From 2b1cb89229329babaa1d6fb6e387b6ff80d5a388 Mon Sep 17 00:00:00 2001 From: "nastasha.solomon" Date: Wed, 24 Jul 2024 14:05:53 -0400 Subject: [PATCH 01/27] First draft --- docs/release-notes.asciidoc | 1 + docs/release-notes/8.15.asciidoc | 60 ++++++++++++++++++++++++++++++++ 2 files changed, 61 insertions(+) create mode 100644 docs/release-notes/8.15.asciidoc diff --git a/docs/release-notes.asciidoc b/docs/release-notes.asciidoc index bdbe757457..3cbde1d868 100644 --- a/docs/release-notes.asciidoc +++ b/docs/release-notes.asciidoc @@ -3,6 +3,7 @@ This section summarizes the changes in each release. +* <> * <> * <> * <> diff --git a/docs/release-notes/8.15.asciidoc b/docs/release-notes/8.15.asciidoc new file mode 100644 index 0000000000..937be04d5c --- /dev/null +++ b/docs/release-notes/8.15.asciidoc @@ -0,0 +1,60 @@ +[[release-notes-8.15.0]] +=== 8.15.0 + +[discrete] +[[features-8.15.0]] +==== New features +* Enable preview feature flag and cypress tests ({kibana-pull}188580[#188580]). +* Row Renderer + Notes in Flyout ({kibana-pull}186948[#186948]). +* Enable Crowdstrike feature flags ({kibana-pull}186801[#186801]). +* Defend Advanced Policy Options for Registry Event Filtering Enforcement ({kibana-pull}186564[#186564]). +* Adds bulk rule action for manual rule run ({kibana-pull}186293[#186293]). +* Adds responder `scan` action ({kibana-pull}184723[#184723]). +* Manual rule run from rule details and rules table ({kibana-pull}184500[#184500]). +* Agentless cloud credentials ({kibana-pull}184162[#184162]). +* Rule execution log support backfill rule run types ({kibana-pull}183898[#183898]). +* Re-score entity when asset criticality changes ({kibana-pull}182234[#182234]). +* Defend Advanced Policy Options for Custom File/Registry Access Eventing ({kibana-pull}181361[#181361]). +* Adds asset criticality page to serverless ({kibana-pull}180817[#180817]). +* Allow users to edit required_fields field for custom rules ({kibana-pull}180682[#180682]). +* Allow users to edit max_signals field for custom rules ({kibana-pull}179680[#179680]). +* Bulk editing rule custom highlighted fields ({kibana-pull}179312[#179312]). +* Adds AI Assistant to rule create form ({kibana-pull}179091[#179091]). +* Allow users to edit related_integrations field for custom rules ({kibana-pull}178295[#178295]). + +[discrete] +[[enhancements-8.15.0]] +==== Enhancements + +* Attack discovery connector dropdown notification badges ({kibana-pull}187209[#187209]). +* Improves Attack discovery GPT-4o output ({kibana-pull}187183[#187183]). +* Attack discovery connector dropdown notification badges ({kibana-pull}186903[#186903]). +* Enable Crowdstrike feature flags ({kibana-pull}186801[#186801]). +* Bump default Gemini and Bedrock versions ({kibana-pull}186671[#186671]). +* `Scan` response actions history and errors ({kibana-pull}186284[#186284]). +* Attack discovery background task and persistence ({kibana-pull}184949[#184949]). +* Remove transform delay time + add unattended setting ({kibana-pull}184797[#184797]). +* Change risk scoring sum max and simplify risk score calculations ({kibana-pull}184638[#184638]). +* Allow Findings page tables to consume all the available space ({kibana-pull}184185[#184185]). +* Replace advanced settings with feature flag ({kibana-pull}184169[#184169]). +* Adds onClose to the API to let developers know when the expandable flyout is being closed ({kibana-pull}183553[#183553]). +* Updates MITRE ATT&CK framework to `v15.1` ({kibana-pull}183463[#183463]). +* Display rule warning when action is disabled but rule ran successfully ({kibana-pull}182741[#182741]). +* AI Assistant, replace `LLM` with `SimpleChatModel` + Bedrock streaming ({kibana-pull}182041[#182041]). +* Adds Alert Suppression to ML Rules ({kibana-pull}181926[#181926]). +* Adavanced policy network_report_loopback ({kibana-pull}181753[#181753]). +* Update asset criticality CSV upload copy ({kibana-pull}181390[#181390]). +* Adds alert suppression to ES|QL rule type ({kibana-pull}180927[#180927]). +* Enable xMatters, Server Log connectors for Security ({kibana-pull}172933[#172933]). + +[discrete] +[[bug-fixes-8.15.0]] +==== Bug fixes +* Remove investigate in timeline action in suppressed alert in rule creation ({kibana-pull}188385[#188385]). +* Fixes misaligned dropdown for page selector on shared exception lists page ({kibana-pull}187956[#187956]). +* ES|QL rule execution error when source document has a non-ECS compliant sub-field with data under event field ({kibana-pull}187549[#187549]). +* Show upselling component for entity risk score tab ({kibana-pull}183517[#183517]). +* Hide agentless policy name ({kibana-pull}181606[#181606]). +* Prevent maxClauseCount errors from occurring within indicator match rules ({kibana-pull}179748[#179748]). +* Allow users to edit max_signals field for custom rules ({kibana-pull}179680[#179680]). +* Enable rendering of CTI indicators with flattened fields ({kibana-pull}179395[#179395]). \ No newline at end of file From c182d073f1ef904536d56b799b144f2835f91a47 Mon Sep 17 00:00:00 2001 From: "nastasha.solomon" Date: Wed, 24 Jul 2024 15:08:37 -0400 Subject: [PATCH 02/27] Fixed error --- docs/release-notes.asciidoc | 1 + docs/release-notes/8.15.asciidoc | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/docs/release-notes.asciidoc b/docs/release-notes.asciidoc index 3cbde1d868..1e3b81d224 100644 --- a/docs/release-notes.asciidoc +++ b/docs/release-notes.asciidoc @@ -62,6 +62,7 @@ This section summarizes the changes in each release. * <> * <> +include::release-notes/8.15.asciidoc[] include::release-notes/8.14.asciidoc[] include::release-notes/8.13.asciidoc[] include::release-notes/8.12.asciidoc[] diff --git a/docs/release-notes/8.15.asciidoc b/docs/release-notes/8.15.asciidoc index 937be04d5c..e4c4a237c9 100644 --- a/docs/release-notes/8.15.asciidoc +++ b/docs/release-notes/8.15.asciidoc @@ -1,3 +1,7 @@ +[[release-notes-header-8.15.0]] +=== 8.15.0 + +[discrete] [[release-notes-8.15.0]] === 8.15.0 From 51452ce27365ec0f761d873e1e5e000c20113497 Mon Sep 17 00:00:00 2001 From: "nastasha.solomon" Date: Wed, 24 Jul 2024 15:43:28 -0400 Subject: [PATCH 03/27] ok, actually fixing it --- docs/release-notes/8.15.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/release-notes/8.15.asciidoc b/docs/release-notes/8.15.asciidoc index e4c4a237c9..bbbc70ffe9 100644 --- a/docs/release-notes/8.15.asciidoc +++ b/docs/release-notes/8.15.asciidoc @@ -1,5 +1,5 @@ [[release-notes-header-8.15.0]] -=== 8.15.0 +== 8.15.0 [discrete] [[release-notes-8.15.0]] From 44e26711b6c57ea27dc72e346495387ed837e670 Mon Sep 17 00:00:00 2001 From: "nastasha.solomon" Date: Wed, 31 Jul 2024 22:51:30 -0400 Subject: [PATCH 04/27] New features draft --- docs/release-notes/8.15.asciidoc | 41 +++++++++++++++++--------------- 1 file changed, 22 insertions(+), 19 deletions(-) diff --git a/docs/release-notes/8.15.asciidoc b/docs/release-notes/8.15.asciidoc index bbbc70ffe9..d5084ee072 100644 --- a/docs/release-notes/8.15.asciidoc +++ b/docs/release-notes/8.15.asciidoc @@ -5,26 +5,31 @@ [[release-notes-8.15.0]] === 8.15.0 +* Introduces Attack discovery, a new feature that uses AI to identify potential attacks and help you quickly triage multiple alerts ({kibana-pull}181818[#181818]). +* Creates the **Asset criticality** page within the **Manage** menu, which lets you bulk assign asset criticality levels to your assets ({kibana-pull}179891[#179891]). +[#176422]). +* Allows you to edit value lists from the UI, anywhere you use them ({kibana-pull}179339[#179339]). +* Adds a **Setup guide** markdown field to custom rules ({kibana-pull}178131[#178131]). + [discrete] [[features-8.15.0]] ==== New features -* Enable preview feature flag and cypress tests ({kibana-pull}188580[#188580]). -* Row Renderer + Notes in Flyout ({kibana-pull}186948[#186948]). + * Enable Crowdstrike feature flags ({kibana-pull}186801[#186801]). -* Defend Advanced Policy Options for Registry Event Filtering Enforcement ({kibana-pull}186564[#186564]). -* Adds bulk rule action for manual rule run ({kibana-pull}186293[#186293]). -* Adds responder `scan` action ({kibana-pull}184723[#184723]). -* Manual rule run from rule details and rules table ({kibana-pull}184500[#184500]). +* Adds the `scan` action to the response console ({kibana-pull}184723[#184723]). +* Adds a Defend Advanced Policy option that allows you to opt out of registry event filtering ({kibana-pull}186564[#186564]). +* Allows you to specify additional file and registry paths that will be monitored for read access ({kibana-pull}181361[#181361]). * Agentless cloud credentials ({kibana-pull}184162[#184162]). -* Rule execution log support backfill rule run types ({kibana-pull}183898[#183898]). -* Re-score entity when asset criticality changes ({kibana-pull}182234[#182234]). -* Defend Advanced Policy Options for Custom File/Registry Access Eventing ({kibana-pull}181361[#181361]). -* Adds asset criticality page to serverless ({kibana-pull}180817[#180817]). -* Allow users to edit required_fields field for custom rules ({kibana-pull}180682[#180682]). -* Allow users to edit max_signals field for custom rules ({kibana-pull}179680[#179680]). -* Bulk editing rule custom highlighted fields ({kibana-pull}179312[#179312]). -* Adds AI Assistant to rule create form ({kibana-pull}179091[#179091]). -* Allow users to edit related_integrations field for custom rules ({kibana-pull}178295[#178295]). +* Updates entity risk scores when asset criticality changes ({kibana-pull}182234[#182234]). +* Allows you to edit the `required_fields` field for custom rules ({kibana-pull}180682[#180682]). +* Allows you to edit the `max_signals` field for custom rules ({kibana-pull}179680[#179680]). +* Allows you to edit the `related_integrations` field for custom rules ({kibana-pull}178295[#178295]). +* Provides help from AI Assistant when you're creating rule queries ({kibana-pull}179091[#179091]). +* Allows you to bulk update custom highlighted fields for rules ({kibana-pull}179312[#179312]). +* Adds alert suppression for {ml} rules ({kibana-pull}181926[#181926]). +* Adds alert suppression for ES|QL rules ({kibana-pull}180927[#180927]). +* Enable preview feature flag ({kibana-pull}188580[#188580]). +* Adds an option to Timeline for quickly turning row renderers on and off. Also moves notes to a new flyout ({kibana-pull}186948[#186948]). [discrete] [[enhancements-8.15.0]] @@ -33,7 +38,6 @@ * Attack discovery connector dropdown notification badges ({kibana-pull}187209[#187209]). * Improves Attack discovery GPT-4o output ({kibana-pull}187183[#187183]). * Attack discovery connector dropdown notification badges ({kibana-pull}186903[#186903]). -* Enable Crowdstrike feature flags ({kibana-pull}186801[#186801]). * Bump default Gemini and Bedrock versions ({kibana-pull}186671[#186671]). * `Scan` response actions history and errors ({kibana-pull}186284[#186284]). * Attack discovery background task and persistence ({kibana-pull}184949[#184949]). @@ -45,20 +49,19 @@ * Updates MITRE ATT&CK framework to `v15.1` ({kibana-pull}183463[#183463]). * Display rule warning when action is disabled but rule ran successfully ({kibana-pull}182741[#182741]). * AI Assistant, replace `LLM` with `SimpleChatModel` + Bedrock streaming ({kibana-pull}182041[#182041]). -* Adds Alert Suppression to ML Rules ({kibana-pull}181926[#181926]). * Adavanced policy network_report_loopback ({kibana-pull}181753[#181753]). * Update asset criticality CSV upload copy ({kibana-pull}181390[#181390]). -* Adds alert suppression to ES|QL rule type ({kibana-pull}180927[#180927]). * Enable xMatters, Server Log connectors for Security ({kibana-pull}172933[#172933]). [discrete] [[bug-fixes-8.15.0]] ==== Bug fixes + +* Adds retrieve results to timeline search strategy ({kibana-pull}189031[#189031]). * Remove investigate in timeline action in suppressed alert in rule creation ({kibana-pull}188385[#188385]). * Fixes misaligned dropdown for page selector on shared exception lists page ({kibana-pull}187956[#187956]). * ES|QL rule execution error when source document has a non-ECS compliant sub-field with data under event field ({kibana-pull}187549[#187549]). * Show upselling component for entity risk score tab ({kibana-pull}183517[#183517]). * Hide agentless policy name ({kibana-pull}181606[#181606]). * Prevent maxClauseCount errors from occurring within indicator match rules ({kibana-pull}179748[#179748]). -* Allow users to edit max_signals field for custom rules ({kibana-pull}179680[#179680]). * Enable rendering of CTI indicators with flattened fields ({kibana-pull}179395[#179395]). \ No newline at end of file From a900421ba9c93a36c170e6fc4dcded35404793c9 Mon Sep 17 00:00:00 2001 From: "nastasha.solomon" Date: Wed, 31 Jul 2024 22:54:20 -0400 Subject: [PATCH 05/27] Removes old content --- docs/release-notes/8.15.asciidoc | 6 ------ 1 file changed, 6 deletions(-) diff --git a/docs/release-notes/8.15.asciidoc b/docs/release-notes/8.15.asciidoc index d5084ee072..aa6d7760f6 100644 --- a/docs/release-notes/8.15.asciidoc +++ b/docs/release-notes/8.15.asciidoc @@ -5,12 +5,6 @@ [[release-notes-8.15.0]] === 8.15.0 -* Introduces Attack discovery, a new feature that uses AI to identify potential attacks and help you quickly triage multiple alerts ({kibana-pull}181818[#181818]). -* Creates the **Asset criticality** page within the **Manage** menu, which lets you bulk assign asset criticality levels to your assets ({kibana-pull}179891[#179891]). -[#176422]). -* Allows you to edit value lists from the UI, anywhere you use them ({kibana-pull}179339[#179339]). -* Adds a **Setup guide** markdown field to custom rules ({kibana-pull}178131[#178131]). - [discrete] [[features-8.15.0]] ==== New features From 86f49235b80b8ac3b8f86a60226460819506f7b5 Mon Sep 17 00:00:00 2001 From: "nastasha.solomon" Date: Thu, 1 Aug 2024 13:07:15 -0400 Subject: [PATCH 06/27] breaking changes and more NF sums --- docs/release-notes/8.15.asciidoc | 48 +++++++++++++++++--------------- 1 file changed, 25 insertions(+), 23 deletions(-) diff --git a/docs/release-notes/8.15.asciidoc b/docs/release-notes/8.15.asciidoc index aa6d7760f6..aa835d1c94 100644 --- a/docs/release-notes/8.15.asciidoc +++ b/docs/release-notes/8.15.asciidoc @@ -5,47 +5,49 @@ [[release-notes-8.15.0]] === 8.15.0 +[discrete] +[[breaking-changes-8.15.0]] +==== Breaking changes + +* User-defined quick prompts created before upgrade to 8.15 will no longer appear after you upgrade. In 8.15, quick prompts will be shared by all users in your deployment, rather than stored at the user level. To implement your existing quick prompts in 8.15, copy them prior to upgrade, and add them again after upgrade ({kibana-pull}187040[#187040]). + [discrete] [[features-8.15.0]] ==== New features -* Enable Crowdstrike feature flags ({kibana-pull}186801[#186801]). -* Adds the `scan` action to the response console ({kibana-pull}184723[#184723]). +* Adds the `scan` action to the response console, which allows you to scan a specific file or directory on the host for malware ({kibana-pull}184723[#184723]). * Adds a Defend Advanced Policy option that allows you to opt out of registry event filtering ({kibana-pull}186564[#186564]). * Allows you to specify additional file and registry paths that will be monitored for read access ({kibana-pull}181361[#181361]). -* Agentless cloud credentials ({kibana-pull}184162[#184162]). +* Provides bidirectional capability with Crowdstrike, which lets you to execute host isolation and release of a Crowdstrike agent through {elastic-sec} ({kibana-pull}186801[#186801]). * Updates entity risk scores when asset criticality changes ({kibana-pull}182234[#182234]). -* Allows you to edit the `required_fields` field for custom rules ({kibana-pull}180682[#180682]). -* Allows you to edit the `max_signals` field for custom rules ({kibana-pull}179680[#179680]). -* Allows you to edit the `related_integrations` field for custom rules ({kibana-pull}178295[#178295]). -* Provides help from AI Assistant when you're creating rule queries ({kibana-pull}179091[#179091]). +* Allows you to edit the `max_signals`, `related_integrations`, and `required_fields` fields for custom rules ({kibana-pull}179680[#179680], {kibana-pull}178295[#178295], {kibana-pull}180682[#180682]). +* Provides help from AI Assistant when you're correcting rule query errors ({kibana-pull}179091[#179091]). * Allows you to bulk update custom highlighted fields for rules ({kibana-pull}179312[#179312]). -* Adds alert suppression for {ml} rules ({kibana-pull}181926[#181926]). -* Adds alert suppression for ES|QL rules ({kibana-pull}180927[#180927]). -* Enable preview feature flag ({kibana-pull}188580[#188580]). -* Adds an option to Timeline for quickly turning row renderers on and off. Also moves notes to a new flyout ({kibana-pull}186948[#186948]). +* Adds alert suppression for {ml} and {esql} rules ({kibana-pull}181926[#181926], {kibana-pull}180927[#180927]). +* Agentless cloud credentials ({kibana-pull}184162[#184162]). +* Enables the feature flag for additional flyout previews ({kibana-pull}188580[#188580]). +* Adds an option to Timeline for toggling row renderers on and off and moves notes to a new flyout ({kibana-pull}186948[#186948]). [discrete] [[enhancements-8.15.0]] ==== Enhancements -* Attack discovery connector dropdown notification badges ({kibana-pull}187209[#187209]). -* Improves Attack discovery GPT-4o output ({kibana-pull}187183[#187183]). -* Attack discovery connector dropdown notification badges ({kibana-pull}186903[#186903]). -* Bump default Gemini and Bedrock versions ({kibana-pull}186671[#186671]). -* `Scan` response actions history and errors ({kibana-pull}186284[#186284]). +* Adds notifications to the connector dropdown menu on the **Attack discovery** page so you know