v9.1.1

What's Changed

• add destination.domain as part of the alert (#650) by @ricardo-estc in #655

Full Changelog: v9.1.0...v9.1.1

v8.19.1

What's Changed

• [backport][8.19] add destination.domain as part of the alert (#650) by @ricardo-estc in #656

Full Changelog: v8.19.0...v8.19.1

9.1.0

What's Changed

• Add process fields to custom documentation for security events by @ricardo-estc in #596
• Change the size of region_start_bytes + add the field to the alert data stream by @AsuNa-jp in #591
• update macos process events to include parent.command_line by @brian-mckinney in #602
• Add zone_identifier field to Process/DLL events by @AsuNa-jp in #608
• Update the copyright year by @AsuNa-jp in #611
• Add origin_url and origin_referrer_url field to Process/DLL events by @AsuNa-jp in #610
• AMSI API changes for behavior rule alerts - process.Ext.api.parameters.content_name by @magermark in #609
• Add metrics queues custom docs by @bjmcnic in #615
• Fix Windows behavior alert custom doc by @gabriellandau in #614
• Add process.command_line to some windows file events by @gabriellandau in #616
• Actions log spaces by @pzl in #622
• Add event.provider to API events by @gabriellandau in #631
• global artifacts manifest_type by @intxgo in #632
• global artifacts manifest_type, fix custom documentation by @intxgo in #635
• Add custom documentation entries for LDAP/HTTP ETW telemetry by @matthewh-elastic in #636
• Add fields for additional desktop_name process event field by @matthewh-elastic in #634
• Add new policy fields for firewall_anti_tamper plugin by @matthewh-elastic in #637
• [8.19/9.1] Add new fields for security events by @AsuNa-jp in #640
• [8.19/9.1]Add Winlog fields for the ETW security events by @AsuNa-jp in #633
• Add tags to action request documents by @pzl in #642
• add mapping for united.agent.namespaces by @joeypoon in #641
• Update custom documentation for security events by @AsuNa-jp in #643
• Add TCC modify event on macOS by @ricardo-estc in #638
• Add missing custom documentation fields to logoff security events by @AsuNa-jp in #645
• Add custom documentation fields for pipe_events by @calladoum-elastic in #644

New Contributors

• @bjmcnic made their first contribution in #615
• @matthewh-elastic made their first contribution in #636

Full Changelog: v9.0.0...v9.1.0

v9.0.2

What's Changed

• AMSI API changes for behavior rule alerts by @magermark in #626

Full Changelog: v9.0.1...v9.0.2

8.19.0

What's Changed

• Add fleet unenrolled audit fields by @pzl in #579
• update metrics custom documentation by @jdu2600 in #580
• update alerts custom documentation by @jdu2600 in #581
• [macOS] Security events by @ricardo-estc in #582
• Add custom documentation for noisy processes by @brian-mckinney in #583
• Add process fields to custom documentation for security events by @ricardo-estc in #596
• Change the size of region_start_bytes + add the field to the alert data stream by @AsuNa-jp in #591
• update macos process events to include parent.command_line by @brian-mckinney in #602
• Add zone_identifier field to Process/DLL events by @AsuNa-jp in #608
• Update the copyright year by @AsuNa-jp in #611
• Add origin_url and origin_referrer_url field to Process/DLL events by @AsuNa-jp in #610
• AMSI API changes for behavior rule alerts - process.Ext.api.parameters.content_name by @magermark in #609
• Add metrics queues custom docs by @bjmcnic in #615
• Fix Windows behavior alert custom doc by @gabriellandau in #614
• Add process.command_line to some windows file events by @gabriellandau in #616
• Actions log spaces by @pzl in #622
• Add event.provider to API events by @gabriellandau in #631
• global artifacts manifest_type by @intxgo in #632
• global artifacts manifest_type, fix custom documentation by @intxgo in #635
• Add custom documentation entries for LDAP/HTTP ETW telemetry by @matthewh-elastic in #636
• Add fields for additional desktop_name process event field by @matthewh-elastic in #634
• Add new policy fields for firewall_anti_tamper plugin by @matthewh-elastic in #637
• [8.19/9.1] Add new fields for security events by @AsuNa-jp in #640
• [8.19/9.1]Add Winlog fields for the ETW security events by @AsuNa-jp in #633
• Add tags to action request documents by @pzl in #642
• add mapping for united.agent.namespaces by @joeypoon in #641
• Update custom documentation for security events by @AsuNa-jp in #643
• Add TCC modify event on macOS by @ricardo-estc in #638
• Add missing custom documentation fields to logoff security events by @AsuNa-jp in #645
• Add custom documentation fields for pipe_events by @calladoum-elastic in #644

Full Changelog: v8.18.0...v8.19.0

8.17.1

What's Changed

• Rules notice by @pzl in #617

Full Changelog: v8.17.0...v8.17.1

8.16.1

What's Changed

• Rules notice by @pzl in #619

Full Changelog: v8.16.0...v8.16.1

v9.0.1

What's Changed

• Change the size of region_start_bytes + add the field to the alert data stream by @AsuNa-jp in #591
• Cleanup format by @pzl in #613
• add prebuilt rules bug banner by @pzl in #612

Full Changelog: v9.0.0...v9.0.1

v8.18.1

What's Changed

• Change the size of region_start_bytes + add the field to the alert data stream by @AsuNa-jp in #591
• Rules notice by @pzl in #618

Full Changelog: v8.18.0...v8.18.1

v9.0.0

What's Changed

• Add fleet unenrolled audit fields by @pzl in #579
• update metrics custom documentation by @jdu2600 in #580
• update alerts custom documentation by @jdu2600 in #581
• [macOS] Security events by @ricardo-estc in #582
• Add custom documentation for noisy processes by @brian-mckinney in #583

Release and Maintenance work

• Update branch target for major v9 by @pzl in #578
• Catch up from 8.18 by @pzl in #587
• disable DRY_RUN on releasable branches by @pzl in #589
• 9.0 release by @pzl in #593

Full Changelog: v8.18.0...v9.0.0