What’s new in 8.12
editWhat’s new in 8.12
editHere are the highlights of what’s new and improved in Elastic Security. For detailed information about this release, check out our release notes.
Other versions: 8.11 | 8.10 | 8.9 | 8.8 | 8.7 | 8.6 | 8.5 | 8.4 | 8.3 | 8.2 | 8.1 | 8.0 | 7.17 | 7.16 | 7.15 | 7.14 | 7.13 | 7.12 | 7.11 | 7.10 | 7.9
Retrieval-augmented generation for alerts in Elastic AI Assistant
editElastic AI Assistant now supports retrieval-augmented generation (RAG) for alerts. Using this feature, you can provide information about multiple alerts to AI Assistant, so that it can answer a broader scope of questions relating to alerts in your environment.
Detection rules and alerts enhancements
editThe following enhancements have been added to detection rules and alerts:
JSON diff for Elastic prebuilt rule updates
editWhen Elastic updates a prebuilt detection rule, you can examine the latest version before you update the rule. The rule details flyout in Rule Updates displays a side-by-side JSON comparison of the rule’s Base version (what you currently have installed) and the Update version that you can choose to install.
Alert suppression supported for threshold rules
editAlert suppression now supports the threshold detection rule type. You can use it to reduce the number of repeated or duplicate detection alerts created by a threshold rule.
Assign users to alerts
editYou can now assign users to alerts that you want them to investigate, and manage alert assignees throughout an alert’s lifecycle. Assigned alerts are filterable, and you can find assignees by adding the kibana.alert.workflow_assignee_ids
field to the Alerts table or by opening an alert’s details.
Timeline enhancements
editThe following enhancements have been added to Timeline:
UI and UX enhancements to Timeline
editTimeline now opens as a modal, requires you to manually save changes, and has the option to save changes as a new Timeline. Additional UX improvements have been also introduced. For example, the query builder is now collapsible, which allows you to have more space for Timeline results.
Feature flag added for the ES|QL tab
editYou can now remove the ES|QL tab by editing your Kibana user settings and adding the xpack.securitySolution.enableExperimental: ["timelineEsqlTabDisabled"]
feature flag.
Default ES|QL query removed from the ES|QL tab
editThe default ES|QL query was removed from the ES|QL tab, for increased tab performance.
Exclude cold and frozen tiers from analyzer queries
editYou can now exclude cold and frozen tier data from visual event analyzer queries to increase analyzer performance. You can do this by turning on the securitySolution:excludeColdAndFrozenTiersInAnalyzer
advanced setting.
Bidirectional integration response actions (SentinelOne)
editPowered by the SentinelOne integration for Elastic Agent, SentinelOne response actions allow you to perform bidirectional actions on protected hosts, such as directing SentinelOne to isolate a suspicious endpoint from your network, without needing to leave the Elastic Security UI.
Event filters and endpoint exceptions support for matches
and does not match
conditions
editYou can now use matches
and does not match
conditions on more fields when configuring event filters and endpoint exceptions. Previously, only the file.path.text
field was supported.
Cloud Security enhancements
editThe following enhancements have been added to Cloud Security:
Organization-wide Azure deployments supported in Cloud security posture management (CSPM)
editCloud security posture management (CSPM) capabilities have been expanded to support organization-wide Azure deployments.
Data grouping and table customization improvements on the Findings page
editThe Findings page now enables you to group your data by any field, and to further customize how the page is displayed.
New Osquery query timeout setting
editWhen running an Osquery query, you can now set a timeout period, in seconds, after which the query will stop running. Overwriting the default timeout allows you to support queries that require more time to complete. The default and minimum supported value is 60
. The maximum supported value is 900
.