when other connectors have new discoveries ({kibana-pull}186903[#186903], {kibana-pull}187209[#187209]). +* Improves the output of discoveries generated with `GPT-4o` ({kibana-pull}187183[#187183]). * Attack discovery background task and persistence ({kibana-pull}184949[#184949]). +* AI Assistant, replace `LLM` with `SimpleChatModel` + Bedrock streaming ({kibana-pull}182041[#182041]). +* Updates the default Gemini version to `gemini-1.5-pro-001` and the Bedrock version to `anthropic.claude-3-5-sonnet-20240620-v1:0` ({kibana-pull}186671[#186671]). +* Improves how failure messages for the `scan` action are shown in the response console ({kibana-pull}186284[#186284]). * Remove transform delay time + add unattended setting ({kibana-pull}184797[#184797]). * Change risk scoring sum max and simplify risk score calculations ({kibana-pull}184638[#184638]). -* Allow Findings page tables to consume all the available space ({kibana-pull}184185[#184185]). -* Replace advanced settings with feature flag ({kibana-pull}184169[#184169]). +* Updates the copy for bulk assigning asset criticality to multiple entities ({kibana-pull}181390[#181390]). +* Improves visual and logic issues in the Findings table ({kibana-pull}184185[#184185]). +* Enables the expandable alert details flyout by default and replaces the `securitySolution:enableExpandableFlyout` advanced setting with a feature flag that allows you to revert to the old version of the flyout ({kibana-pull}184169[#184169]). * Adds onClose to the API to let developers know when the expandable flyout is being closed ({kibana-pull}183553[#183553]). -* Updates MITRE ATT&CK framework to `v15.1` ({kibana-pull}183463[#183463]). -* Display rule warning when action is disabled but rule ran successfully ({kibana-pull}182741[#182741]). -* AI Assistant, replace `LLM` with `SimpleChatModel` + Bedrock streaming ({kibana-pull}182041[#182041]). +* Updates MITRE ATT&CK framework to version 15.1 ({kibana-pull}183463[#183463]). +* Improves the warning that displays on the rule details page when a rule action is disabled but the rule ran successfully ({kibana-pull}182741[#182741]). +* Enables the xMatters and Server Log connectors for rule actions ({kibana-pull}172933[#172933]). * Adavanced policy network_report_loopback ({kibana-pull}181753[#181753]). -* Update asset criticality CSV upload copy ({kibana-pull}181390[#181390]). -* Enable xMatters, Server Log connectors for Security ({kibana-pull}172933[#172933]). [discrete] [[bug-fixes-8.15.0]] From 9f5407520e43ed3d498e2b94ebc5281bc96345c3 Mon Sep 17 00:00:00 2001 From: "nastasha.solomon" Date: Fri, 2 Aug 2024 14:37:46 -0400 Subject: [PATCH 07/27] Changes to all sections --- docs/release-notes/8.15.asciidoc | 36 +++++++++++++++----------------- 1 file changed, 17 insertions(+), 19 deletions(-) diff --git a/docs/release-notes/8.15.asciidoc b/docs/release-notes/8.15.asciidoc index aa835d1c94..d6a2d1a59a 100644 --- a/docs/release-notes/8.15.asciidoc +++ b/docs/release-notes/8.15.asciidoc @@ -18,15 +18,14 @@ * Adds the `scan` action to the response console, which allows you to scan a specific file or directory on the host for malware ({kibana-pull}184723[#184723]). * Adds a Defend Advanced Policy option that allows you to opt out of registry event filtering ({kibana-pull}186564[#186564]). * Allows you to specify additional file and registry paths that will be monitored for read access ({kibana-pull}181361[#181361]). -* Provides bidirectional capability with Crowdstrike, which lets you to execute host isolation and release of a Crowdstrike agent through {elastic-sec} ({kibana-pull}186801[#186801]). +* Provides bidirectional capability with Crowdstrike, which allows you work through {elastic-sec} to isolate and release hosts with Crowdstrike agents installed ({kibana-pull}186801[#186801]). * Updates entity risk scores when asset criticality changes ({kibana-pull}182234[#182234]). * Allows you to edit the `max_signals`, `related_integrations`, and `required_fields` fields for custom rules ({kibana-pull}179680[#179680], {kibana-pull}178295[#178295], {kibana-pull}180682[#180682]). * Provides help from AI Assistant when you're correcting rule query errors ({kibana-pull}179091[#179091]). * Allows you to bulk update custom highlighted fields for rules ({kibana-pull}179312[#179312]). * Adds alert suppression for {ml} and {esql} rules ({kibana-pull}181926[#181926], {kibana-pull}180927[#180927]). -* Agentless cloud credentials ({kibana-pull}184162[#184162]). -* Enables the feature flag for additional flyout previews ({kibana-pull}188580[#188580]). -* Adds an option to Timeline for toggling row renderers on and off and moves notes to a new flyout ({kibana-pull}186948[#186948]). +* Provides previews of hosts, users, and alerts that you're examining in the alert details flyout ({kibana-pull}186850[#186850], {kibana-pull}186857[#186857]). +* Adds an option for toggling row renderers on and off, and moves notes to a new flyout in Timeline ({kibana-pull}186948[#186948]). [discrete] [[enhancements-8.15.0]] @@ -34,30 +33,29 @@ * Adds notifications to the connector dropdown menu on the **Attack discovery** page so you know when other connectors have new discoveries ({kibana-pull}186903[#186903], {kibana-pull}187209[#187209]). * Improves the output of discoveries generated with `GPT-4o` ({kibana-pull}187183[#187183]). -* Attack discovery background task and persistence ({kibana-pull}184949[#184949]). -* AI Assistant, replace `LLM` with `SimpleChatModel` + Bedrock streaming ({kibana-pull}182041[#182041]). +* Adds Attack discovery background tasks and persistence ({kibana-pull}184949[#184949]). +* Improves AI Assistant responses across multiple connectors and in multiple scenarios, for both streaming and non-streaming use cases ({kibana-pull}182041[#182041]). * Updates the default Gemini version to `gemini-1.5-pro-001` and the Bedrock version to `anthropic.claude-3-5-sonnet-20240620-v1:0` ({kibana-pull}186671[#186671]). +* Introduces a new Endpoint policy setting that allows you to control whether the kernel reports Windows network events that happened on a local loopback interface ({kibana-pull}181753[#181753]). * Improves how failure messages for the `scan` action are shown in the response console ({kibana-pull}186284[#186284]). -* Remove transform delay time + add unattended setting ({kibana-pull}184797[#184797]). -* Change risk scoring sum max and simplify risk score calculations ({kibana-pull}184638[#184638]). +* Improves the risk engine's performance. Now, after you turn on the engine, risk data is available sooner ({kibana-pull}184797[#184797]). +* Enhances the risk engine's normalization accuracy ({kibana-pull}184638[#184638]). * Updates the copy for bulk assigning asset criticality to multiple entities ({kibana-pull}181390[#181390]). * Improves visual and logic issues in the Findings table ({kibana-pull}184185[#184185]). * Enables the expandable alert details flyout by default and replaces the `securitySolution:enableExpandableFlyout` advanced setting with a feature flag that allows you to revert to the old version of the flyout ({kibana-pull}184169[#184169]). * Adds onClose to the API to let developers know when the expandable flyout is being closed ({kibana-pull}183553[#183553]). -* Updates MITRE ATT&CK framework to version 15.1 ({kibana-pull}183463[#183463]). -* Improves the warning that displays on the rule details page when a rule action is disabled but the rule ran successfully ({kibana-pull}182741[#182741]). +* Updates the MITRE ATT&CK framework to version 15.1 ({kibana-pull}183463[#183463]). +* Improves the warning message about rule actions being unavailable when a rule ran ({kibana-pull}182741[#182741]). * Enables the xMatters and Server Log connectors for rule actions ({kibana-pull}172933[#172933]). -* Adavanced policy network_report_loopback ({kibana-pull}181753[#181753]). [discrete] [[bug-fixes-8.15.0]] ==== Bug fixes -* Adds retrieve results to timeline search strategy ({kibana-pull}189031[#189031]). -* Remove investigate in timeline action in suppressed alert in rule creation ({kibana-pull}188385[#188385]). -* Fixes misaligned dropdown for page selector on shared exception lists page ({kibana-pull}187956[#187956]). -* ES|QL rule execution error when source document has a non-ECS compliant sub-field with data under event field ({kibana-pull}187549[#187549]). -* Show upselling component for entity risk score tab ({kibana-pull}183517[#183517]). -* Hide agentless policy name ({kibana-pull}181606[#181606]). -* Prevent maxClauseCount errors from occurring within indicator match rules ({kibana-pull}179748[#179748]). -* Enable rendering of CTI indicators with flattened fields ({kibana-pull}179395[#179395]). \ No newline at end of file +* Fixes a bug that prevented Timeline from properly retrieving results after upgrading to 8.14.1 ({kibana-pull}189031[#189031]). +* Removes