This list summarizes the most important breaking changes in Elastic Security 8.8.0. For the complete list, go to Elastic Security breaking changes.
The privileges for attaching alerts to cases have changed. Now, you need at least
Readprivileges for Security and
Allprivileges for Cases (#147985).
Adds conditional actions to the rules API. In Elastic Security 8.7 and earlier, action frequencies were set on a rule level by defining the
throttlefield. In 8.8 and later, action frequencies are set at the action level, and the
throttlefield is replaced by the
alert_filtersfields. The following APIs are affected:
Intro to Kibana
ELK for Logs & Metrics