From ff5055ade823b347c09be5da1c32646fd1e53cd1 Mon Sep 17 00:00:00 2001 From: "nastasha.solomon" Date: Fri, 14 Feb 2025 17:51:25 -0500 Subject: [PATCH 1/2] First draft --- .../release-notes-security.asciidoc | 70 ++++++++++++++++++- 1 file changed, 69 insertions(+), 1 deletion(-) diff --git a/docs/en/install-upgrade/release-notes/release-notes-security.asciidoc b/docs/en/install-upgrade/release-notes/release-notes-security.asciidoc index 9df35cc1c..7f8f1aa8a 100644 --- a/docs/en/install-upgrade/release-notes/release-notes-security.asciidoc +++ b/docs/en/install-upgrade/release-notes/release-notes-security.asciidoc @@ -4,4 +4,72 @@ {elastic-sec} ++++ -coming::[9.0.0-beta1] \ No newline at end of file +coming::[9.0.0-beta1] + +[[release-notes-header-9.0.0]] +== 9.0 + +coming::[9.0.0] + +[discrete] +[[release-notes-9.0.0-beta]] +=== 9.0.0-beta + +[discrete] +[[breaking-changes-9.0.0-beta]] +==== Breaking changes +* Refactors the Timeline HTTP API endpoints ({kibana-pull}200633[#200633]). +* Removes deprecated API endpoints for {elastic-defend} ({kibana-pull}199598[#199598]). +* Removes deprecated API endpoints for bulk CRUD actions on detection rules ({kibana-pull}197422[#197422], {kibana-pull}207906[#207906]). + +[discrete] +[[deprecations-9.0.0-beta]] +==== Deprecations +* Renames the `integration-assistant` plugin to `automatic-import` to match the associated feature ({kibana-pull}207325[#207325]). +* Removes all legacy risk engine code and features ({kibana-pull}201810[#201810]). +* Removes deprecated API endpoints for {elastic-defend} ({kibana-pull}199598[#199598]). +* Deprecates the SIEM signals migration APIs ({kibana-pull}202662[#202662]). + +[discrete] +[[known-issue-9.0.0-beta]] +==== Known issues + +// tag::known-issue[] +[discrete] +.Duplicate alerts can be produced from manually running threshold rules +[%collapsible] +==== +*Details* + +On November 12, 2024, it was discovered that manually running threshold rules could produce duplicate alerts if the date range was already covered by a scheduled rule execution. +==== +// end::known-issue[] + +// tag::known-issue[] +[discrete] +.Manually running custom query rules with suppression could suppress more alerts than expected +[%collapsible] +==== +*Details* + +On November 12, 2024, it was discovered that manually running a custom query rule with suppression could incorrectly inflate the number of suppressed alerts. +==== +// end::known-issue[] + +[discrete] +[[features-9.0.0-beta]] +==== New features +* Enables Automatic Import to accept CEL log samples ({kibana-pull}206491[#206491]). +* Applies the latest Elastic UI framework (EUI) to {elastic-sec} features ({kibana-pull}204007[#204007], {kibana-pull}204908[#204908]). +* Adds the option to view {es} queries that run during rule execution for threshold, custom query, and {ml} rules ({kibana-pull}203320[#203320]). + +[discrete] +[[enhancements-9.0.0-beta]] +==== Enhancements +* Enhances Automatic Import by including setup and troubleshooting documentation for each input type that's selected in the readme ({kibana-pull}206477[#206477]). +* Allows users to include `closed` alerts in risk score calculations ({kibana-pull}201909[#201909]). +* Adds the ability to continue to the Entity Analytics dashboard when there is no data ({kibana-pull}201363[#201363]). +* Modifies the privilege-checking behavior during rule execution. Now, only read privileges of extant indices are checked during rule execution ({kibana-pull}177658[#177658]). + +[discrete] +[[bug-fixes-9.0.0-beta]] +==== Bug fixes +* Ensures that table actions use standard colors ({kibana-pull}207743[#207743]). \ No newline at end of file From 8b55a972da98f5523efe04275517ae397697f9c3 Mon Sep 17 00:00:00 2001 From: "nastasha.solomon" Date: Tue, 18 Feb 2025 09:20:50 -0500 Subject: [PATCH 2/2] Removed extra coming tag --- .../release-notes/release-notes-security.asciidoc | 2 -- 1 file changed, 2 deletions(-) diff --git a/docs/en/install-upgrade/release-notes/release-notes-security.asciidoc b/docs/en/install-upgrade/release-notes/release-notes-security.asciidoc index 7f8f1aa8a..1fec89084 100644 --- a/docs/en/install-upgrade/release-notes/release-notes-security.asciidoc +++ b/docs/en/install-upgrade/release-notes/release-notes-security.asciidoc @@ -9,8 +9,6 @@ coming::[9.0.0-beta1] [[release-notes-header-9.0.0]] == 9.0 -coming::[9.0.0] - [discrete] [[release-notes-9.0.0-beta]] === 9.0.0-beta