the option to investigate suppressed alerts in Timeline when you're previewing alert details from the rule preview ({kibana-pull}188385[#188385]). +* Fixes the alignment of the page selector dropdown menu on the Shared Exception Lists page ({kibana-pull}187956[#187956]). +* Fixes a rule execution error that occurs when {esql} rules query source documents with non-ECS compliant sub-fields under the `event.action` field ({kibana-pull}187549[#187549]). +* Fixes a bug that caused the enable entity risk scoring option to display if you didn't have the correct requirements ({kibana-pull}183517[#183517]). +* Prevents `maxClauseCount` errors from occurring for indicator match rules ({kibana-pull}179748[#179748]). +* Fixes a bug that prevented threat intelligence fields from correctly rendering in the alert details flyout if they had flattened fields ({kibana-pull}179395[#179395]). \ No newline at end of file From 00a7b393aa5e2c41a8eaa4f24707f51f3a887622 Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein Date: Fri, 2 Aug 2024 14:08:20 -0700 Subject: [PATCH 08/27] light edits --- docs/release-notes/8.15.asciidoc | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/docs/release-notes/8.15.asciidoc b/docs/release-notes/8.15.asciidoc index d6a2d1a59a..c7283964ac 100644 --- a/docs/release-notes/8.15.asciidoc +++ b/docs/release-notes/8.15.asciidoc @@ -9,16 +9,16 @@ [[breaking-changes-8.15.0]] ==== Breaking changes -* User-defined quick prompts created before upgrade to 8.15 will no longer appear after you upgrade. In 8.15, quick prompts will be shared by all users in your deployment, rather than stored at the user level. To implement your existing quick prompts in 8.15, copy them prior to upgrade, and add them again after upgrade ({kibana-pull}187040[#187040]). +* User-defined quick prompts for Elastic AI Assistant that were created before you upgrade to 8.15 will no longer appear after you upgrade. In 8.15, quick prompts will be shared by all users in your deployment, rather than stored at the user level. To implement your existing quick prompts in 8.15, copy them prior to upgrade, and add them again after upgrade ({kibana-pull}187040[#187040]). [discrete] [[features-8.15.0]] ==== New features -* Adds the `scan` action to the response console, which allows you to scan a specific file or directory on the host for malware ({kibana-pull}184723[#184723]). +* Adds the `scan` action to the response console, which allows you to scan a specific file or directory on a host for malware ({kibana-pull}184723[#184723]). * Adds a Defend Advanced Policy option that allows you to opt out of registry event filtering ({kibana-pull}186564[#186564]). -* Allows you to specify additional file and registry paths that will be monitored for read access ({kibana-pull}181361[#181361]). -* Provides bidirectional capability with Crowdstrike, which allows you work through {elastic-sec} to isolate and release hosts with Crowdstrike agents installed ({kibana-pull}186801[#186801]). +* Allows you to specify additional file and registry paths to monitor for read access ({kibana-pull}181361[#181361]). +* Allows you to use {elastic-sec} to isolate and release hosts running a Crowdstrike agent ({kibana-pull}186801[#186801]). * Updates entity risk scores when asset criticality changes ({kibana-pull}182234[#182234]). * Allows you to edit the `max_signals`, `related_integrations`, and `required_fields` fields for custom rules ({kibana-pull}179680[#179680], {kibana-pull}178295[#178295], {kibana-pull}180682[#180682]). * Provides help from AI Assistant when you're correcting rule query errors ({kibana-pull}179091[#179091]). @@ -33,11 +33,11 @@ * Adds notifications to the connector dropdown menu on the **Attack discovery** page so you know when other connectors have new discoveries ({kibana-pull}186903[#186903], {kibana-pull}187209[#187209]). * Improves the output of discoveries generated with `GPT-4o` ({kibana-pull}187183[#187183]). -* Adds Attack discovery background tasks and persistence ({kibana-pull}184949[#184949]). +* Allows Attack discovery generation to continue when you navigate to another page ({kibana-pull}184949[#184949]). * Improves AI Assistant responses across multiple connectors and in multiple scenarios, for both streaming and non-streaming use cases ({kibana-pull}182041[#182041]). -* Updates the default Gemini version to `gemini-1.5-pro-001` and the Bedrock version to `anthropic.claude-3-5-sonnet-20240620-v1:0` ({kibana-pull}186671[#186671]). +* Updates the default Gemini version to `gemini-1.5-pro-001` and the default Bedrock version to `anthropic.claude-3-5-sonnet-20240620-v1:0` ({kibana-pull}186671[#186671]). * Introduces a new Endpoint policy setting that allows you to control whether the kernel reports Windows network events that happened on a local loopback interface ({kibana-pull}181753[#181753]). -* Improves how failure messages for the `scan` action are shown in the response console ({kibana-pull}186284[#186284]). +* Improves how failure messages for the `scan` action appear in the response console ({kibana-pull}186284[#186284]). * Improves the risk engine's performance. Now, after you turn on the engine, risk data is available sooner ({kibana-pull}184797[#184797]). * Enhances the risk engine's normalization accuracy ({kibana-pull}184638[#184638]). * Updates the copy for bulk assigning asset criticality to multiple entities ({kibana-pull}181390[#181390]). @@ -45,17 +45,17 @@ * Enables the expandable alert details flyout by default and replaces the `securitySolution:enableExpandableFlyout` advanced setting with a feature flag that allows you to revert to the old version of the flyout ({kibana-pull}184169[#184169]). * Adds onClose to the API to let developers know when the expandable flyout is being closed ({kibana-pull}183553[#183553]). * Updates the MITRE ATT&CK framework to version 15.1 ({kibana-pull}183463[#183463]). -* Improves the warning message about rule actions being unavailable when a rule ran ({kibana-pull}182741[#182741]). -* Enables the xMatters and Server Log connectors for rule actions ({kibana-pull}172933[#172933]). +* Improves the warning message about rule actions being unavailable after a rule ran ({kibana-pull}182741[#182741]). +* Enables the `xMatters` and `Server Log connectors` rule actions ({kibana-pull}172933[#172933]). [discrete] [[bug-fixes-8.15.0]] ==== Bug fixes * Fixes a bug that prevented Timeline from properly retrieving results after upgrading to 8.14.1 ({kibana-pull}189031[#189031]). -* Removes the option to investigate suppressed alerts in Timeline when you're previewing alert details from the rule preview ({kibana-pull}188385[#188385]). +* Removes the option to investigate suppressed alerts in Timeline when you're previewing alert details from a rule preview ({kibana-pull}188385[#188385]). * Fixes the alignment of the page selector dropdown menu on the Shared Exception Lists page ({kibana-pull}187956[#187956]). -* Fixes a rule execution error that occurs when {esql} rules query source documents with non-ECS compliant sub-fields under the `event.action` field ({kibana-pull}187549[#187549]). -* Fixes a bug that caused the enable entity risk scoring option to display if you didn't have the correct requirements ({kibana-pull}183517[#183517]). +* Fixes a rule execution error that occured when {esql} rules queried source documents with non-ECS compliant sub-fields under the `event.action` field ({kibana-pull}187549[#187549]). +* Fixes a bug that caused the `Enable entity risk scoring` option to display even when you didn't have the correct requirements ({kibana-pull}183517[#183517]). * Prevents `maxClauseCount` errors from occurring for indicator match rules ({kibana-pull}179748[#179748]). * Fixes a bug that prevented threat intelligence fields from correctly rendering in the alert details flyout if they had flattened fields ({kibana-pull}179395[#179395]). \ No newline at end of file From d83744760f5ef379ea660dd79f00db080ff03f6f Mon Sep 17 00:00:00 2001 From: "nastasha.solomon" Date: Sat, 3 Aug 2024 13:08:00 -0400 Subject: [PATCH 09/27] Removes 186284 Verified don't need to include in RN --- docs/release-notes/8.15.asciidoc | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/release-notes/8.15.asciidoc b/docs/release-notes/8.15.asciidoc index c7283964ac..851451f206 100644 --- a/docs/release-notes/8.15.asciidoc +++ b/docs/release-notes/8.15.asciidoc @@ -43,7 +43,6 @@ * Updates the copy for bulk assigning asset criticality to multiple entities ({kibana-pull}181390[#181390]). * Improves visual and logic issues in the Findings table ({kibana-pull}184185[#184185]). * Enables the expandable alert details flyout by default and replaces the `securitySolution:enableExpandableFlyout` advanced setting with a feature flag that allows you to revert to the old version of the flyout ({kibana-pull}184169[#184169]). -* Adds onClose to the API to let developers know when the expandable flyout is being closed ({kibana-pull}183553[#183553]). * Updates the MITRE ATT&CK framework to version 15.1 ({kibana-pull}183463[#183463]). * Improves the warning message about rule actions being unavailable after a rule ran ({kibana-pull}182741[#182741]). * Enables the `xMatters` and `Server Log connectors` rule actions ({kibana-pull}172933[#172933]). From 5642425261ae54df9f269889c645b6305f257a22 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Mon, 5 Aug 2024 09:25:27 -0400 Subject: [PATCH 10/27] Update docs/release-notes/8.15.asciidoc Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com> --- docs/release-notes/8.15.