« Release notes 8.13 »
Elastic Docs Elastic Security Solution [8.14] Release notes

8.14

edit

8.14edit

8.14.2edit

Bug fixesedit

There are no user-facing changes in 8.14.2.

8.14.1edit

Bug fixesedit

  • Fixes a bug that caused the Osquery flyout to appear behind Timeline (#184951).
  • Fixes a bug that prevented dates from being displayed properly in Timeline if the Kibana space used a custom date and time format (#184799).
  • Fixes a bug that didn’t allow you to use leading wildcards in queries when filtering data in the Summary and Treemap charts on the Alerts page (#182875).
  • Fixes a text formatting issue in the visual analyzer’s left panel, where you can find event details (#183453).
  • Fixes a bug that that incorrectly led you to Timeline’s Query tab if you opened the detailed visual analyzer view from the alert details flyout. Now, you’re correctly navigated to Timeline’s Analyzer tab (#182749).

8.14.0edit

New featuresedit

  • Introduces Attack discovery, a new feature that uses AI to identify potential attacks and help you quickly triage multiple alerts (#181818).
  • Creates the Asset criticality page within the Manage menu, which lets you bulk assign asset criticality levels to your assets (#179891).
  • Adds alert suppression for New Terms rules (#178294).
  • Adds alert suppression for EQL rules with non-sequence queries (#176422).
  • Allows you to edit value lists from the UI, anywhere you use them (#179339).
  • Adds a Setup guide markdown field to custom rules (#178131).

Enhancementsedit

  • Removes the "Technical preview" tag for ES|QL and makes it generally available (#180838).
  • Allows you to add calculated values to an ES|QL rule’s highlighted fields (#177746).
  • Connects ES|QL functionality in Elastic Security to the general:enableESQL advanced setting (#181616).
  • Removes the "Technical preview" tag for custom query rule alert suppression and makes it generally available (#181279).
  • Makes conversations with Elastic AI Assistant persist across sessions (#173487).
  • Adds conversation streaming for Elastic AI Assistant (#180095).
  • Adds support for Anthropic Claude 3 to the Amazon Bedrock connector and makes it the default model (#179304).
  • Adds an AI Assistant settings section to the Management menu (#176656).
  • Updates the AI Assistant design from modal to flyout (#176657).
  • Adds the _source field to the alert details flyout’s JSON view (#180477).
  • Improves the UI for row renderers in Timeline (#180669).
  • Allows data collected by Auditbeat to appear in Session View (#179985).
  • Improves the visual appearance of the asset criticality alert column (#180868).
  • Adds an advanced setting that allows you to turn off alert enrichment from memory scanning for malicious behavior alerts (#180636).
  • Adds an advanced setting that lets you turn off a performance optimization that makes malware on-write and file event processing asynchronous (#179179).
  • Makes some of the flyout’s state persist for alert and event details (#178746, #179511).
  • Limits the alerts that can affect an entity’s risk score to the 10,000 riskiest (#178324).
  • Adds a tooltip to the Asset Criticality section of the entity details flyout (#176927).
  • Updates MITRE ATT&CK framework to version 14.1 (#174120).
  • Allows you to choose whether Elastic Defend scans files when they’re modified or executed (#179176).
  • Allows you to automatically register Elastic Defend as the antivirus software for Windows endpoints when Elastic Defend’s malware protection has prevention enabled (#180484).
  • Enables the expandable event flyout by default (#182178).
  • Enables the expandable Timeline flyout by default (#182179).

Bug fixesedit

  • Fixes a bug that prevented the ES|QL Timeline tab from being turned off after you removed the xpack.securitySolution.enableExperimental: ["timelineEsqlTabDisabled"] feature flag from the Kibana user settings (#182816).
  • Fixes a bug that removed pinned events and comments in unsaved Timelines (#178212).
  • Fixes a bug in Timeline that prevented the Show top x action from showing accurate results (#177213).
  • Fixes a bug with the is one of Timeline filter that generated incorrect Query Domain Specific Language (DSL) queries (#180455).
  • Ensures the securitySolution:enableAssetCriticality advanced setting is enabled before the asset criticality levels to your entities are updated (#181780).
  • Corrects the color theme for the entity risk score UI to ensure it works in dark mode (#181431).
  • Improves the Entity Analytics dashboard load time (#179510).
  • Fixes a bug that didn’t allow you to save Timelines if your Kibana account name was an email address (#181709).
  • Moves the observer.serial_number field to the Highlighted Fields section for alerts generated by SentinelOne and removes the Elastic Agent status field (#181038).
  • Fixes an issue that caused Kibana Task Manager to become overloaded when rules were bulk enabled (#180796).
  • Ensures you can preview machine learning rules while creating a new rule (#180792).
  • Fixes a UI bug on the rule details page for EQL and ES|QL rules that caused the Custom query label to incorrectly display in the rule type field (#178821).
  • Deactivates the Create new list option if you attempt to import another exception list for the Endpoint Security rule (#178674).
  • Fixes a bug that stopped indicator filters from working correctly on the Intelligence page (#179607).
  • Fixes the loading page layout on the Intelligence page, and improves the Indicators table loading speed after you set up a threat intelligence integration (#178701).
  • Fixes a bug that caused the wrong Elastic Security app page name to display in your browser tab (#181056).
« Release notes 8.13 »