[Meta][Security] 8.19 + 9.1 Security checklist

[nastasha-solomon]

This issue tracks doc needs for the 8.19/9.1 Security release.

Release docs

• Release notes
• What's new page (8.19 only): What's new in 8.19 security-docs#6875

Cloud Security

TBD

GenAI

TBD

Detection Engine

• Gap remediation:
  • [REQUEST][8.19,9.1, and Serverless]: Gap remediation being GA'd #1025
  • [REQUEST]: Add docs for the new bulk gap filling feature #1435
• Bulk-suppression:
  • [Internal]: Add bulk alert suppression documentation #1719
• Doc issue for new fields being added to the Security alerts index - TBC

Rule Management

• Prebuilt rules:
  • UX copy request for Detection rule workflows - Revert a customized prebuilt rule #1241
  • [UI copy]: Refine copy for bulk-updating prebuilt rules #1063
  • Doc issue for reverting prebuilt rules - TBC

Entity Analytics

• [Internal]: New Entity Analytics Workflow (Overview and Privileged User Monitoring) #1646
• [REQUEST]: Remove deployment context for unassigned criticality level from 9.1 #1017

Threat Hunting

• [Internal]: remove enableVisualizationsInFlyout advanced setting #1464
• [REQUEST]: Edit highlighted fields in alert flyout #1235
• [REQUEST]: Enable endpoint actions in events #674

Cases

• [Request] [Cases] Add incremental id to cases #1758 (also being tracked in [Meta][Kibana] 8.19 + 9.1 Analytics and Platform checklist #1443)

EDR Workflows

• [Internal]: Spaces support for Elastic Defend #1514
• [Internal]: Endpoint Exceptions privilege (ESS) #1517
• [Internal]: Advanced Mode for Trusted Applications #1520
• [Internal]: MacOS Security & DNS events available in Defend integration policy (event collection) #1518
• Response actions:
  • [Request] Response Console external EDR scripts picker #1498
  • [Internal]: Additional Microsoft Defender for Endpoint response action #1532