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/release-notes/8.15.asciidoc b/docs/release-notes/8.15.asciidoc index 851451f206..b13ca811fa 100644 --- a/docs/release-notes/8.15.asciidoc +++ b/docs/release-notes/8.15.asciidoc @@ -19,7 +19,7 @@ * Adds a Defend Advanced Policy option that allows you to opt out of registry event filtering ({kibana-pull}186564[#186564]). * Allows you to specify additional file and registry paths to monitor for read access ({kibana-pull}181361[#181361]). * Allows you to use {elastic-sec} to isolate and release hosts running a Crowdstrike agent ({kibana-pull}186801[#186801]). -* Updates entity risk scores when asset criticality changes ({kibana-pull}182234[#182234]). +* Recalculates entity risk scores when asset criticality changes on an individual entity ({kibana-pull}182234[#182234]). * Allows you to edit the `max_signals`, `related_integrations`, and `required_fields` fields for custom rules ({kibana-pull}179680[#179680], {kibana-pull}178295[#178295], {kibana-pull}180682[#180682]). * Provides help from AI Assistant when you're correcting rule query errors ({kibana-pull}179091[#179091]). * Allows you to bulk update custom highlighted fields for rules ({kibana-pull}179312[#179312]). From bdd0174f63e6cf14e55516f21a4212ce4697dd11 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Mon, 5 Aug 2024 10:43:39 -0400 Subject: [PATCH 11/27] Update docs/release-notes/8.15.asciidoc Co-authored-by: Joe Peeples --- docs/release-notes/8.15.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/release-notes/8.15.asciidoc b/docs/release-notes/8.15.asciidoc index b13ca811fa..000f08bffb 100644 --- a/docs/release-notes/8.15.asciidoc +++ b/docs/release-notes/8.15.asciidoc @@ -16,7 +16,7 @@ ==== New features * Adds the `scan` action to the response console, which allows you to scan a specific file or directory on a host for malware ({kibana-pull}184723[#184723]). -* Adds a Defend Advanced Policy option that allows you to opt out of registry event filtering ({kibana-pull}186564[#186564]). +* Adds an {elastic-defend} integration policy option in Advanced Settings that allows you to opt out of registry event filtering ({kibana-pull}186564[#186564]). * Allows you to specify additional file and registry paths to monitor for read access ({kibana-pull}181361[#181361]). * Allows you to use {elastic-sec} to isolate and release hosts running a Crowdstrike agent ({kibana-pull}186801[#186801]). * Recalculates entity risk scores when asset criticality changes on an individual entity ({kibana-pull}182234[#182234]). From 6f64260c998c730f4f26ad441191f0ed7ee5d845 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Mon, 5 Aug 2024 10:43:45 -0400 Subject: [PATCH 12/27] Update docs/release-notes/8.15.asciidoc Co-authored-by: Joe Peeples --- docs/release-notes/8.15.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/release-notes/8.15.asciidoc b/docs/release-notes/8.15.asciidoc index 000f08bffb..0464d0b4f4 100644 --- a/docs/release-notes/8.15.asciidoc +++ b/docs/release-notes/8.15.asciidoc @@ -18,7 +18,7 @@ * Adds the `scan` action to the response console, which allows you to scan a specific file or directory on a host for malware ({kibana-pull}184723[#184723]). * Adds an {elastic-defend} integration policy option in Advanced Settings that allows you to opt out of registry event filtering ({kibana-pull}186564[#186564]). * Allows you to specify additional file and registry paths to monitor for read access ({kibana-pull}181361[#181361]). -* Allows you to use {elastic-sec} to isolate and release hosts running a Crowdstrike agent ({kibana-pull}186801[#186801]). +* Allows you to use {elastic-sec} to isolate and release hosts running a CrowdStrike agent ({kibana-pull}186801[#186801]). * Recalculates entity risk scores when asset criticality changes on an individual entity ({kibana-pull}182234[#182234]). * Allows you to edit the `max_signals`, `related_integrations`, and `required_fields` fields for custom rules ({kibana-pull}179680[#179680], {kibana-pull}178295[#178295], {kibana-pull}180682[#180682]). * Provides help from AI Assistant when you're correcting rule query errors ({kibana-pull}179091[#179091]). From bf4d2f4cb8212428a84c5f5a07391261a79cc673 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Mon, 5 Aug 2024 10:43:50 -0400 Subject: [PATCH 13/27] Update docs/release-notes/8.15.asciidoc Co-authored-by: Joe Peeples --- docs/release-notes/8.15.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/release-notes/8.15.asciidoc b/docs/release-notes/8.15.asciidoc index 0464d0b4f4..80a05ee74a 100644 --- a/docs/release-notes/8.15.asciidoc +++ b/docs/release-notes/8.15.asciidoc @@ -36,7 +36,7 @@ * Allows Attack discovery generation to continue when you navigate to another page ({kibana-pull}184949[#184949]). * Improves AI Assistant responses across multiple connectors and in multiple scenarios, for both streaming and non-streaming use cases ({kibana-pull}182041[#182041]). * Updates the default Gemini version to `gemini-1.5-pro-001` and the default Bedrock version to `anthropic.claude-3-5-sonnet-20240620-v1:0` ({kibana-pull}186671[#186671]). -* Introduces a new Endpoint policy setting that allows you to control whether the kernel reports Windows network events that happened on a local loopback interface ({kibana-pull}181753[#181753]). +* Introduces a new {elastic-endpoint} policy setting that allows you to control whether the kernel reports Windows network events that happened on a local loopback interface ({kibana-pull}181753[#181753]). * Improves how failure messages for the `scan` action appear in the response console ({kibana-pull}186284[#186284]). * Improves the risk engine's performance. Now, after you turn on the engine, risk data is available sooner ({kibana-pull}184797[#184797]). * Enhances the risk engine's normalization accuracy ({kibana-pull}184638[#184638]). From fe31ae128e8cb91dbae18fe3fdbca51d33ae8882 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Mon, 5 Aug 2024 10:49:45 -0400 Subject: [PATCH 14/27] Update docs/release-notes/8.15.asciidoc Co-authored-by: Joe Peeples --- docs/release-notes/8.15.asciidoc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/release-notes/8.15.asciidoc b/docs/release-notes/8.15.asciidoc index 80a05ee74a..e304fed9fb 100644 --- a/docs/release-notes/8.15.asciidoc +++ b/docs/release-notes/8.15.asciidoc @@ -19,6 +19,8 @@ * Adds an {elastic-defend} integration policy option in Advanced Settings that allows you to opt out of registry event filtering ({kibana-pull}186564[#186564]). * Allows you to specify additional file and registry paths to monitor for read access ({kibana-pull}181361[#181361]). * Allows you to use {elastic-sec} to isolate and release hosts running a CrowdStrike agent ({kibana-pull}186801[#186801]). +* Allows you to retrieve files from SentinelOne-enrolled hosts ({kibana-pull}181162[#181162]). +* Allows you to create an event filter that excludes the descendant events of a specific process ({kibana-pull}184947[#184947]). * Recalculates entity risk scores when asset criticality changes on an individual entity ({kibana-pull}182234[#182234]). * Allows you to edit the `max_signals`, `related_integrations`, and `required_fields` fields for custom rules ({kibana-pull}179680[#179680], {kibana-pull}178295[#178295], {kibana-pull}180682[#180682]). * Provides help from AI Assistant when you're correcting rule query errors ({kibana-pull}179091[#179091]). From fc88364a9e3fb5535d93c56c4c0255190afbeed1 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Mon, 5 Aug 2024 20:51:03 -0400 Subject: [PATCH 15/27] Update docs/release-notes/8.15.asciidoc --- docs/release-notes/8.15.