7.9edit

7.9.1edit

Post upgrade requirementsedit

After upgrading the Elastic Stack to version 7.9.0 and 7.9.1 from a previous minor release (7.8.x, 7.7.x, and so on), you need to:

Bug fixes and enhancementsedit

  • Fixes closing alerts via exceptions (#76145).
  • Fixes selecting all alerts issue (#75945).
  • Fixes issues when exceptions are no longer associated with a rule (#76012).
  • Prevents adding exceptions to unsupported rule types (#75802).
  • Corrects error messages for insufficient machine learning permissions (#74582).
  • Increases permissions granularity for the .lists system index (#75378).

7.9.0edit

Breaking changesedit

Actions API

When you create a ServiceNow connector via the Actions API:

  • The casesConfiguration object is obsolete. Instead, use incidentConfiguration.
  • To see ServiceNow connectors in the UI, you must use the isCaseOwned field.

These changes only apply to ServiceNow connectors.

Known issuesedit

  • After changing the xpack.encryptedSavedObjects.encryptionKey setting value and restarting Kibana, you must restart all detection rules (#74393).
  • When selecting all alerts on the Detections page, some alerts are not marked as selected in the UI (#75194).
  • When creating rules, if you have more than one Timeline template the template drop-down list is truncated (#75196).
  • Exceptions cannot be added to or viewed in imported rules when the exception list has been deleted or does not exist in the Kibana space (#75182).
  • Updates to a Timeline may not be saved when you immediately close the Timeline or navigate to a different page (#75292).

Bug fixes and enhancementsedit

  • Fixes rule tags to accept special characters and keywords: AND, OR, (, ), ", and * (#74003).
  • Fixes broken link from the Network map to Kibana index management (#73757).
  • Fixes unresponsive Timeline issues when dragging the process.hash.sha256 field to Timeline (#72142).
  • Fixes Timeline page scrolling with saved queries issue (#69433).
  • Fixes a UI issue with opening and closing alerts (#69217).
  • Fixes display of long rule reference URLs (#68640).