Closed
Description
This issue is a compilation of what's in our project board for what the docs team has planned to work on in 8.18/9.0. Please inform us if there are any discrepancies.
Release Notes and Highlights
Cloud Security
- [Security][Future release — not yet scheduled] Ingest KubeArmor data docs-content#272
- [Security][8.18] Document enhanced Linux process command line visibility docs-content#275
- [security][8.19] Collect DNS events from Linux machines using Defend docs-content#276
- [Security][8.18] Agentless CSPM integration goes GA docs-content#277
- [REQUEST]: Agentless documentation for Security Integrations docs-content#483
- [REQUEST]: Update minimum Kibana permissions on CNVM docs and Serverless docs-content#420
- [REQUEST]: Fix CSPM onboarding doc docs-content#514
GenAI
- [Security][8.18] Introduce Elastic Inference Service docs-content#278
- [Security][8.18] Implement a Public API for Assistant Knowledge Base docs-content#279
- Implement Audit logging for CRUD operations on custom knowledge docs-content#280
- [Request] Elastic Docs Knowledge docs-content#366
- [Request] Attack Discovery Alert Filtering docs-content#363
- [UI copy]: Review UX copy for the AI Assistant Citations feature #6485
- [Request] Change to "Connect to Google Vertex" AI docs docs-content#364
- [REQUEST]: SIEM Migration documentation docs-content#586
- [Request] Citations in the security solution AI assistant #6473
- [Request] Fix AI Assistant page docs-content#267
Detection Engine
- [Request] Add instructions for enabling logsdb by default #6409
- [Request] Rule gaps docs-content#287
- [REQUEST][Security]: CCS and ES|QL docs-content#346
- Change LogsDB "Not Supported" message to "Caution" message as soon as three "how to check" sections are available. #6526
- [Request] [Manual Runs] Manual runs now include almost all rule actions #6493
- [Request][Detection Engine] Extend Detection rules preview logged queries to new terms, machine learning, query, threshold rule types #6494
- [Request][Serverless][ESS] EQL Sequence alert suppression #5886
- [REQUEST][8.18,9.0, and Serverless]: Manual runs being GA'd docs-content#888
Rule Management
- [Request] Prebuilt rule customization, upgrade, and export/import workflows #5061
- [Security Solution] Add a banner to promote prebuilt rule customization in ESS kibana#205594
Entity Analytics
- [Request] Add 'service' to the Entity Store #6423
- [Request] Entity Store - Engine status tab #6422
- [REQUEST] [Security]: Entity store GA in 8.18 docs-content#268
- [Request] Remove "Beta" label from Entity Risk Scoring #6427
- [Request] Risk Score calculation for "closed" alerts #6254
- [UI copy]: Legacy risk scoring module deprecation in upgrade assistant #6270
Threat Hunting
- [Request] Update docs for security timelines and notes where it mentions privileges #6302
- [REQUEST][Security]: Flyout preview enhancements docs-content#465
- [UI copy]: Review tooltips for flyout navigation improvements docs-content#371
- [REQUEST][Security]: New sub-feature priv for case assignees docs-content#333
- [REQUEST][Security]: Show flyout history for alerts/host/user/events docs-content#270
- [REQUEST][Security]: Standardize actions in Alerts KPI visualizations and update actions copy docs-content#321
- [Request] Alert status information re-added to flyout #6382
- [Request] [8.18, 9.0, and Serverless] Observables can be added to cases #6395
- [REQUEST][Security]: Visualizations in the alert details flyout are enabled by default docs-content#1008
EDR Workflows
- [REQUEST] [Security]: Increase maximum Osquery timeout to 24 hours docs-content#347
- [Request] RBAC update - third party response actions #6398
- [Request] GA for third party response capabilities #6397
- [Request] Crowdstrike additional third-party response actions #6365
- [Request] MS Defender for Endpoint, third party response integration #6303
- [Request]Identify AV/EDR compatibility issues on endpoints with genAI (endpoint insights) #6301
- Endpoint data volume reduction mechanisms #5771