107929[#107929]).
+* Fixes an issue with the Endpoint page's search bar and ensures that `page_index` is reset when new KQL is entered ({pull}106918[#106918]).
+* Adds the `Responses` field to telemetry ({pull}111892[#111892]).
+* Fixes issues with the pagination on the Exceptions table ({pull}111000[#111000]).
+* Fixes a bug that caused empty comments to display in an endpoint's activity log ({pull}111163[#111163]).