Start free trial Contact Sales

The Search AI Company

Search, Security, Observability

Build tailored experiences with Elastic.

Elastic Search AI Platform overview

Scale your business with Elastic Partners

Partner overview

ELK Stack

Search and analytics, data ingestion, and visualization – all at your fingertips.

ELK Stack overview

By developers, for developers

Elastic Cloud

Unlock the power of real-time insights with Elastic on your preferred cloud provider.

Elastic Cloud overview

Generative AI

Prototype and integrate with LLMs faster using search AI.

Generative AI overview

Search

Discover a world of AI possibilities — built with the power of search.

Search Labs

Search overview

Security

Protect, investigate, and respond to cyber threats with AI-driven security analytics.

Security Labs

Security overview

Observability

Unify app and infrastructure visibility to proactively resolve issues.

Observability Labs

Observability overview

By solution

See how customers search, solve, and succeed — all on one Search AI Platform.

All customer stories

Industries

Exceed customer expectations and go to market faster.

Industries overview

Customer spotlight

Cisco saves 5,000 support engineer hours per month

Sitecore automates 96 percent of security workflows with Elastic

Comcast transforms customer experiences with Elastic Observability

Research

Stay at the forefront of innovation with technical tips from the experts.

Build

Code with other developers to create a better Elastic, together.

Learn

Unleash the possibilities of your data and grow your skill set.

Connect

Keep informed about the latest tech and news from Elastic.

Have questions?

New

The executive guide to generative AI

About us Partners Support|Login

This documentation contains work-in-progress information for future Elastic Stack and Cloud releases. Use the version selector to view supported release docs. It also contains some Elastic Cloud serverless information. Check out our serverless docs for more details.

« Beats release notes Elasticsearch release notes »

› ›

Elastic Security release notes

Elastic Security release notes

Elastic Security version 9.0.0-rc1

Coming in 9.0.0-rc1.

All features introduced in 8.18.0 are also available in 9.0.0.

Breaking changes

Refactors the Timeline HTTP API endpoints (#200633).
Removes deprecated API endpoints for Elastic Defend (#199598).
Removes deprecated API endpoints for bulk CRUD actions on detection rules (#197422, #207906).

Deprecations

Renames the integration-assistant plugin to automatic-import to match the associated feature (#207325).
Removes all legacy risk engine code and features (#201810).
Removes deprecated API endpoints for Elastic Defend (#199598).
Deprecates the SIEM signals migration APIs (#202662).

Known issues

Duplicate alerts can be produced from manually running threshold rules

Details
On November 12, 2024, it was discovered that manually running threshold rules could produce duplicate alerts if the date range was already covered by a scheduled rule execution.

Manually running custom query rules with suppression could suppress more alerts than expected

Details
On November 12, 2024, it was discovered that manually running a custom query rule with suppression could incorrectly inflate the number of suppressed alerts.

New features

Enables Automatic Import to accept CEL log samples (#206491).
Applies the latest Elastic UI framework (EUI) to Elastic Security features (#204007, #204908).
Adds the option to view Elasticsearch queries that run during rule execution for threshold, custom query, and machine learning rules (#203320).

Enhancements

Enhances Automatic Import by including setup and troubleshooting documentation for each input type that’s selected in the readme (#206477).
Allows users to include closed alerts in risk score calculations (#201909).
Adds the ability to continue to the Entity Analytics dashboard when there is no data (#201363).
Modifies the privilege-checking behavior during rule execution. Now, only read privileges of extant indices are checked during rule execution (#177658).

Bug fixes

Ensures that table actions use standard colors (#207743).
Fixes a bug with the Save and continue button on a Fleet form (#211563).

Elastic Security version 9.0.0-beta1

Breaking changes

Refactors the Timeline HTTP API endpoints (#200633).
Removes deprecated API endpoints for Elastic Defend (#199598).
Removes deprecated API endpoints for bulk CRUD actions on detection rules (#197422, #207906).

Deprecations

Renames the integration-assistant plugin to automatic-import to match the associated feature (#207325).
Removes all legacy risk engine code and features (#201810).
Removes deprecated API endpoints for Elastic Defend (#199598).
Deprecates the SIEM signals migration APIs (#202662).

Known issues

Duplicate alerts can be produced from manually running threshold rules

Details
On November 12, 2024, it was discovered that manually running threshold rules could produce duplicate alerts if the date range was already covered by a scheduled rule execution.

Manually running custom query rules with suppression could suppress more alerts than expected

Details
On November 12, 2024, it was discovered that manually running a custom query rule with suppression could incorrectly inflate the number of suppressed alerts.

New features

Enables Automatic Import to accept CEL log samples (#206491).
Applies the latest Elastic UI framework (EUI) to Elastic Security features (#204007, #204908).
Adds the option to view Elasticsearch queries that run during rule execution for threshold, custom query, and machine learning rules (#203320).

Enhancements

Enhances Automatic Import by including setup and troubleshooting documentation for each input type that’s selected in the readme (#206477).
Allows users to include closed alerts in risk score calculations (#201909).
Adds the ability to continue to the Entity Analytics dashboard when there is no data (#201363).
Modifies the privilege-checking behavior during rule execution. Now, only read privileges of extant indices are checked during rule execution (#177658).

Bug fixes

Ensures that table actions use standard colors (#207743).

« Beats release notes Elasticsearch release notes »

On this page

Elastic Security version 9.0.0-rc1
Breaking changes
Deprecations
Known issues
New features
Enhancements
Bug fixes
Elastic Security version 9.0.0-beta1
Breaking changes
Deprecations
Known issues
New features
Enhancements
Bug fixes

Was this helpful?

Feedback