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/release-notes/8.15.asciidoc b/docs/release-notes/8.15.asciidoc index e304fed9fb..2239b83003 100644 --- a/docs/release-notes/8.15.asciidoc +++ b/docs/release-notes/8.15.asciidoc @@ -3,7 +3,7 @@ [discrete] [[release-notes-8.15.0]] -=== 8.15.0 +=== 8.15 [discrete] [[breaking-changes-8.15.0]] From 7bca366a360fc654bc36f428e06b6295d8785283 Mon Sep 17 00:00:00 2001 From: "nastasha.solomon" Date: Mon, 5 Aug 2024 20:52:19 -0400 Subject: [PATCH 16/27] Fixed headers --- docs/release-notes/8.15.asciidoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/release-notes/8.15.asciidoc b/docs/release-notes/8.15.asciidoc index 2239b83003..7bd4b8c1d4 100644 --- a/docs/release-notes/8.15.asciidoc +++ b/docs/release-notes/8.15.asciidoc @@ -1,9 +1,9 @@ [[release-notes-header-8.15.0]] -== 8.15.0 +== 8.15 [discrete] [[release-notes-8.15.0]] -=== 8.15 +=== 8.15.0 [discrete] [[breaking-changes-8.15.0]] From ed15f75e503caa96674678f798525d7369fcb245 Mon Sep 17 00:00:00 2001 From: "nastasha.solomon" Date: Tue, 6 Aug 2024 13:44:31 -0400 Subject: [PATCH 17/27] Adds more GenAI and EA PRs --- docs/release-notes/8.15.asciidoc | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/docs/release-notes/8.15.asciidoc b/docs/release-notes/8.15.asciidoc index 7bd4b8c1d4..c0321ef5e2 100644 --- a/docs/release-notes/8.15.asciidoc +++ b/docs/release-notes/8.15.asciidoc @@ -15,6 +15,7 @@ [[features-8.15.0]] ==== New features +* Introduces Automatic Import, a feature that helps you to quickly parse, ingest, and create ECS mappings for data from sources that don't yet have prebuilt Elastic integrations ({kibana-pull}186304[#186304]). * Adds the `scan` action to the response console, which allows you to scan a specific file or directory on a host for malware ({kibana-pull}184723[#184723]). * Adds an {elastic-defend} integration policy option in Advanced Settings that allows you to opt out of registry event filtering ({kibana-pull}186564[#186564]). * Allows you to specify additional file and registry paths to monitor for read access ({kibana-pull}181361[#181361]). @@ -22,6 +23,9 @@ * Allows you to retrieve files from SentinelOne-enrolled hosts ({kibana-pull}181162[#181162]). * Allows you to create an event filter that excludes the descendant events of a specific process ({kibana-pull}184947[#184947]). * Recalculates entity risk scores when asset criticality changes on an individual entity ({kibana-pull}182234[#182234]). +* Adds an **Asset criticality** column to user and host data tables. If asset criticality levels are assigned to your users and hosts, this information appears in the **Asset criticality** column ({kibana-pull}186375[#186375], {kibana-pull}186456[#186456]). +* Adds an API that allows you to perform paginated KQL searches through asset criticality records ({kibana-pull}186568[#186568]). +* Adds public APIs for managing asset criticality ({kibana-pull}186169[#186169]). * Allows you to edit the `max_signals`, `related_integrations`, and `required_fields` fields for custom rules ({kibana-pull}179680[#179680], {kibana-pull}178295[#178295], {kibana-pull}180682[#180682]). * Provides help from AI Assistant when you're correcting rule query errors ({kibana-pull}179091[#179091]). * Allows you to bulk update custom highlighted fields for rules ({kibana-pull}179312[#179312]). @@ -38,6 +42,7 @@ * Allows Attack discovery generation to continue when you navigate to another page ({kibana-pull}184949[#184949]). * Improves AI Assistant responses across multiple connectors and in multiple scenarios, for both streaming and non-streaming use cases ({kibana-pull}182041[#182041]). * Updates the default Gemini version to `gemini-1.5-pro-001` and the default Bedrock version to `anthropic.claude-3-5-sonnet-20240620-v1:0` ({kibana-pull}186671[#186671]). +* Unifies the AI Assistant's settings view ({kibana-pull}184678[#184678]). * Introduces a new {elastic-endpoint} policy setting that allows you to control whether the kernel reports Windows network events that happened on a local loopback interface ({kibana-pull}181753[#181753]). * Improves how failure messages for the `scan` action appear in the response console ({kibana-pull}186284[#186284]). * Improves the risk engine's performance. Now, after you turn on the engine, risk data is available sooner ({kibana-pull}184797[#184797]). @@ -45,6 +50,7 @@ * Updates the copy for bulk assigning asset criticality to multiple entities ({kibana-pull}181390[#181390]). * Improves visual and logic issues in the Findings table ({kibana-pull}184185[#184185]). * Enables the expandable alert details flyout by default and replaces the `securitySolution:enableExpandableFlyout` advanced setting with a feature flag that allows you to revert to the old version of the flyout ({kibana-pull}184169[#184169]). +* Improves the UI design and copy of various places in the alert details flyout ({kibana-pull}187430[#187430], {kibana-pull}187920[#187920]). * Updates the MITRE ATT&CK framework to version 15.1 ({kibana-pull}183463[#183463]). * Improves the warning message about rule actions being unavailable after a rule ran ({kibana-pull}182741[#182741]). * Enables the `xMatters` and `Server Log connectors` rule actions ({kibana-pull}172933[#172933]). @@ -54,9 +60,11 @@ ==== Bug fixes * Fixes a bug that prevented Timeline from properly retrieving results after upgrading to 8.14.1 ({kibana-pull}189031[#189031]). +* Fixes a bug that showed that Timeline had been changed, even if it hadn't been ({kibana-pull}188106[#188106]). * Removes the option to investigate suppressed alerts in Timeline when you're previewing alert details from a rule preview ({kibana-pull}188385[#188385]). * Fixes the alignment of the page selector dropdown menu on the Shared Exception Lists page ({kibana-pull}187956[#187956]). -* Fixes a rule execution error that occured when {esql} rules queried source documents with non-ECS compliant sub-fields under the `event.action` field ({kibana-pull}187549[#187549]). +* Fixes a rule execution error that occurred when {esql} rules queried source documents with non-ECS compliant sub-fields under the `event.action` field ({kibana-pull}187549[#187549]). * Fixes a bug that caused the `Enable entity risk scoring` option to display even when you didn't have the correct requirements ({kibana-pull}183517[#183517]). * Prevents `maxClauseCount` errors from occurring for indicator match rules ({kibana-pull}179748[#179748]). -* Fixes a bug that prevented threat intelligence fields from correctly rendering in the alert details flyout if they had flattened fields ({kibana-pull}179395[#179395]). \ No newline at end of file +* Fixes a bug that prevented threat intelligence fields from correctly rendering in the alert details flyout if they had flattened fields ({kibana-pull}179395[#179395]). +* Removes references in the UI that directed users to outdated documentation for the risk scoring feature ({kibana-pull}187585[#187585]). \ No newline at end of file From e06babb5b373f2a944b93664488008c6829326c1 Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein Date: Wed, 7 Aug 2024 07:58:36 -0700 Subject: [PATCH 18/27] Incorporates Steph's and Pedro's reviews --- docs/release-notes/8.15.asciidoc | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/docs/release-notes/8.15.asciidoc b/docs/release-notes/8.15.asciidoc index c0321ef5e2..e6538cfbb6 100644 --- a/docs/release-notes/8.15.asciidoc +++ b/docs/release-notes/8.15.asciidoc @@ -5,6 +5,12 @@ [[release-notes-8.15.0]] === 8.15.0 +[discrete] +[[known-issue-8.15.0]] +==== Known issues + +* When using Elastic AI Assistant with Bedrock Sonnet 3.5, responses may include `` tags, for example `` ({kibana-pull}189676[#189676]). + [discrete] [[breaking-changes-8.15.0]] ==== Breaking changes @@ -32,16 +38,19 @@ * Adds alert suppression for {ml} and {esql} rules ({kibana-pull}181926[#181926], {kibana-pull}180927[#180927]). * Provides previews of hosts, users, and alerts that you're examining in the alert details flyout ({kibana-pull}186850[#186850], {kibana-pull}186857[#186857]). * Adds an option for toggling row renderers on and off, and moves notes to a new flyout in Timeline ({kibana-pull}186948[#186948]). +* Creates an LLM connector for Google Gemini ({kibana-pull}183668[#183668]). +* Adds an API for Elastic AI Assistant ({kibana-pull}184485[#184485]). [discrete] [[enhancements-8.15.0]] ==== Enhancements +* Allows Attack discovery generation to continue when you navigate to another page, and allows you to run Attack Discovery with multiple connectors at the same time ({kibana-pull}184949[#184949]). * Adds notifications to the connector dropdown menu on the **Attack discovery** page so you know when other connectors have new discoveries ({kibana-pull}186903[#186903], {kibana-pull}187209[#187209]). -* Improves the output of discoveries generated with `GPT-4o` ({kibana-pull}187183[#187183]). -* Allows Attack discovery generation to continue when you navigate to another page ({kibana-pull}184949[#184949]). -* Improves AI Assistant responses across multiple connectors and in multiple scenarios, for both streaming and non-streaming use cases ({kibana-pull}182041[#182041]). +* Improves AI Assistant's responses across multiple connectors and in multiple scenarios, for both streaming and non-streaming use cases ({kibana-pull}182041[#182041], {kibana-pull}187183[#187183]). +* Enables AI Assistant to remember information you ask it to remember ({kibana-pull}184554[#184554], https://github.com/elastic/security-docs/issues/5670[#5670]). * Updates the default Gemini version to `gemini-1.5-pro-001` and the default Bedrock version to `anthropic.claude-3-5-sonnet-20240620-v1:0` ({kibana-pull}186671[#186671]). +* Simplifies the process of enabling AI Assistant's knowledge base ({kibana-pull}182763[#182763]). * Unifies the AI Assistant's settings view ({kibana-pull}184678[#184678]). * Introduces a new {elastic-endpoint} policy setting that allows you to control whether the kernel reports Windows network events that happened on a local loopback interface ({kibana-pull}181753[#181753]). * Improves how failure messages for the `scan` action appear in the response console ({kibana-pull}186284[#186284]). From d77ed467d9f6f03ce1c98a701beb269da7d4b806 Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com> Date: Wed, 7 Aug 2024 08:41:34 -0700 Subject: [PATCH 19/27] Apply suggestions from code review --- docs/release-notes/8.15.