What's new in 8.9

[jmikell821]

Please add your features and enhancements for 8.9. Don't forget to include the related PR link!

Detections & Response

Rules

• Automated endpoint response actions: Users can now add the host isolation response action to rules. When rule conditions are met, the endpoint is automatically isolated. Automated response actions for rules #3546
• Response actions for rules are GA: Rule response actions are no longer in technical preview. They've been GA'ed for 8.9. (There's no doc PR, but I can try to find the dev issue/PR.)
• Rule details page includes rule's actions and response actions: The rule details page has been expanded to include a new section that shows the rule's actions and response actions. The newly-added Actions sections includes details such as the action (conector) type, name, and run frequency. (No docs PR since we decided to not doc the rule details page in 8.9. This feature was release-noted only.)
• Last response filter added to Rules table: In addition to sorting their rules by response, users can now filter for specific responses (Succeeded, Warning, or Failed). [DOCS] Document the new rule execution status filter #3570
• New UI for installing and upgrading prebuilt detection rules: The UI and workflow for managing prebuilt detection rules has been redesigned to allow more flexibility and visibility into rule updates. Users can now select which prebuilt rules they want to install and update, instead of only being able to install the entire set of rules. Prebuilt detection rules: new UI for installing and upgrading #3552
• New tags for prebuilt rules: Prebuilt detection rules have new tags identifying the rule’s purpose, detection method, associated resources, and other information to help categorize your rules. Also part of Prebuilt detection rules: new UI for installing and upgrading #3552
• Detection rule monitoring dashboard: This new dashboard provides visualizations to help you monitor the overall health and performance of Elastic Security’s detection rules. Consult this dashboard for a high-level view of whether your rules are running successfully and how long they’re taking to run, search data, and create alerts. Document the new Detection rule monitoring dashboard #3600

Alerts

• [ ]

Detection Engine

• Alert tags: Alert tags allow users to organize related alerts into categories that they can filter and group. Users can add or remove alert tags to individual or multiple alerts. They also have the option to create custom tags by updating the feature's advanced setting. Alert tagging & close reason #3542
• Auto-filled rule exceptions: When users create a new exception from an alert, exception conditions are auto-populated with relevant alert data. A comment describing this action is also automatically added to the Add comments section. Auto fill exceptions from alert data #3544

Threat Hunting

Explore

• [ ]

Investigations

• Interactive investigation guides: Interactive investigation guides are now GA, with a new toolbar button in the investigation guide editor. Interactive investigation guides enhancements in 8.9  #3503

Generative AI

• Elastic AI Assistant enhancements: The Elastic AI Assistant now has a centralized UI for configuring settings, and users can anonymize data sent to and from the AI provider. Additionally, the new Generative AI Token Usage dashboard allows users to monitor their token usage with the AI provider.
  • AI Assistant docs for 8.9 #3549
  • [DOCS] Document Generative AI Token Usage dashboard in Gen AI connector kibana#162374

Defend Workflows/Asset Management

• New response action: upload: The new upload response action allows you to upload a file to an endpoint enrolled with Elastic Defend. This could be combined with the execute response action to upload & run scripts, or perform other mitigation on remote hosts. Upload response action #3601

Cloud Security

• CloudFormation Deployment for CSPM:

Introduces a new, simpler deployment method for Cloud Security Posture Management. You can now quickly set up this feature using AWS CloudFormation [https://github.com//pull/3599]

• Cloud Native Vulnerability Management Dashboard:

Introduces a new dashboard that shows you an overview of vulnerabilities detected in your environment [https://github.com//pull/3553]

Endpoint

• [ ]

Protections Experience

• [ ]

ResponseOps

• Multiple enhancements to cases: Several enhancements have been added in 8.9 -- note these will likely be doc'd in Kibana's what's new because ResponseOps typically docs new features there:
  • Users will now have the option to specify a Category for new and existing cases. [DOCS] Add category field to cases #3541
  • Users can now add Lens visualizations to cases from anywhere within the Security app. [DOCS] Add lens visualizations to cases from dashboards #3556
  • The case details Alerts tab now displays the number of alerts attached to a case. Alert tab counter and category field #3571
  • Email notifications now follow a new and improved template.

Integrations

• [ ]