- Ingest Manager has been renamed to Fleet.
- Configuration has been renamed to Policy.
- New support for macOS 11.0 (Big Sur).
- Enhanced user interface for the Endpoint Administration page.
- Add trusted applications to avoid performance or compatibility issues.
- New Event Correlation rule type based on EQL (Event Query Language).
- New Indicator Match rule type to create alerts for index field values that match threat indices.
- Free, open detections in the Detection Rules repo.
- New timeline enhancements that include detection alert actions.
- Connect and send cases to external systems (ServiceNow, Jira, Resilient)
- In addition to new prebuilt rules for 7.10, Elastic Security now provides additional anomaly detection jobs for Auditbeat and Winlogbeat data. Twelve new metadata and discovery analysis jobs have been added to enable threat detection on metadata services, system and discovery processes, and compiler events. For the full list, see Prebuilt job reference.
In the 7.9 release, Elastic SIEM and Endpoint Security combined into a single unified app, Elastic Security. The following lists the new changes as a result of the merge.
- Signal detection rules have been renamed to detection rules.
Signals are now called detection alerts, which fall into one of the following categories:
- Detection alerts: Alerts occurring within the Elastic Security from the rules engine.
- External alerts: Alerts originating outside of Elastic Security.
- Kibana alerts: Alerts native to Kibana (may not be security related).
- Whitelist is now called the Exception list. Items added to the Exception list are known as exceptions.
The former Alerts tab has been renamed to Detections.
- The Alerts title page in the Detections tab has been renamed to Detection alerts.
- Alert count has been renamed to Trend.
In the Overview tab:
- Alert count has been renamed to Detection alert trend.
- External alert count has been renamed to External alert trend.
- A new tab, Administration, allows analysts to view and manage hosts running Elastic Endpoint Security. From this page you can also manage integrations and check the configuration status of hosts to ensure they’re protected.