What’s new in 8.14
editWhat’s new in 8.14
editHere are the highlights of what’s new and improved in Elastic Security. For detailed information about this release, check out our release notes.
Other versions: 8.13 | 8.12 | 8.11 | 8.10 | 8.9 | 8.8 | 8.7 | 8.6 | 8.5 | 8.4 | 8.3 | 8.2 | 8.1 | 8.0 | 7.17 | 7.16 | 7.15 | 7.14 | 7.13 | 7.12 | 7.11 | 7.10 | 7.9
Generative AI enhancements
editAttack Discovery
editAttack discovery is a new AI-powered tool that identifies potential attacks and maps connections between alerts to the MITRE ATT&CK® matrix, helping you to fight alert fatigue and reduce your mean time to respond.
Redesigned Elastic AI Assistant UI
editElastic AI Assistant for Elastic Security has a redesigned user interface that uses a flyout instead of a popup, aligning it with standard Kibana design patterns. Also, when using OpenAI models, AI Assistant can now "stream" responses, rendering word-by-word rather than appearing as complete text blocks, providing a more conversational experience.
Entity Analytics enhancements
editAsset criticality file upload
editYou can bulk assign asset criticality to multiple entities at a time by importing a text file from your asset management tools. This feature allows you to quickly and easily import a list of entities and their asset criticality levels into the Elastic Security app.
Unassign asset criticality
editYou can unassign asset criticality from a host or user if the criticality level is no longer known, or the currently assigned level is incorrect.
Risk scoring engine processes up to 10,000 alerts per entity
editWhen calculating entity risk scores, the risk scoring engine now takes into account a maximum of 10,000 alerts per entity. This ensures that the engine remains operational in environments with extremely large data volume.
Access the entity details flyout from the Entity Analytics dashboard
editClicking on a specific host or user name in the Entity Analytics dashboard now opens the host or user details flyout instead of the host or user details page. This allows you to access entity metadata and risk score information without navigating away from the dashboard.
Entity details flyout shows contribution scores per alert
editThe Risk contributions section of the entity details flyout now shows the top 10 alerts that contributed to the latest risk scoring calculation and each alert’s contribution score. This makes each entity’s risk score easier to understand and gives better insight into which alerts you should investigate at the entity level.
Detection rules and alerts enhancements
editValue list improvements
editYou can now edit value lists from the UI, wherever you use them. For example, you can now add items to a value list while creating a rule exception that references that value list.
Add ES|QL fields as custom highlighted fields
editWhen adding custom highlighted fields to an ES|QL rule, you can now specify any fields returned by the rule’s query. This allows you to surface fields that contain useful information for investigating alerts.
Editable setup guide field for detection rules
editYou can now edit the Setup guide field for user-created custom rules. Use this informational field to list rule prerequisites such as required integrations, configuration steps, and anything else needed for the rule to work correctly.
Alert suppression improvements
editIn 8.14, we’ve moved alert suppression for custom query rules from technical preview to generally available. We’ve also added alert suppression to event correlation rules (non-sequence queries only) and new terms rules.
Elastic Defend enhancements
editNew malware file scanning options
editWhen configuring malware protection, you can choose whether Elastic Defend scans files when they’re modified or executed. This can improve performance on hosts where files are frequently modified, while continuing to identify malware as it attempts to run.
Automatically register Elastic Defend as antivirus
editIf you’re using Elastic Defend’s malware protection, you can now automatically register Elastic Defend as the antivirus software for Windows endpoints.
Cloud Security Posture Management support for AWS GovCloud
editElastic’s Cloud Security Posture Management (CSPM) integration now supports AWS GovCloud so you can monitor and track how your GovCloud clusters perform against security benchmarks.