Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

8.16 Elastic Security Release Notes #5977

Merged
merged 55 commits into from
Nov 12, 2024
Merged
Changes from 1 commit
Commits
Show all changes
55 commits
Select commit Hold shift + click to select a range
f9c2d6d
8.16 Elastic Security Release Notes
benironside Oct 23, 2024
9e8664b
Adds 8.16 rns to index file
benironside Oct 23, 2024
cda2bdd
Completes first draft
benironside Oct 24, 2024
5bedce8
Including 8.16 rn file
nastasha-solomon Oct 24, 2024
f7ea205
minor updates
benironside Oct 24, 2024
f1d21dc
First draft of Endpoint PRs
nastasha-solomon Oct 25, 2024
a6f17d2
First batch of endpoint revisions
nastasha-solomon Oct 25, 2024
b79e203
Second batch of edits for Endpoint PRs
nastasha-solomon Oct 26, 2024
85af7df
Edits endpoint, DE, and TH rns
nastasha-solomon Oct 26, 2024
bf6eb32
More minor edits
nastasha-solomon Oct 30, 2024
0dbe3c6
Update docs/release-notes/8.16.asciidoc
nastasha-solomon Oct 30, 2024
70ffdf5
Update docs/release-notes/8.16.asciidoc
nastasha-solomon Oct 30, 2024
fe263d2
Update docs/release-notes/8.16.asciidoc
nastasha-solomon Oct 30, 2024
8ab9343
Update docs/release-notes/8.16.asciidoc
nastasha-solomon Nov 1, 2024
7af796b
Update docs/release-notes/8.16.asciidoc
nastasha-solomon Nov 1, 2024
5d575c3
Update docs/release-notes/8.16.asciidoc
benironside Nov 1, 2024
ddde9eb
Update docs/release-notes/8.16.asciidoc
nastasha-solomon Nov 4, 2024
8012fa0
Update docs/release-notes/8.16.asciidoc
nastasha-solomon Nov 4, 2024
9d8d035
Update docs/release-notes/8.16.asciidoc
nastasha-solomon Nov 4, 2024
c006928
Update docs/release-notes/8.16.asciidoc
nastasha-solomon Nov 4, 2024
d1fd7fd
Update docs/release-notes/8.16.asciidoc
nastasha-solomon Nov 4, 2024
320eff9
Adds Automatic Import PRs
benironside Nov 5, 2024
bc034e2
Update docs/release-notes/8.16.asciidoc
nastasha-solomon Nov 5, 2024
684548b
Update docs/release-notes/8.16.asciidoc
nastasha-solomon Nov 5, 2024
6b9f918
Update docs/release-notes/8.16.asciidoc
nastasha-solomon Nov 5, 2024
0a3b585
jatin's feedback
nastasha-solomon Nov 5, 2024
bbfa178
Update docs/release-notes/8.16.asciidoc
nastasha-solomon Nov 5, 2024
d5e25e3
Adding known manual run issues
nastasha-solomon Nov 6, 2024
df1dac9
Update docs/release-notes/8.16.asciidoc
nastasha-solomon Nov 6, 2024
1decd98
Fix title
nastasha-solomon Nov 6, 2024
ede7a0d
Merge branch '5941-8.16-RNs' of github.com:elastic/security-docs into…
nastasha-solomon Nov 6, 2024
68f56f7
Adds knowledge base index known error
benironside Nov 7, 2024
168df56
Update docs/release-notes/8.16.asciidoc
nastasha-solomon Nov 7, 2024
ca9d5ef
Re-orders new features
nastasha-solomon Nov 7, 2024
02fc62e
Edits and summary for 191874
nastasha-solomon Nov 7, 2024
d9c762e
Grammar and re-orders enh and bf
nastasha-solomon Nov 8, 2024
cac4ce4
Re-orders known issues
nastasha-solomon Nov 8, 2024
4ea3583
Update docs/release-notes/8.16.asciidoc
nastasha-solomon Nov 8, 2024
d1339a9
Update docs/release-notes/8.16.asciidoc
nastasha-solomon Nov 8, 2024
8f8158a
Update docs/release-notes/8.16.asciidoc
nastasha-solomon Nov 8, 2024
3d43f1d
Update docs/release-notes/8.16.asciidoc
nastasha-solomon Nov 8, 2024
779327c
adds cloud sec integrations
benironside Nov 11, 2024
62adef9
Update docs/release-notes/8.16.asciidoc
nastasha-solomon Nov 11, 2024
5df7dc7
Update docs/release-notes/8.16.asciidoc
nastasha-solomon Nov 11, 2024
9e18601
Update docs/release-notes/8.16.asciidoc
nastasha-solomon Nov 11, 2024
e3954a5
Update docs/release-notes/8.16.asciidoc
nastasha-solomon Nov 11, 2024
95676b3
Update docs/release-notes/8.16.asciidoc
nastasha-solomon Nov 11, 2024
eae9b8f
Update docs/release-notes/8.16.asciidoc
nastasha-solomon Nov 11, 2024
c1e78ba
Update docs/release-notes/8.16.asciidoc
nastasha-solomon Nov 11, 2024
2e2d9a7
Update docs/release-notes/8.16.asciidoc
nastasha-solomon Nov 11, 2024
28afc0d
Update docs/release-notes/8.16.asciidoc
nastasha-solomon Nov 11, 2024
ff326f6
Updates summary for 191557
nastasha-solomon Nov 11, 2024
769899c
Merge branch 'main' into 5941-8.16-RNs
nastasha-solomon Nov 12, 2024
ace7e80
Merge branch 'main' into 5941-8.16-RNs
nastasha-solomon Nov 12, 2024
28ed119
Merge branch 'main' into 5941-8.16-RNs
nastasha-solomon Nov 12, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Update docs/release-notes/8.16.asciidoc
Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com>
nastasha-solomon and jmikell821 authored Nov 11, 2024
commit 9e18601f81b6e8f5cf412585d57d51ca07645010
2 changes: 1 addition & 1 deletion docs/release-notes/8.16.asciidoc
Original file line number Diff line number Diff line change
@@ -85,7 +85,7 @@ On November 12, 2024, it was discovered that manually running a custom query rul
* Creates a new advanced setting `securitySolution:excludedDataTiersForRuleExecution` that allows you to exclude cold and frozen data from rule execution. This setting does not apply to {ml} rules ({kibana-pull}186908[#186908]).
Copy link
Contributor

@nastasha-solomon nastasha-solomon Nov 7, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@yctercero I just remembered that we're in the process of finetuning the docs for this advanced setting via #5925 and #5962. I've updated the PR description to reflect those changes. Let me know if it looks good or still needs some changes. Thanks!

Suggested change
* Creates a new advanced setting `securitySolution:excludedDataTiersForRuleExecution` that allows you to exclude cold and frozen data from rule execution. This setting does not apply to {ml} rules ({kibana-pull}186908[#186908]).
* Introduces a new advanced setting `securitySolution:excludedDataTiersForRuleExecution` that allows you to exclude query results from cold and frozen data during rule executions. This setting does not apply {esql} and {ml} rules. ({kibana-pull}186908[#186908]).

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This setting is not available for Serverless, not sure if we should mention.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We don't describe Serverless changes in stack release notes, so it's fine that we're not mentioning it here. : )

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unresolving as this might need more changes.

* Enhances the Insights section of the alert and event details flyouts by providing available misconfiguration and vulnerabilities findings ({kibana-pull}195509[#195509]).
* The host field size reduction setting on {elastic-defend}'s integration policy is now turned off by default. To turn it on, configure the `[os].advanced.set_extended_host_information` <<adv-policy-settings,advanced policy setting>>.
nastasha-solomon marked this conversation as resolved.
Show resolved Hide resolved
* To reduce CPU usage, I/O, and event sizes, you can turn on process event aggregation when configuring your {elastic-defend} integration policy. Related process events that occur in rapid succession are combined into fewer aggregate events. To turn on process event aggregation, configure the `advanced.events.aggregate_process` <<adv-policy-settings,advanced policy setting>>.
* Allows you to reduce CPU usage, I/O, and event sizes by turning on process event aggregation when configuring your {elastic-defend} integration policy. Related process events that occur in rapid succession are combined into fewer aggregate events. To turn on process event aggregation, configure the `advanced.events.aggregate_process` <<adv-policy-settings,advanced policy setting>>.
* To reduce CPU usage, I/O, and event sizes, you can now turn off of MD5, SHA-1, and SHA-256 hashes in events when configuring your {elastic-defend} integration policy. Example fields include `process.hash.md5` and `file.hash.sha1`.
nastasha-solomon marked this conversation as resolved.
Show resolved Hide resolved
* You can now configure your {elastic-defend} integration policy to allow the collection of SHA-256 file hashes in file events. Before doing so, consider the following caveats:
nastasha-solomon marked this conversation as resolved.
Show resolved Hide resolved
** This can greatly increase {elastic-defend}'s CPU and I/O utilization and impact system responsiveness.