What’s new in 8.10

edit

Here are the highlights of what’s new and improved in Elastic Security. For detailed information about this release, check out our latest release blog and release notes.

Other versions: 8.9 | 8.8 | 8.7 | 8.6 | 8.5 | 8.4 | 8.3 | 8.2 | 8.1 | 8.0 | 7.17 | 7.16 | 7.15 | 7.14 | 7.13 | 7.12 | 7.11 | 7.10 | 7.9

Navigation menu updates

edit

The Security navigation menu has been updated with reorganized sections and a refreshed design. In addition, a new Rules section allows you to access the following pages:

  • Rules
  • Benchmark Integrations
  • Shared Exception Lists
  • MITRE ATT&CK® coverage
Security navigation menu

Elastic AI Assistant enhancements

edit

A new RBAC setting controls user access to the Elastic AI Assistant.

Elastic AI Assistant Kibana privilege

Detection rules and alerts enhancements

edit

MITRE ATT&CK® coverage page

edit

The MITRE ATT&CK® coverage page shows which MITRE ATT&CK® adversary tactics and techniques are covered by your installed and enabled detection rules. This includes both Elastic prebuilt rules and custom rules.

MITRE ATT&CK® coverage page

New prebuilt rule details flyout

edit

The new prebuilt rule details flyout allows you to examine the details of a prebuilt rule before you install or update it. You can access this flyout by clicking a rule name on the Add Elastic Rules page or the Rule updates table. The flyout displays the About, Definition, and Schedule sections, as shown on the rule details page. It also shows the setup and investigation guides for rules that have them.

Prebuilt rule details flyout

Enhanced alert details flyout UI

edit

The redesigned alert details experience presents relevant context and insights while investigating an alert. Use the collapsed view to access summarized information, and then expand each section to open detailed views. Additional improvements include:

  • Previews of rule details and visualizations allow you to stay within the flyout when investigating the alert.
  • Investigation guides are easier to find and read.
  • Alert insights now include prevalence information on related hosts and users.
Enhanced alert details flyout

Custom highlighted fields

edit

When configuring advanced rule settings, you can now specify additional highlighted fields for personalized alert investigation flows. Fields with data are added to the Highlighted fields section within the alert details flyout. You can also find custom highlighted fields in the About section of the rule details page.

Custom highlighted fields

New Reputation service option for malicious behavior protection

edit

When configuring malicious behavior protection on an Elastic Defend policy, you can now select to use Reputation service. This service identifies malicious activity and false positives, and enriches alerts using data from various sources, such as VirusTotal and telemetry. For example, reputation service can detect suspicious downloads of binaries with low or malicious reputation.

Reputation service requires an active Platinum or Enterprise subscription and is available on cloud deployments only.

Cloud Security enhancements

edit

Organization-wide onboarding for cloud security posture management on AWS

edit

This release automates the onboarding of every AWS Organization account to cloud security posture management (CSPM) — including existing and new accounts. With AWS CloudFormation, onboarding takes just a few clicks. This helps you quickly get a comprehensive view of the security posture of all your current and future AWS accounts.

Cloud security posture management, now for Google Cloud

edit

Cloud security posture management (CSPM) capabilities have been expanded to cover Google Cloud. You can now assess and bolster the security posture of your GCP assets right from our platform.