Elastic Security breaking changesedit
This list summarizes the most important breaking changes in Elastic Security 8.8.0. For the complete list, go to Elastic Security breaking changes.
-
The privileges for attaching alerts to cases have changed. Now, you need at least
Read
privileges for Security andAll
privileges for Cases (#147985). -
Adds conditional actions to the rules API. In Elastic Security 8.7 and earlier, action frequencies were set on a rule level by defining the
throttle
field. In 8.8 and later, action frequencies are set at the action level, and thethrottle
field is replaced by thefrequency
andalert_filters
fields. The following APIs are affected: