What’s new in 8.14

edit

Here are the highlights of what’s new and improved in Elastic Security. For detailed information about this release, check out our release notes.

Other versions: 8.13 | 8.12 | 8.11 | 8.10 | 8.9 | 8.8 | 8.7 | 8.6 | 8.5 | 8.4 | 8.3 | 8.2 | 8.1 | 8.0 | 7.17 | 7.16 | 7.15 | 7.14 | 7.13 | 7.12 | 7.11 | 7.10 | 7.9

Generative AI enhancements

edit

Attack Discovery

edit

Attack discovery is a new AI-powered tool that identifies potential attacks and maps connections between alerts to the MITRE ATT&CK® matrix, helping you to fight alert fatigue and reduce your mean time to respond.

Attack discovery detail view

Redesigned Elastic AI Assistant UI

edit

Elastic AI Assistant for Elastic Security has a redesigned user interface that uses a flyout instead of a popup, aligning it with standard Kibana design patterns. Also, when using OpenAI models, AI Assistant can now "stream" responses, rendering word-by-word rather than appearing as complete text blocks, providing a more conversational experience.

Entity Analytics enhancements

edit

Asset criticality file upload

edit

You can bulk assign asset criticality to multiple entities at a time by importing a text file from your asset management tools. This feature allows you to quickly and easily import a list of entities and their asset criticality levels into the Elastic Security app.

Animation of asset criticality file upload

Unassign asset criticality

edit

You can unassign asset criticality from a host or user if the criticality level is no longer known, or the currently assigned level is incorrect.

Unassign asset criticality

Risk scoring engine processes up to 10,000 alerts per entity

edit

When calculating entity risk scores, the risk scoring engine now takes into account a maximum of 10,000 alerts per entity. This ensures that the engine remains operational in environments with extremely large data volume.

Access the entity details flyout from the Entity Analytics dashboard

edit

Clicking on a specific host or user name in the Entity Analytics dashboard now opens the host or user details flyout instead of the host or user details page. This allows you to access entity metadata and risk score information without navigating away from the dashboard.

Entity details flyout shows contribution scores per alert

edit

The Risk contributions section of the entity details flyout now shows the top 10 alerts that contributed to the latest risk scoring calculation and each alert’s contribution score. This makes each entity’s risk score easier to understand and gives better insight into which alerts you should investigate at the entity level.

Contribution scores for top 10 alerts

Detection rules and alerts enhancements

edit

Value list improvements

edit

You can now edit value lists from the UI, wherever you use them. For example, you can now add items to a value list while creating a rule exception that references that value list.

Edit items in a value list

Add ES|QL fields as custom highlighted fields

edit

When adding custom highlighted fields to an ES|QL rule, you can now specify any fields returned by the rule’s query. This allows you to surface fields that contain useful information for investigating alerts.

Editable setup guide field for detection rules

edit

You can now edit the Setup guide field for user-created custom rules. Use this informational field to list rule prerequisites such as required integrations, configuration steps, and anything else needed for the rule to work correctly.

Setup guide field

Alert suppression improvements

edit

In 8.14, we’ve moved alert suppression for custom query rules from technical preview to generally available. We’ve also added alert suppression to event correlation rules (non-sequence queries only) and new terms rules.

Elastic Defend enhancements

edit

New malware file scanning options

edit

When configuring malware protection, you can choose whether Elastic Defend scans files when they’re modified or executed. This can improve performance on hosts where files are frequently modified, while continuing to identify malware as it attempts to run.

Malware protection section

Automatically register Elastic Defend as antivirus

edit

If you’re using Elastic Defend’s malware protection, you can now automatically register Elastic Defend as the antivirus software for Windows endpoints.

Register as antivirus section

Cloud Security Posture Management support for AWS GovCloud

edit

Elastic’s Cloud Security Posture Management (CSPM) integration now supports AWS GovCloud so you can monitor and track how your GovCloud clusters perform against security benchmarks.