8.14
edit8.14
edit8.14.3
editKnown issues
editElastic Endpoint does not properly populate the user.name
field in security events
Details
Elastic Endpoint for Windows will not properly populate the user.name
field with security events.
Workaround
Upgrade to 8.15.1.
Resolved
On September 5, 2024, this issue was resolved.
Alerts wrongfully inherit previously-selected tags
Details
When you add tags to alerts from the Alerts table, the previously-selected tags are incorrectly applied in addition to the new ones that you select.
Workaround
Upgrade to 8.15.3. Alternatively, when adding tags to an alert, click the previously-applied tags to re-apply them, then click them again to remove them. Save your changes by clicking Apply tags. This removes the old tags from the alert.
Resolved
On October 17, 2024, this issue was resolved.
Bug fixes
edit-
Fixes a bug that prevented widgets on the Alerts page from updating after the status of alerts grouped by
rule.name
was changed with a bulk action (#183674).
8.14.2
editKnown issues
editElastic Endpoint does not properly populate the user.name
field in security events
Details
Elastic Endpoint for Windows will not properly populate the user.name
field with security events.
Workaround
Upgrade to 8.15.1.
Resolved
On September 5, 2024, this issue was resolved.
Alerts wrongfully inherit previously-selected tags
Details
When you add tags to alerts from the Alerts table, the previously-selected tags are incorrectly applied in addition to the new ones that you select.
Workaround
Upgrade to 8.15.3. Alternatively, when adding tags to an alert, click the previously-applied tags to re-apply them, then click them again to remove them. Save your changes by clicking Apply tags. This removes the old tags from the alert.
Resolved
On October 17, 2024, this issue was resolved.
Bug fixes
editThere are no user-facing changes in 8.14.2.
8.14.1
editKnown issues
editElastic Endpoint does not properly populate the user.name
field in security events
Details
Elastic Endpoint for Windows will not properly populate the user.name
field with security events.
Workaround
Upgrade to 8.15.1.
Resolved
On September 5, 2024, this issue was resolved.
Alerts wrongfully inherit previously-selected tags
Details
When you add tags to alerts from the Alerts table, the previously-selected tags are incorrectly applied in addition to the new ones that you select.
Workaround
Upgrade to 8.15.3. Alternatively, when adding tags to an alert, click the previously-applied tags to re-apply them, then click them again to remove them. Save your changes by clicking Apply tags. This removes the old tags from the alert.
Resolved
On October 17, 2024, this issue was resolved.
Bug fixes
edit- Fixes a bug that caused the Osquery flyout to appear behind Timeline (#184951).
- Fixes a bug that prevented dates from being displayed properly in Timeline if the Kibana space used a custom date and time format (#184799).
- Fixes a bug that didn’t allow you to use leading wildcards in queries when filtering data in the Summary and Treemap charts on the Alerts page (#182875).
- Fixes a text formatting issue in the visual analyzer’s left panel, where you can find event details (#183453).
- Fixes a bug that that incorrectly led you to Timeline’s Query tab if you opened the detailed visual analyzer view from the alert details flyout. Now, you’re correctly navigated to Timeline’s Analyzer tab (#182749).
8.14.0
editKnown issues
editElastic Endpoint does not properly populate the user.name
field in security events
Details
Elastic Endpoint for Windows will not properly populate the user.name
field with security events.
Workaround
Upgrade to 8.15.1.
Resolved
On September 5, 2024, this issue was resolved.
Alerts wrongfully inherit previously-selected tags
Details
When you add tags to alerts from the Alerts table, the previously-selected tags are incorrectly applied in addition to the new ones that you select.
Workaround
Upgrade to 8.15.3. Alternatively, when adding tags to an alert, click the previously-applied tags to re-apply them, then click them again to remove them. Save your changes by clicking Apply tags. This removes the old tags from the alert.
Resolved
On October 17, 2024, this issue was resolved.
New features
edit- Introduces Attack discovery, a new feature that uses AI to identify potential attacks and help you quickly triage multiple alerts (#181818).
