What’s new in 8.17
editWhat’s new in 8.17
editHere are the highlights of what’s new and improved in Elastic Security. For detailed information about this release, check out our release notes.
Other versions: 8.16 | 8.15 | 8.14 | 8.13 | 8.12 | 8.11 | 8.10 | 8.9 | 8.8 | 8.7 | 8.6 | 8.5 | 8.4 | 8.3 | 8.2 | 8.1 | 8.0 | 7.17 | 7.16 | 7.15 | 7.14 | 7.13 | 7.12 | 7.11 | 7.10 | 7.9
Logsdb index mode with detection rules and alerts
editThe logsdb index mode allows you to store log data more efficiently. If you’re considering using it, refer to Using logsdb index mode with Elastic Security to learn how it can impact your rules and alerts.
To use the synthetic _source feature, you must have the appropriate subscription. Refer to the subscription page for Elastic Cloud and Elastic Stack/self-managed for the breakdown of available features and their associated subscription tiers.
Signature option available for macOS trusted applications conditions
editWhen adding a trusted application for macOS, you can now specify conditions based on the application’s digital signer—previously only available on Windows.
Cases action is generally available
editThe Cases action feature, first introduced in 8.14, is moving from technical preview to general availability. Use this action to automatically create cases from rules.