IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
8.10
edit8.10
edit8.10.4
editSecurity updates
edit-
If Elastic Endpoint (v7.9.0 - v8.10.3) is configured to use a non-default option in which the logging level is explicitly set to
debug
, and Elastic Agent is simultaneously configured to collect and send those logs to Elasticsearch, then Elastic Agent API keys can be viewed in Elasticsearch in plaintext.The issue is resolved in Elastic Stack 8.10.4.
For more information, refer to our related security announcement.
Bug fixes
edit8.10.3
editEnhancements
edit-
Updates the MITRE ATT&CK® framework to
v13.1
(#166536).
Bug fixes
edit- Increases the line height of the session view preview in the alert details flyout (#166932).
- Adds tooltips to the Correlations table in the alert details flyout (#166913).
- Fixes a bug that prevented the prevalence query from considering fields with multiple values (#166891).
- Fixes an alert details flyout bug that affected the way prevalence data was fetched (#166694).
- Fixes a bug in Timeline that prevented the Show top x action from using the Timeline query (#165109).
8.10.2
editKnown issues
edit- The alert prevalence feature, which shows whether data from the alert was frequently observed on other hosts and user events, behaves inconsistently and may not produce accurate results.
Bug fixes
editThere are no user-facing changes in 8.10.2.
8.10.1
editKnown issues
edit- The alert prevalence feature, which shows whether data from the alert was frequently observed on other hosts and user events, behaves inconsistently and may not produce accurate results.
Bug fixes
edit8.10.0
editKnown issues
edit- The alert prevalence feature, which shows whether data from the alert was frequently observed on other hosts and user events, behaves inconsistently and may not produce accurate results.
Breaking changes
edit- Elastic Defend no longer supports deployment within an Elastic Agent DaemonSet in Kubernetes.
New features
edit- Introduces a redesigned alert details flyout that enhances your investigative flows (#3816, #3854).
- Adds the MITRE ATT&CK® coverage page, which shows how well your active detection rules protect against adversary tactics and techniques (#161556, #163498, #164613, #164986).
- Adds a component under the Elastic AI Assistant header that allows you to select a different connector (#163666).
- Adds role-based access control for the Elastic AI Assistant (#163031).
- Adds a flyout that allows you to examine rule details when installing or updating a prebuilt rule (#163304).
- Adds the ability to specify custom highlighted fields for an alert (#163235).
- Adds the Reputation service option to the malicious behavior protection setting on the Elastic Defend integration policy (#161617).
Enhancements
edit- Modifies the Elastic Security main menu by adding the Rules main page and landing page, and shifting the order of the Cases and Explore pages (#165061, #163102, #161667).
-
Adds a
resource.id
column to the "Top 10 vulnerable resources" table on the Cloud Native Vulnerability Management dashboard (#162668). - Shows the most relevant tab when you open the Findings page, instead of always showing the Misconfigurations tab (#162289).
- Adds the Building block label to the rule details page for building block rules (#162233).
- Removes a filter that restricted the fields you could choose from when creating an Endpoint exception or event filter (#162193).
- Shows a confirmation message on the Rules page and rule details page when you delete rules (#162477).
Bug fixes
edit- Fixes a UI bug that caused the rule preview to break when you closed it (#164973).
- Fixes a bug that stopped pre-configured connectors from working with the Elastic AI Assistant (#164900).
- Adds the new Elastic AI Assistant logo and global header menu item (#164763).
- Ensures that users see the appropriate message in the Elastic AI Assistant UI if they don’t have the necessary connector and action privileges (#164382).
- Prevents threshold rule error messages from concealing shard failure messages (#164231).
- Removes filter in and out inline actions from the Alerts table on the case details page, and fixes issues with the Top alerts by inline action (#161150).
-
Uses the Elastic Agent
last_checkin
status for endpoints'last seen
status (#160506). - Hides the Top alerts by inline action for nested fields (#159645).