8.13

edit

8.13.4

edit

Bug fixes

edit

There are no user-facing changes in 8.13.4.

8.13.3

edit

Enhancements

edit
  • Ensures that Elastic Defend can’t be installed on versions earlier than Windows 10 or Server 2016.

Bug fixes

edit
  • Fixes a bug that caused a warning to display after you added any type of exception to a rule (#180800).
  • Fixes a bug with the is one of Timeline filter that generated incorrect Query Domain Specific Language (DSL) queries (#180455).
  • Fixes the loading page layout on the Intelligence page. Also improves the Indicators table loading speed after you set up a threat intelligence integration (#178701).
  • Fixes a bug that stopped indicator filters from working correctly on the Intelligence page (#179607).

8.13.2

edit

Bug fixes

edit
  • Fixes a bug that prevented Alert table filters from retrieving the correct values if you used the Filter In or Filter Out inline actions (#179911).
  • Fixes a bug that automatically checked checkboxes on the Alerts page when you clicked filter labels (#179610).

8.13.1

edit

Bug fixes

edit
  • Fixes a bug that automatically checked checkboxes on the Alerts page when you clicked filter labels (#179610).
  • Fixes a bug that prevented the KQL bar on the Intelligence page from providing suggestions and applying filters correctly (#179153).

8.13.0

edit

Features

edit
  • Allows you to define an entity’s (such as a host’s or user’s) Asset criticality, which can affect risk scores (#176815, #176294, #172417, #176056).
  • Allows information on the Data Quality dashboard to now persist in Elastic Security rather than disappearing after each session (#175673, #173185).
  • Adds field-by-field diffs to the rules upgrade flyout so you can see what’s changed between versions (#174564).
  • Adds alert suppression to the Indicator Match rule type (#174241).
  • You can add Elastic Defend’s kill-process or suspend-process response actions to detection rules to automatically terminate or suspend a process on an affected host (#161645).
  • Allows you to isolate and release a SentinelOne-protected host from detection alerts and the response console, and view third-party actions in the response actions history log (#173927, #175810).
  • Allows you to enable and disable cloud security Benchmark rules (#174575).

Enhancements

edit
  • Enables advanced sorting and customization options for the Findings page’s Vulnerabilities table (#174413).
  • Adds the ability to analyze an event within a specific time range and data view (#176364).
  • Enables the newly expanded host and user details flyouts, which allow you to view host or user details, risk data and inputs, and asset criticality (#175899).
  • Improves the header layout in the alert details flyout so basic alert details are better organized (#175075).
  • Adds inline actions and a search bar to the left panel in the event analyzer UI and improves formatting issues (#172397).

Bug fixes

edit
  • Fixes a bug that prevented the event analyzer preview from loading properly for ES|QL rules (#178389).
  • Fixes a bug that prevented you from editing, adding, or removing query filters when creating or editing a custom query, indicator match, or new terms rule (#178207).
  • Fixes a bug that caused unnecessary error messages to appear in Kibana server logs when using the MITRE ATT&CK® Coverage page (#178126).
  • Prevents an infinite loading state on the Add Rules page for users with limited permissions (#178005).
  • Fixes a bug that prevented the Reset Fields action on the Alerts table from resetting the table’s columns (#177986).
  • Fixes a bug that interfered with the rule filtering interface when you opened it from specific parts of Elastic Security (#177946).
  • Ensures that text within the risk score preview table translates correctly (#177680).
  • Fixes a bug that could prevent the correct kibana.alert.threshold_result.terms.value field value from appearing in the alert details flyout (#177472).
  • Fixes multiple bugs affecting the rule filters on the rule details page (#177081).
  • Updates the alert assignment UI to make its data model and intended usage clearer (#176442).
  • Fixes rule overwrite behavior when importing new rules. Now, when a new rule overwrites an existing rule, the new rule completely replaces all the fields of the old one, and the old rule’s fields are never included in the new rule (#176166).
  • Fixes a bug that allowed you to add a Timeline as a favorite before it was saved (#175161).
  • Fixes a bug that could result in an unnecessary negative sign in the risk score table within the expandable user and host flyouts (#177015).
  • Adds file and size constraints to value lists (#176074).