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/release-notes/8.15.asciidoc b/docs/release-notes/8.15.asciidoc index e6538cfbb6..a0e3c07cb6 100644 --- a/docs/release-notes/8.15.asciidoc +++ b/docs/release-notes/8.15.asciidoc @@ -46,7 +46,7 @@ ==== Enhancements * Allows Attack discovery generation to continue when you navigate to another page, and allows you to run Attack Discovery with multiple connectors at the same time ({kibana-pull}184949[#184949]). -* Adds notifications to the connector dropdown menu on the **Attack discovery** page so you know when other connectors have new discoveries ({kibana-pull}186903[#186903], {kibana-pull}187209[#187209]). +* Adds notifications to the connector dropdown menu on the Attack discovery page so you know when other connectors have new discoveries ({kibana-pull}186903[#186903], {kibana-pull}187209[#187209]). * Improves AI Assistant's responses across multiple connectors and in multiple scenarios, for both streaming and non-streaming use cases ({kibana-pull}182041[#182041], {kibana-pull}187183[#187183]). * Enables AI Assistant to remember information you ask it to remember ({kibana-pull}184554[#184554], https://github.com/elastic/security-docs/issues/5670[#5670]). * Updates the default Gemini version to `gemini-1.5-pro-001` and the default Bedrock version to `anthropic.claude-3-5-sonnet-20240620-v1:0` ({kibana-pull}186671[#186671]). From ab5633d00da45ef8e379f992f6182430a171d168 Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein Date: Wed, 7 Aug 2024 10:02:47 -0700 Subject: [PATCH 20/27] updates known issue --- docs/release-notes/8.15.asciidoc | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/docs/release-notes/8.15.asciidoc b/docs/release-notes/8.15.asciidoc index a0e3c07cb6..de98f83ec8 100644 --- a/docs/release-notes/8.15.asciidoc +++ b/docs/release-notes/8.15.asciidoc @@ -9,7 +9,20 @@ [[known-issue-8.15.0]] ==== Known issues -* When using Elastic AI Assistant with Bedrock Sonnet 3.5, responses may include `` tags, for example `` ({kibana-pull}189676[#189676]). +tag::known-issue-[189676][] +[discrete] +.[Tags appear in Elastic AI Assistant's responses] +[%collapsible] +==== +*Details* + +On August 1, 2024, it was discovered that Elastic AI Assistant's responses when using Bedrock Sonnet 3.5 may include `` tags, for example `` ({kibana-pull}189676[#189676]). + +*Workaround* + +Anticipate that tags may appear in AI Assistant's responses. + +==== +end::known-issue-189676[] + [discrete] [[breaking-changes-8.15.0]] From 9193ffaff8d4cd2ef22af738e05ff9f7780257f9 Mon Sep 17 00:00:00 2001 From: "nastasha.solomon" Date: Wed, 7 Aug 2024 13:37:58 -0400 Subject: [PATCH 21/27] TH issues and fixes known issue formatting --- docs/release-notes/8.15.asciidoc | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/docs/release-notes/8.15.asciidoc b/docs/release-notes/8.15.asciidoc index de98f83ec8..dac296ed60 100644 --- a/docs/release-notes/8.15.asciidoc +++ b/docs/release-notes/8.15.asciidoc @@ -9,9 +9,9 @@ [[known-issue-8.15.0]] ==== Known issues -tag::known-issue-[189676][] +// tag::known-issue-[189676][] [discrete] -.[Tags appear in Elastic AI Assistant's responses] +.Tags appear in Elastic AI Assistant's responses [%collapsible] ==== *Details* + @@ -21,7 +21,7 @@ On August 1, 2024, it was discovered that Elastic AI Assistant's responses when Anticipate that tags may appear in AI Assistant's responses. ==== -end::known-issue-189676[] +// end::known-issue-189676[] [discrete] @@ -35,6 +35,8 @@ end::known-issue-189676[] ==== New features * Introduces Automatic Import, a feature that helps you to quickly parse, ingest, and create ECS mappings for data from sources that don't yet have prebuilt Elastic integrations ({kibana-pull}186304[#186304]). +* Creates an LLM connector for Google Gemini ({kibana-pull}183668[#183668]). +* Adds an API for Elastic AI Assistant ({kibana-pull}184485[#184485]). * Adds the `scan` action to the response console, which allows you to scan a specific file or directory on a host for malware ({kibana-pull}184723[#184723]). * Adds an {elastic-defend} integration policy option in Advanced Settings that allows you to opt out of registry event filtering ({kibana-pull}186564[#186564]). * Allows you to specify additional file and registry paths to monitor for read access ({kibana-pull}181361[#181361]). @@ -50,9 +52,9 @@ end::known-issue-189676[] * Allows you to bulk update custom highlighted fields for rules ({kibana-pull}179312[#179312]). * Adds alert suppression for {ml} and {esql} rules ({kibana-pull}181926[#181926], {kibana-pull}180927[#180927]). * Provides previews of hosts, users, and alerts that you're examining in the alert details flyout ({kibana-pull}186850[#186850], {kibana-pull}186857[#186857]). +* Enhances Timeline’s data exploration experience by incorporating components from Discover, such as the sidebar and table, which allow you to quickly find fields of interest. Timeline’s overall performance is also improved ({kibana-pull}176064[#176064]). * Adds an option for toggling row renderers on and off, and moves notes to a new flyout in Timeline ({kibana-pull}186948[#186948]). -* Creates an LLM connector for Google Gemini ({kibana-pull}183668[#183668]). -* Adds an API for Elastic AI Assistant ({kibana-pull}184485[#184485]). +* Revamps the Dashboards landing page ({kibana-pull}186465[#186465]). [discrete] [[enhancements-8.15.0]] @@ -89,4 +91,7 @@ end::known-issue-189676[] * Fixes a bug that caused the `Enable entity risk scoring` option to display even when you didn't have the correct requirements ({kibana-pull}183517[#183517]). * Prevents `maxClauseCount` errors from occurring for indicator match rules ({kibana-pull}179748[#179748]). * Fixes a bug that prevented threat intelligence fields from correctly rendering in the alert details flyout if they had flattened fields ({kibana-pull}179395[#179395]). -* Removes references in the UI that directed users to outdated documentation for the risk scoring feature ({kibana-pull}187585[#187585]). \ No newline at end of file +* Removes references in the UI that directed users to outdated documentation for the risk scoring feature ({kibana-pull}187585[#187585]). +* Fixes a bug on the Get started page that prevented the correct username from being displayed in the greeting message ({kibana-pull}180670[#180670]). +* Fixes a bug that caused the pagination menu from appearing in the correct place for the Uncommon processes table ({kibana-pull}189201[#189201]). +* Fixes a bug that affected the panel showing last command details in the Uncommon processes table ({kibana-pull}187848[#187848]). \ No newline at end of file From 57ba1d516fbca6f24f35d32b551032faf2548eac Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Wed, 7 Aug 2024 17:15:04 -0400 Subject: [PATCH 22/27] Update docs/release-notes/8.15.asciidoc Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com> --- docs/release-notes/8.15.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/release-notes/8.15.asciidoc b/docs/release-notes/8.15.asciidoc index dac296ed60..8f6eeff6b3 100644 --- a/docs/release-notes/8.15.asciidoc +++ b/docs/release-notes/8.15.asciidoc @@ -60,7 +60,7 @@ Anticipate that tags may appear in AI Assistant's responses. [[enhancements-8.15.0]] ==== Enhancements -* Allows Attack discovery generation to continue when you navigate to another page, and allows you to run Attack Discovery with multiple connectors at the same time ({kibana-pull}184949[#184949]). +* Allows Attack discovery generation to continue when you navigate to another page, and allows you to run Attack discovery with multiple connectors simultaneously. ({kibana-pull}184949[#184949]). * Adds notifications to the connector dropdown menu on the Attack discovery page so you know when other connectors have new discoveries ({kibana-pull}186903[#186903], {kibana-pull}187209[#187209]). * Improves AI Assistant's responses across multiple connectors and in multiple scenarios, for both streaming and non-streaming use cases ({kibana-pull}182041[#182041], {kibana-pull}187183[#187183]). * Enables AI Assistant to remember information you ask it to remember ({kibana-pull}184554[#184554], https://github.com/elastic/security-docs/issues/5670[#5670]). From 48ac9ba46aaa74621bbcfbcf72a931fd7fbab5e1 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Wed, 7 Aug 2024 17:15:13 -0400 Subject: [PATCH 23/27] Update docs/release-notes/8.15.asciidoc Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com> --- docs/release-notes/8.15.