What’s new in 8.12edit
Here are the highlights of what’s new and improved in Elastic Security. For detailed information about this release, check out our release notes.
Other versions: 8.11 | 8.10 | 8.9 | 8.8 | 8.7 | 8.6 | 8.5 | 8.4 | 8.3 | 8.2 | 8.1 | 8.0 | 7.17 | 7.16 | 7.15 | 7.14 | 7.13 | 7.12 | 7.11 | 7.10 | 7.9
Retrieval-augmented generation for alerts in Elastic AI Assistantedit
Elastic AI Assistant now supports retrieval-augmented generation (RAG) for alerts. Using this feature, you can provide information about multiple alerts to AI Assistant, so that it can answer a broader scope of questions relating to alerts in your environment.
Detection rules and alerts enhancementsedit
The following enhancements have been added to detection rules and alerts:
JSON diff for Elastic prebuilt rule updatesedit
When Elastic updates a prebuilt detection rule, you can examine the latest version before you update the rule. The rule details flyout in Rule Updates displays a side-by-side JSON comparison of the rule’s Base version (what you currently have installed) and the Update version that you can choose to install.
Alert suppression supported for threshold rulesedit
Alert suppression now supports the threshold detection rule type. You can use it to reduce the number of repeated or duplicate detection alerts created by a threshold rule.
Assign users to alertsedit
You can now assign users to alerts that you want them to investigate, and manage alert assignees throughout an alert’s lifecycle. Assigned alerts are filterable, and you can find assignees by adding the kibana.alert.workflow_assignee_ids
field to the Alerts table or by opening an alert’s details.
Timeline enhancementsedit
The following enhancements have been added to Timeline:
UI and UX enhancements to Timelineedit
Timeline now opens as a modal, requires you to manually save changes, and has the option to save changes as a new Timeline. Additional UX improvements have been also introduced. For example, the query builder is now collapsible, which allows you to have more space for Timeline results.
Feature flag added for the ES|QL tabedit
You can now remove the ES|QL tab by editing your Kibana user settings and adding the xpack.securitySolution.enableExperimental: ["timelineEsqlTabDisabled"]
feature flag.
Default ES|QL query removed from the ES|QL tabedit
The default ES|QL query was removed from the ES|QL tab, for increased tab performance.
Exclude cold and frozen tiers from analyzer queriesedit
You can now exclude cold and frozen tier data from visual event analyzer queries to increase analyzer performance. You can do this by turning on the securitySolution:excludeColdAndFrozenTiersInAnalyzer
advanced setting.
Bidirectional integration response actions (SentinelOne)edit
Powered by the SentinelOne integration for Elastic Agent, SentinelOne response actions allow you to perform bidirectional actions on protected hosts, such as directing SentinelOne to isolate a suspicious endpoint from your network, without needing to leave the Elastic Security UI.
Event filters and endpoint exceptions support for matches
and does not match
conditionsedit
You can now use matches
and does not match
conditions on more fields when configuring event filters and endpoint exceptions. Previously, only the file.path.text
field was supported.
Cloud Security enhancementsedit
The following enhancements have been added to Cloud Security:
Organization-wide Azure deployments supported in Cloud security posture management (CSPM)edit
Cloud security posture management (CSPM) capabilities have been expanded to support organization-wide Azure deployments.
Data grouping and table customization improvements on the Findings pageedit
The Findings page now enables you to group your data by any field, and to further customize how the page is displayed.
New Osquery query timeout settingedit
When running an Osquery query, you can now set a timeout period, in seconds, after which the query will stop running. Overwriting the default timeout allows you to support queries that require more time to complete. The default and minimum supported value is 60
. The maximum supported value is 900
.