What’s new

edit

Here are the highlights of what’s new and improved in Elastic Security!

For detailed information about this release, see the Release notes.

Other versions: 7.13 | 7.12 | 7.11 | 7.10 | 7.9

7.14 release

edit

Navigation changes

edit

The Elastic Security app has a newly organized, simplified navigation that’s more aligned with new Kibana standards. The side navigation pane now groups features into the following categories: Detect, Explore, Investigate, and Manage. The new navigation is designed to provide one-click access to the Security features you need the most. See the UI overview to read more.

Terminology changes

edit

Please note the following updates to terminology:

  • The former Administration page has been renamed to Endpoints. Admins can manage endpoints, trusted applications, and event filters from the Manage section.
  • The former Detection alerts page has been abbreviated to Alerts.

New features

edit
  • Malware protection has been added to Linux endpoints. The protection leverages an ELF file scanning capability, which offers broad coverage for trojans, cryptominers, rootkits, and exploits.
  • Host isolation allows you respond to malicious activity by isolating a Windows or macOS host from your network, preventing lateral movement across other hosts.
  • A new Threat Intel tab has been added to the alert summary panel and provides threat intelligence context, allowing you to quickly triage or investigate an alert by providing relevant details from a single location. A new Threat Intelligence view on the home page shows the total number of threat indicator events collected by the Threat Intel Filebeat module.
  • 33 new prebuilt rules.
  • A new Swimlane connector for cases and alerts allows you to forward alerts and cases to your Swimlane application for enhanced incident and workflow management.
  • Admins can now specifically assign All, Read, or None privileges to users for the Cases feature.
  • New functionality and usability improvements were added to the Osquery Manager integration, including the ability to save and edit a library of queries, constraining queries to specific operating systems, and more.
  • Event filters allow admins to prevent endpoint events they do not need or want stored from streaming - allowing better storage utilization in Elasticsearch.

Experimental features

edit

The following features are experimental and may be changed or removed completely in a future release. Elastic will take a best effort approach to fix any issues, but experimental features are not subject to the support of official GA features.

  • Host Risk Score: A framework to figure out the most suspicious hosts in your environment, based on their alert activity. For more information, click here.
  • A new experimental URL Spoofing model framework allows you to proactively detect and monitor spoofing activity by raising an alert whenever you interact with a predicted malicious URL in your environment. Requires Platinum or higher subscription.