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/release-notes/8.15.asciidoc b/docs/release-notes/8.15.asciidoc index 8f6eeff6b3..8b3539b89e 100644 --- a/docs/release-notes/8.15.asciidoc +++ b/docs/release-notes/8.15.asciidoc @@ -62,7 +62,7 @@ Anticipate that tags may appear in AI Assistant's responses. * Allows Attack discovery generation to continue when you navigate to another page, and allows you to run Attack discovery with multiple connectors simultaneously. ({kibana-pull}184949[#184949]). * Adds notifications to the connector dropdown menu on the Attack discovery page so you know when other connectors have new discoveries ({kibana-pull}186903[#186903], {kibana-pull}187209[#187209]). -* Improves AI Assistant's responses across multiple connectors and in multiple scenarios, for both streaming and non-streaming use cases ({kibana-pull}182041[#182041], {kibana-pull}187183[#187183]). +* Improves AI Assistant's responses across multiple connectors and in multiple scenarios for streaming and non-streaming use cases ({kibana-pull}182041[#182041], {kibana-pull}187183[#187183]). * Enables AI Assistant to remember information you ask it to remember ({kibana-pull}184554[#184554], https://github.com/elastic/security-docs/issues/5670[#5670]). * Updates the default Gemini version to `gemini-1.5-pro-001` and the default Bedrock version to `anthropic.claude-3-5-sonnet-20240620-v1:0` ({kibana-pull}186671[#186671]). * Simplifies the process of enabling AI Assistant's knowledge base ({kibana-pull}182763[#182763]). From a937d47abd1b0c96d1a3aca1cc93f90c7f5c1914 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Wed, 7 Aug 2024 17:15:31 -0400 Subject: [PATCH 24/27] Update docs/release-notes/8.15.asciidoc Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com> --- docs/release-notes/8.15.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/release-notes/8.15.asciidoc b/docs/release-notes/8.15.asciidoc index 8b3539b89e..6942b1562d 100644 --- a/docs/release-notes/8.15.asciidoc +++ b/docs/release-notes/8.15.asciidoc @@ -73,7 +73,7 @@ Anticipate that tags may appear in AI Assistant's responses. * Enhances the risk engine's normalization accuracy ({kibana-pull}184638[#184638]). * Updates the copy for bulk assigning asset criticality to multiple entities ({kibana-pull}181390[#181390]). * Improves visual and logic issues in the Findings table ({kibana-pull}184185[#184185]). -* Enables the expandable alert details flyout by default and replaces the `securitySolution:enableExpandableFlyout` advanced setting with a feature flag that allows you to revert to the old version of the flyout ({kibana-pull}184169[#184169]). +* Enables the expandable alert details flyout by default and replaces the `securitySolution:enableExpandableFlyout` advanced setting with a feature flag that allows you to revert to the old flyout version ({kibana-pull}184169[#184169]). * Improves the UI design and copy of various places in the alert details flyout ({kibana-pull}187430[#187430], {kibana-pull}187920[#187920]). * Updates the MITRE ATT&CK framework to version 15.1 ({kibana-pull}183463[#183463]). * Improves the warning message about rule actions being unavailable after a rule ran ({kibana-pull}182741[#182741]). From 0375d07cee84f174f7725eeb10f9ab2677efb329 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Wed, 7 Aug 2024 17:16:01 -0400 Subject: [PATCH 25/27] Update docs/release-notes/8.15.asciidoc Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com> --- docs/release-notes/8.15.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/release-notes/8.15.asciidoc b/docs/release-notes/8.15.asciidoc index 6942b1562d..10d32a3a5d 100644 --- a/docs/release-notes/8.15.asciidoc +++ b/docs/release-notes/8.15.asciidoc @@ -94,4 +94,4 @@ Anticipate that tags may appear in AI Assistant's responses. * Removes references in the UI that directed users to outdated documentation for the risk scoring feature ({kibana-pull}187585[#187585]). * Fixes a bug on the Get started page that prevented the correct username from being displayed in the greeting message ({kibana-pull}180670[#180670]). * Fixes a bug that caused the pagination menu from appearing in the correct place for the Uncommon processes table ({kibana-pull}189201[#189201]). -* Fixes a bug that affected the panel showing last command details in the Uncommon processes table ({kibana-pull}187848[#187848]). \ No newline at end of file +* Fixes a bug that affected the panel showing the last command details in the Uncommon processes table ({kibana-pull}187848[#187848]). \ No newline at end of file From a641c835de49182625c376ec2d825bb47625f24d Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Wed, 7 Aug 2024 17:17:04 -0400 Subject: [PATCH 26/27] Update docs/release-notes/8.15.asciidoc --- docs/release-notes/8.15.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/release-notes/8.15.asciidoc b/docs/release-notes/8.15.asciidoc index 10d32a3a5d..f81c92f97a 100644 --- a/docs/release-notes/8.15.asciidoc +++ b/docs/release-notes/8.15.asciidoc @@ -9,7 +9,7 @@ [[known-issue-8.15.0]] ==== Known issues -// tag::known-issue-[189676][] +// tag::known-issue-189676[] [discrete] .Tags appear in Elastic AI Assistant's responses [%collapsible] From deec92f2c5f412edd97512f81773f24d694481bb Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com> Date: Wed, 7 Aug 2024 14:24:38 -0700 Subject: [PATCH 27/27] Apply suggestions from code review Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com> --- docs/release-notes/8.15.asciidoc | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/docs/release-notes/8.15.asciidoc b/docs/release-notes/8.15.asciidoc index f81c92f97a..76c4a52530 100644 --- a/docs/release-notes/8.15.asciidoc +++ b/docs/release-notes/8.15.asciidoc @@ -17,8 +17,6 @@ *Details* + On August 1, 2024, it was discovered that Elastic AI Assistant's responses when using Bedrock Sonnet 3.5 may include `` tags, for example `` ({kibana-pull}189676[#189676]). -*Workaround* + -Anticipate that tags may appear in AI Assistant's responses. ==== // end::known-issue-189676[] @@ -28,7 +26,7 @@ Anticipate that tags may appear in AI Assistant's responses. [[breaking-changes-8.15.0]] ==== Breaking changes -* User-defined quick prompts for Elastic AI Assistant that were created before you upgrade to 8.15 will no longer appear after you upgrade. In 8.15, quick prompts will be shared by all users in your deployment, rather than stored at the user level. To implement your existing quick prompts in 8.15, copy them prior to upgrade, and add them again after upgrade ({kibana-pull}187040[#187040]). +* If you previously created any user-defined quick prompts for Elastic AI Assistant, they will no longer appear after you upgrade to 8.15. To resolve this, copy your existing quick prompts prior to upgrading, then add them again after upgrading. Additionally, in 8.15, quick prompts are shared by all users in your deployment, rather than saved at the user level ({kibana-pull}187040[#187040]). [discrete] [[features-8.15.0]] @@ -65,7 +63,7 @@ Anticipate that tags may appear in AI Assistant's responses. * Improves AI Assistant's responses across multiple connectors and in multiple scenarios for streaming and non-streaming use cases ({kibana-pull}182041[#182041], {kibana-pull}187183[#187183]). * Enables AI Assistant to remember information you ask it to remember ({kibana-pull}184554[#184554], https://github.com/elastic/security-docs/issues/5670[#5670]). * Updates the default Gemini version to `gemini-1.5-pro-001` and the default Bedrock version to `anthropic.claude-3-5-sonnet-20240620-v1:0` ({kibana-pull}186671[#186671]). -* Simplifies the process of enabling AI Assistant's knowledge base ({kibana-pull}182763[#182763]). +* Simplifies how you enable AI Assistant's knowledge base ({kibana-pull}182763[#182763]). * Unifies the AI Assistant's settings view ({kibana-pull}184678[#184678]). * Introduces a new {elastic-endpoint} policy setting that allows you to control whether the kernel reports Windows network events that happened on a local loopback interface ({kibana-pull}181753[#181753]). * Improves how failure messages for the `scan` action appear in the response console ({kibana-pull}186284[#186284]).