- Creates the Asset criticality page within the Manage menu, which lets you bulk assign asset criticality levels to your assets (#179891).
- Adds alert suppression for New Terms rules (#178294).
- Adds alert suppression for EQL rules with non-sequence queries (#176422).
- Allows you to edit value lists from the UI, anywhere you use them (#179339).
- Adds a Setup guide markdown field to custom rules (#178131).
Enhancements
edit- Removes the "Technical preview" tag for ES|QL and makes it generally available (#180838).
- Allows you to add calculated values to an ES|QL rule’s highlighted fields (#177746).
-
Connects ES|QL functionality in Elastic Security to the
general:enableESQL
advanced setting (#181616). - Removes the "Technical preview" tag for custom query rule alert suppression and makes it generally available (#181279).
- Makes conversations with Elastic AI Assistant persist across sessions (#173487).
- Adds conversation streaming for Elastic AI Assistant (#180095).
- Adds support for Anthropic Claude 3 to the Amazon Bedrock connector and makes it the default model (#179304).
- Adds an AI Assistant settings section to the Management menu (#176656).
- Updates the AI Assistant design from modal to flyout (#176657).
-
Adds the
_source
field to the alert details flyout’s JSON view (#180477). - Improves the UI for row renderers in Timeline (#180669).
- Allows data collected by Auditbeat to appear in Session View (#179985).
- Improves the visual appearance of the asset criticality alert column (#180868).
- Adds an advanced setting that allows you to turn off alert enrichment from memory scanning for malicious behavior alerts (#180636).
- Adds an advanced setting that lets you turn off a performance optimization that makes malware on-write and file event processing asynchronous (#179179).
- Makes some of the flyout’s state persist for alert and event details (#178746, #179511).
- Limits the alerts that can affect an entity’s risk score to the 10,000 riskiest (#178324).
- Adds a tooltip to the Asset Criticality section of the entity details flyout (#176927).
- Updates MITRE ATT&CK framework to version 14.1 (#174120).
- Allows you to choose whether Elastic Defend scans files when they’re modified or executed (#179176).
- Allows you to automatically register Elastic Defend as the antivirus software for Windows endpoints when Elastic Defend’s malware protection has prevention enabled (#180484).
- Enables the expandable event flyout by default (#182178).
- Enables the expandable Timeline flyout by default (#182179).
Bug fixes
edit-
Fixes a bug that prevented the ES|QL Timeline tab from being turned off after you removed the
xpack.securitySolution.enableExperimental: ["timelineEsqlTabDisabled"]
feature flag from the Kibana user settings (#182816). - Fixes a bug that removed pinned events and comments in unsaved Timelines (#178212).
- Fixes a bug in Timeline that prevented the Show top x action from showing accurate results (#177213).
-
Fixes a bug with the
is one of
Timeline filter that generated incorrect Query Domain Specific Language (DSL) queries (#180455). -
Ensures the
securitySolution:enableAssetCriticality
advanced setting is enabled before the asset criticality levels to your entities are updated (#181780). - Corrects the color theme for the entity risk score UI to ensure it works in dark mode (#181431).
- Improves the Entity Analytics dashboard load time (#179510).
- Fixes a bug that didn’t allow you to save Timelines if your Kibana account name was an email address (#181709).
-
Moves the
observer.serial_number
field to the Highlighted Fields section for alerts generated by SentinelOne and removes the Elastic Agent status field (#181038). - Fixes an issue that caused Kibana Task Manager to become overloaded when rules were bulk enabled (#180796).
- Ensures you can preview machine learning rules while creating a new rule (#180792).
- Fixes a UI bug on the rule details page for EQL and ES|QL rules that caused the Custom query label to incorrectly display in the rule type field (#178821).
- Deactivates the Create new list option if you attempt to import another exception list for the Endpoint Security rule (#178674).
- Fixes a bug that stopped indicator filters from working correctly on the Intelligence page (#179607).
- Fixes the loading page layout on the Intelligence page, and improves the Indicators table loading speed after you set up a threat intelligence integration (#178701).
- Fixes a bug that caused the wrong Elastic Security app page name to display in your browser tab (#181056).