8.10

edit

8.10.4

edit

Security updates

edit
  • If Elastic Endpoint (v7.9.0 - v8.10.3) is configured to use a non-default option in which the logging level is explicitly set to debug, and Elastic Agent is simultaneously configured to collect and send those logs to Elasticsearch, then Elastic Agent API keys can be viewed in Elasticsearch in plaintext.

    The issue is resolved in Elastic Stack 8.10.4.

    For more information, refer to our related security announcement.

Bug fixes

edit
  • Fixes a bug in Timeline that prevented the Show top x action from showing results (#168339).
  • Fixes a bug that caused outdated or incorrect data to display on the MITRE ATT&CK® Coverage page (#167917).

8.10.3

edit

Enhancements

edit
  • Updates the MITRE ATT&CK® framework to v13.1 (#166536).

Bug fixes

edit
  • Increases the line height of the session view preview in the alert details flyout (#166932).
  • Adds tooltips to the Correlations table in the alert details flyout (#166913).
  • Fixes a bug that prevented the prevalence query from considering fields with multiple values (#166891).
  • Fixes an alert details flyout bug that affected the way prevalence data was fetched (#166694).
  • Fixes a bug in Timeline that prevented the Show top x action from using the Timeline query (#165109).

8.10.2

edit

Known issues

edit
  • The alert prevalence feature, which shows whether data from the alert was frequently observed on other hosts and user events, behaves inconsistently and may not produce accurate results.

Bug fixes

edit

There are no user-facing changes in 8.10.2.

8.10.1

edit

Known issues

edit
  • The alert prevalence feature, which shows whether data from the alert was frequently observed on other hosts and user events, behaves inconsistently and may not produce accurate results.

Bug fixes

edit
  • Updates the Elastic AI Assistant response schema (#166300, #166495).

8.10.0

edit

Known issues

edit
  • The alert prevalence feature, which shows whether data from the alert was frequently observed on other hosts and user events, behaves inconsistently and may not produce accurate results.

Breaking changes

edit
  • Elastic Defend no longer supports deployment within an Elastic Agent DaemonSet in Kubernetes.

New features

edit
  • Introduces a redesigned alert details flyout that enhances your investigative flows (#3816, #3854).
  • Adds the MITRE ATT&CK® coverage page, which shows how well your active detection rules protect against adversary tactics and techniques (#161556, #163498, #164613, #164986).
  • Adds a component under the Elastic AI Assistant header that allows you to select a different connector (#163666).
  • Adds role-based access control for the Elastic AI Assistant (#163031).
  • Adds a flyout that allows you to examine rule details when installing or updating a prebuilt rule (#163304).
  • Adds the ability to specify custom highlighted fields for an alert (#163235).
  • Adds the Reputation service option to the malicious behavior protection setting on the Elastic Defend integration policy (#161617).

Enhancements

edit
  • Modifies the Elastic Security main menu by adding the Rules main page and landing page, and shifting the order of the Cases and Explore pages (#165061, #163102, #161667).
  • Adds a resource.id column to the "Top 10 vulnerable resources" table on the Cloud Native Vulnerability Management dashboard (#162668).
  • Shows the most relevant tab when you open the Findings page, instead of always showing the Misconfigurations tab (#162289).
  • Adds the Building block label to the rule details page for building block rules (#162233).
  • Removes a filter that restricted the fields you could choose from when creating an Endpoint exception or event filter (#162193).
  • Shows a confirmation message on the Rules page and rule details page when you delete rules (#162477).

Bug fixes

edit
  • Fixes a UI bug that caused the rule preview to break when you closed it (#164973).
  • Fixes a bug that stopped pre-configured connectors from working with the Elastic AI Assistant (#164900).
  • Adds the new Elastic AI Assistant logo and global header menu item (#164763).
  • Ensures that users see the appropriate message in the Elastic AI Assistant UI if they don’t have the necessary connector and action privileges (#164382).
  • Prevents threshold rule error messages from concealing shard failure messages (#164231).
  • Removes filter in and out inline actions from the Alerts table on the case details page, and fixes issues with the Top alerts by inline action (#161150).
  • Uses the Elastic Agent last_checkin status for endpoints' last seen status (#160506).
  • Hides the Top alerts by inline action for nested fields (#159645).