7.17edit

7.17.5edit

Bug fixes and enhancementsedit

  • Fixes a sorting and tooltip issue in Timeline for non-ECS fields without nested values (#132570).
  • Fixes a bug that interfered with Windows' boot up process if Elastic Endpoint’s Protected Process Light (PPL) service wasn’t fully uninstalled on the machine (#20).

7.17.4edit

Bug fixes and enhancementsedit

  • Allows preconfigured connectors to be used with cases (#130372).
  • Fixes a trusted applications path bug that caused a timeout error when users defined a matching Path value without wildcards (#131085).
  • Fixes sorting issues that were related to unmapped fields (#132190).

7.17.3edit

Bug fixes and enhancementsedit

  • Fixes a bug that prevented more than 20 pinned events from displaying when opening an existing Timeline (#128852).
  • Allows alerts without a populated meta field to be investigated in a Timeline (#129427).

7.17.2edit

Bug fixes and enhancementsedit

  • Fixes an Endpoint Security integration bug that prevented benign Windows files from being deleted under certain circumstances.
  • Ensures Endpoint Security continues to run on all supported Windows versions by changing the primary signer of the elastic-endpoint.exe file from ELASTICSEARCH B.V. to Elasticsearch, Inc. (#15).
  • Updates the minimum role permissions needed to import rules with actions. After this change, roles must have at least Read privileges for the Actions and Connectors feature to import rules with actions (#126203).

7.17.1edit

Known issuesedit

  • An Endpoint Security integration bug prevents benign Windows files from being deleted under certain circumstances.

7.17.0edit

Known issuesedit

  • On macOS versions before 12.4, if Elastic Endpoint is used with other products that monitor or manage network traffic (such as antivirus programs, firewalls, or VPNs), users might experience network connection issues. To resolve this issue, upgrade to macOS 12.4 or later.

Breaking changesedit

Bug fixes and enhancementsedit

  • Adds detailed telemetry statistics for legacy and regular notifications (#123332, #122472).
  • Fixes a bug that changed the message in the Activity Log tab when users re-fetched log data for a date range without data (#123039).
  • Updates privilege checks when users view the Exceptions page (#122902).
  • Removes leftover alert notifications after a rule is deleted (#122610).
  • Enables cross-space telemetry for cases (#122477).
  • Updates the Reporter column in the Cases table to use usernames instead of full names (#121820).
  • Improves endpoint performance and warns users that trusted applications with a wildcard path might experience performance impacts (#120349).
  • Fixes an issue that caused the Cases feature to crash the UI when determining if a connector was deprecated (#120686).