What’s new in 8.14

Here are the highlights of what’s new and improved in Elastic Security. For detailed information about this release, check out our release notes.

Other versions: 8.13 | 8.12 | 8.11 | 8.10 | 8.9 | 8.8 | 8.7 | 8.6 | 8.5 | 8.4 | 8.3 | 8.2 | 8.1 | 8.0 | 7.17 | 7.16 | 7.15 | 7.14 | 7.13 | 7.12 | 7.11 | 7.10 | 7.9

Attack discovery is a new AI-powered tool that identifies potential attacks and maps connections between alerts to the MITRE ATT&CK® matrix, helping you to fight alert fatigue and reduce your mean time to respond.

Elastic AI Assistant for Elastic Security has a redesigned user interface that uses a flyout instead of a popup, aligning it with standard Kibana design patterns. Also, when using OpenAI models, AI Assistant can now "stream" responses, rendering word-by-word rather than appearing as complete text blocks, providing a more conversational experience.

You can bulk assign asset criticality to multiple entities at a time by importing a text file from your asset management tools. This feature allows you to quickly and easily import a list of entities and their asset criticality levels into the Elastic Security app.

You can unassign asset criticality from a host or user if the criticality level is no longer known, or the currently assigned level is incorrect.

When calculating entity risk scores, the risk scoring engine now takes into account a maximum of 10,000 alerts per entity. This ensures that the engine remains operational in environments with extremely large data volume.

Clicking on a specific host or user name in the Entity Analytics dashboard now opens the host or user details flyout instead of the host or user details page. This allows you to access entity metadata and risk score information without navigating away from the dashboard.

The Risk contributions section of the entity details flyout now shows the top 10 alerts that contributed to the latest risk scoring calculation and each alert’s contribution score. This makes each entity’s risk score easier to understand and gives better insight into which alerts you should investigate at the entity level.

You can now edit value lists from the UI, wherever you use them. For example, you can now add items to a value list while creating a rule exception that references that value list.

When adding custom highlighted fields to an ES|QL rule, you can now specify any fields returned by the rule’s query. This allows you to surface fields that contain useful information for investigating alerts.

You can now edit the Setup guide field for user-created custom rules. Use this informational field to list rule prerequisites such as required integrations, configuration steps, and anything else needed for the rule to work correctly.

In 8.14, we’ve moved alert suppression for custom query rules from technical preview to generally available. We’ve also added alert suppression to event correlation rules (non-sequence queries only) and new terms rules.

When configuring malware protection, you can choose whether Elastic Defend scans files when they’re modified or executed. This can improve performance on hosts where files are frequently modified, while continuing to identify malware as it attempts to run.

If you’re using Elastic Defend’s malware protection, you can now automatically register Elastic Defend as the antivirus software for Windows endpoints.

Elastic’s Cloud Security Posture Management (CSPM) integration now supports AWS GovCloud so you can monitor and track how your GovCloud clusters perform against security benchmarks.