What’s new in 8.10edit
Here are the highlights of what’s new and improved in Elastic Security. For detailed information about this release, check out our latest release blog and release notes.
Other versions: 8.9 | 8.8 | 8.7 | 8.6 | 8.5 | 8.4 | 8.3 | 8.2 | 8.1 | 8.0 | 7.17 | 7.16 | 7.15 | 7.14 | 7.13 | 7.12 | 7.11 | 7.10 | 7.9
Navigation menu updatesedit
The Security navigation menu has been updated with reorganized sections and a refreshed design. In addition, a new Rules section allows you to access the following pages:
- Rules
- Benchmark Integrations
- Shared Exception Lists
- MITRE ATT&CK® coverage
Elastic AI Assistant enhancementsedit
A new RBAC setting controls user access to the Elastic AI Assistant.
Detection rules and alerts enhancementsedit
MITRE ATT&CK® coverage pageedit
The MITRE ATT&CK® coverage page shows which MITRE ATT&CK® adversary tactics and techniques are covered by your installed and enabled detection rules. This includes both Elastic prebuilt rules and custom rules.
New prebuilt rule details flyoutedit
The new prebuilt rule details flyout allows you to examine the details of a prebuilt rule before you install or update it. You can access this flyout by clicking a rule name on the Add Elastic Rules page or the Rule updates table. The flyout displays the About, Definition, and Schedule sections, as shown on the rule details page. It also shows the setup and investigation guides for rules that have them.
Enhanced alert details flyout UIedit
The redesigned alert details experience presents relevant context and insights while investigating an alert. Use the collapsed view to access summarized information, and then expand each section to open detailed views. Additional improvements include:
- Previews of rule details and visualizations allow you to stay within the flyout when investigating the alert.
- Investigation guides are easier to find and read.
- Alert insights now include prevalence information on related hosts and users.
Custom highlighted fieldsedit
When configuring advanced rule settings, you can now specify additional highlighted fields for personalized alert investigation flows. Fields with data are added to the Highlighted fields section within the alert details flyout. You can also find custom highlighted fields in the About section of the rule details page.
New Reputation service option for malicious behavior protectionedit
When configuring malicious behavior protection on an Elastic Defend policy, you can now select to use Reputation service. This service identifies malicious activity and false positives, and enriches alerts using data from various sources, such as VirusTotal and telemetry. For example, reputation service can detect suspicious downloads of binaries with low or malicious reputation.
Reputation service requires an active Platinum or Enterprise subscription and is available on cloud deployments only.
Cloud Security enhancementsedit
Organization-wide onboarding for cloud security posture management on AWSedit
This release automates the onboarding of every AWS Organization account to cloud security posture management (CSPM) — including existing and new accounts. With AWS CloudFormation, onboarding takes just a few clicks. This helps you quickly get a comprehensive view of the security posture of all your current and future AWS accounts.
Cloud security posture management, now for Google Cloudedit
Cloud security posture management (CSPM) capabilities have been expanded to cover Google Cloud. You can now assess and bolster the security posture of your GCP assets right from our platform.