What’s new in 8.11
editWhat’s new in 8.11
editHere are the highlights of what’s new and improved in Elastic Security. For detailed information about this release, check out our release notes.
Other versions: 8.10 | 8.9 | 8.8 | 8.7 | 8.6 | 8.5 | 8.4 | 8.3 | 8.2 | 8.1 | 8.0 | 7.17 | 7.16 | 7.15 | 7.14 | 7.13 | 7.12 | 7.11 | 7.10 | 7.9
Latest entity risk scoring engine provides greater scalability and performance
editThe latest risk scoring engine generates risk scores on a recurring interval, and allows for easier onboarding and management. The engine is built to factor in risks from all Elastic Security use cases. It also allows you to customize and control how and when risk is calculated.
With the new risk scoring engine, you can:
- Preview and enable the risk engine using a centralized one-click onboarding workflow.
- Conveniently migrate to the new engine if you’re an existing user of risk scoring.
- Generate risk scores for hosts and users from the last 30 days.
- View the alerts that contributed to an entity’s risk score, allowing faster investigations.
- Continue to access entity risk analytics in existing security workflows.
Elastic AI Assistant enhancements
editThe following enhancements have been added to the Elastic AI Assistant:
New Amazon Bedrock connector
editYou can use Elastic’s new Amazon Bedrock connector to integrate with Anthropic Claude models from AWS in the Elastic AI Assistant.
New ES|QL knowledge base
edit[beta] This functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features. With the new knowledge base enabled, Elastic AI Assistant can answer detailed questions about the Elastic Search Query Language (ES|QL), including help with generating specific queries and syntax questions.
Detection rules and alerts enhancements
editThe following enhancements have been added to detection rules and alerts:
Create ES|QL query detection rules with new ES|QL rule type
editUse the new ES|QL rule type to create detection rules that use ES|QL queries. The ES|QL rule type supports aggregating and non-aggregating queries.
Case-sensitive values supported in rule exceptions
editWhen adding exceptions to a rule, the is one of and is not one of operators now support identical, case-sensitive values – for example, Windows and windows.
Use ES|QL in Timeline
editYou can use ES|QL in Timeline to filter, transform, and analyze event data stored in Elasticsearch. To start using ES|QL, open the ES|QL tab.
Expanded support for Cloud security posture management (CSPM)
editCloud security posture management (CSPM) capabilities have been expanded to support organization-wide GCP deployments, as well as single-subscription Azure deployments.
Cases enhancements
editThe following enhancements have been added to cases:
Custom case fields
editYou can now add custom fields to cases to support customized collaboration.
Connectors page renamed
editThe page where you create and manage case connectors has been renamed to Settings.
Agent tamper protection with Elastic Defend
editFor hosts enrolled in Elastic Defend, you can prevent unauthorized attempts to uninstall Elastic Agent and Elastic Endpoint by enabling Agent tamper protection on the Agent policy. This offers an additional layer of security by preventing users from bypassing or disabling Elastic Defend’s endpoint protections.
When enabled, Elastic Agent and Elastic Endpoint can only be uninstalled on the host by including the policy’s generated uninstall token in the uninstall CLI command.
