This documentation contains work-in-progress information for future Elastic Stack and Cloud releases. Use the version selector to view supported release docs. It also contains some Elastic Cloud serverless information. Check out our serverless docs for more details.
« Beats release notes Elasticsearch release notes »
Elastic Docs Elastic Installation and Upgrade Guide [9.0] Release notes

Elastic Security release notes

edit
IMPORTANT: This documentation is no longer updated. Refer to Elastic's version policy and the latest documentation.

Elastic Security release notes

edit

Elastic Security version 9.0.0-rc1

edit

All features introduced in 8.18.0 are also available in 9.0.0.

Breaking changes
edit
  • Refactors the Timeline HTTP API endpoints (#200633).
  • Removes deprecated API endpoints for Elastic Defend (#199598).
  • Removes deprecated API endpoints for bulk CRUD actions on detection rules (#197422, #207906).
Deprecations
edit
  • Renames the integration-assistant plugin to automatic-import to match the associated feature (#207325).
  • Removes all legacy risk engine code and features (#201810).
  • Removes deprecated API endpoints for Elastic Defend (#199598).
  • Deprecates the SIEM signals migration APIs (#202662).
Known issues
edit
Duplicate alerts can be produced from manually running threshold rules

Details
On November 12, 2024, it was discovered that manually running threshold rules could produce duplicate alerts if the date range was already covered by a scheduled rule execution.

Manually running custom query rules with suppression could suppress more alerts than expected

Details
On November 12, 2024, it was discovered that manually running a custom query rule with suppression could incorrectly inflate the number of suppressed alerts.

New features
edit
  • Enables Automatic Import to accept CEL log samples (#206491).
  • Applies the latest Elastic UI framework (EUI) to Elastic Security features (#204007, #204908).
  • Adds the option to view Elasticsearch queries that run during rule execution for threshold, custom query, and machine learning rules (#203320).
Enhancements
edit
  • Enhances Automatic Import by including setup and troubleshooting documentation for each input type that’s selected in the readme (#206477).
  • Allows users to include closed alerts in risk score calculations (#201909).
  • Adds the ability to continue to the Entity Analytics dashboard when there is no data (#201363).
  • Modifies the privilege-checking behavior during rule execution. Now, only read privileges of extant indices are checked during rule execution (#177658).
Bug fixes
edit
  • Ensures that table actions use standard colors (#207743).
  • Fixes a bug with the Save and continue button on a Fleet form (#211563).

Elastic Security version 9.0.0-beta1

edit
Breaking changes
edit
  • Refactors the Timeline HTTP API endpoints (#200633).
  • Removes deprecated API endpoints for Elastic Defend (#199598).
  • Removes deprecated API endpoints for bulk CRUD actions on detection rules (#197422, #207906).
Deprecations
edit
  • Renames the integration-assistant plugin to automatic-import to match the associated feature (#207325).
  • Removes all legacy risk engine code and features (#201810).
  • Removes deprecated API endpoints for Elastic Defend (#199598).
  • Deprecates the SIEM signals migration APIs (#202662).
Known issues
edit
Duplicate alerts can be produced from manually running threshold rules

Details
On November 12, 2024, it was discovered that manually running threshold rules could produce duplicate alerts if the date range was already covered by a scheduled rule execution.

Manually running custom query rules with suppression could suppress more alerts than expected

Details
On November 12, 2024, it was discovered that manually running a custom query rule with suppression could incorrectly inflate the number of suppressed alerts.

New features
edit
  • Enables Automatic Import to accept CEL log samples (#206491).
  • Applies the latest Elastic UI framework (EUI) to Elastic Security features (#204007, #204908).
  • Adds the option to view Elasticsearch queries that run during rule execution for threshold, custom query, and machine learning rules (#203320).
Enhancements
edit
  • Enhances Automatic Import by including setup and troubleshooting documentation for each input type that’s selected in the readme (#206477).
  • Allows users to include closed alerts in risk score calculations (#201909).
  • Adds the ability to continue to the Entity Analytics dashboard when there is no data (#201363).
  • Modifies the privilege-checking behavior during rule execution. Now, only read privileges of extant indices are checked during rule execution (#177658).
Bug fixes
edit
  • Ensures that table actions use standard colors (#207743).
« Beats release notes Elasticsearch release notes »