From a136140dedd4f987810f1a5cff92739cadcf3e25 Mon Sep 17 00:00:00 2001 From: lcawl Date: Fri, 7 Mar 2025 09:26:46 -0800 Subject: [PATCH 1/2] Reconcile new files --- .../release-notes-security-rc1.asciidoc | 63 ++++++++++++++++++- 1 file changed, 62 insertions(+), 1 deletion(-) diff --git a/docs/en/install-upgrade/release-notes/release-notes-security-rc1.asciidoc b/docs/en/install-upgrade/release-notes/release-notes-security-rc1.asciidoc index 4bb251314..617161380 100644 --- a/docs/en/install-upgrade/release-notes/release-notes-security-rc1.asciidoc +++ b/docs/en/install-upgrade/release-notes/release-notes-security-rc1.asciidoc @@ -1,3 +1,64 @@ = {elastic-sec} version 9.0.0-rc1 -coming::[9.0.0-rc1] \ No newline at end of file +coming::[9.0.0-rc1] + +NOTE: All features introduced in 8.18.0 are also available in 9.0.0. + +[discrete] +[[breaking-changes-9.0.0-rc1]] +== Breaking changes +* Refactors the Timeline HTTP API endpoints ({kibana-pull}200633[#200633]). +* Removes deprecated API endpoints for {elastic-defend} ({kibana-pull}199598[#199598]). +* Removes deprecated API endpoints for bulk CRUD actions on detection rules ({kibana-pull}197422[#197422], {kibana-pull}207906[#207906]). + +[discrete] +[[deprecations-9.0.0-rc1]] +== Deprecations +* Renames the `integration-assistant` plugin to `automatic-import` to match the associated feature ({kibana-pull}207325[#207325]). +* Removes all legacy risk engine code and features ({kibana-pull}201810[#201810]). +* Removes deprecated API endpoints for {elastic-defend} ({kibana-pull}199598[#199598]). +* Deprecates the SIEM signals migration APIs ({kibana-pull}202662[#202662]). + +[discrete] +[[known-issue-9.0.0-rc1]] +== Known issues + +// tag::known-issue[] +[discrete] +.Duplicate alerts can be produced from manually running threshold rules +[%collapsible] +==== +*Details* + +On November 12, 2024, it was discovered that manually running threshold rules could produce duplicate alerts if the date range was already covered by a scheduled rule execution. +==== +// end::known-issue[] + +// tag::known-issue[] +[discrete] +.Manually running custom query rules with suppression could suppress more alerts than expected +[%collapsible] +==== +*Details* + +On November 12, 2024, it was discovered that manually running a custom query rule with suppression could incorrectly inflate the number of suppressed alerts. +==== +// end::known-issue[] + +[discrete] +[[features-9.0.0-rc1]] +== New features +* Enables Automatic Import to accept CEL log samples ({kibana-pull}206491[#206491]). +* Applies the latest Elastic UI framework (EUI) to {elastic-sec} features ({kibana-pull}204007[#204007], {kibana-pull}204908[#204908]). +* Adds the option to view {es} queries that run during rule execution for threshold, custom query, and {ml} rules ({kibana-pull}203320[#203320]). + +[discrete] +[[enhancements-9.0.0-rc1]] +== Enhancements +* Enhances Automatic Import by including setup and troubleshooting documentation for each input type that's selected in the readme ({kibana-pull}206477[#206477]). +* Allows users to include `closed` alerts in risk score calculations ({kibana-pull}201909[#201909]). +* Adds the ability to continue to the Entity Analytics dashboard when there is no data ({kibana-pull}201363[#201363]). +* Modifies the privilege-checking behavior during rule execution. Now, only read privileges of extant indices are checked during rule execution ({kibana-pull}177658[#177658]). + +[discrete] +[[bug-fixes-9.0.0-rc1]] +== Bug fixes +* Ensures that table actions use standard colors ({kibana-pull}207743[#207743]). \ No newline at end of file From d98683b05aa7b829f96337336e116f6ce1c938d2 Mon Sep 17 00:00:00 2001 From: "nastasha.solomon" Date: Mon, 10 Mar 2025 10:17:03 -0400 Subject: [PATCH 2/2] Adds 211563 --- .../release-notes/release-notes-security-rc1.asciidoc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/en/install-upgrade/release-notes/release-notes-security-rc1.asciidoc b/docs/en/install-upgrade/release-notes/release-notes-security-rc1.asciidoc index 617161380..75e9ee242 100644 --- a/docs/en/install-upgrade/release-notes/release-notes-security-rc1.asciidoc +++ b/docs/en/install-upgrade/release-notes/release-notes-security-rc1.asciidoc @@ -61,4 +61,5 @@ On November 12, 2024, it was discovered that manually running a custom query rul [discrete] [[bug-fixes-9.0.0-rc1]] == Bug fixes -* Ensures that table actions use standard colors ({kibana-pull}207743[#207743]). \ No newline at end of file +* Ensures that table actions use standard colors ({kibana-pull}207743[#207743]). +* Fixes a bug with the **Save and continue** button on a {fleet} form ({kibana-pull}211563[#211563]). \ No newline at end of file