Elastic Security breaking changesedit

This list summarizes the most important breaking changes in Elastic Security 8.8.0. For the complete list, go to Elastic Security breaking changes.

  • The privileges for attaching alerts to cases have changed. Now, you need at least Read privileges for Security and All privileges for Cases (#147985).
  • Adds conditional actions to the rules API. In Elastic Security 8.7 and earlier, action frequencies were set on a rule level by defining the throttle field. In 8.8 and later, action frequencies are set at the action level, and the throttle field is replaced by the frequency and alert_filters fields. The following APIs are affected: