Now, the Alert details flyout correctly uses the public alias index. Updates the lists index template to use new logic ( #133067).Īdds event filters to event correlation rules ( #132507).Īllows you to define a data view as the rule’s data source, making runtime fields available for rule configuration ( #130929).Ĭreates a single visualization pane on the Alerts page, and adds a treemap visualization that shows the distribution of alerts as nested, proportionally-sized tiles ( #126896).įixes an incorrect counter for exported rules ( #138598).įixes event filters based on OS version ( #138517).įixes a bug that could change the batch size for event search in indicator rules ( #138356).įixes a bug that prevented users from accessing alert details if they didn’t have the appropriate privileges to view the internal index. Updates the rule exceptions UI ( #135255).įixes performance issues with rules management ( #135311).Īllows you to disable as a fallback timestamp field when you’ve defined a timestamp override ( #135116).Įnhances the host risk score UI ( #133708). Improves the experience of bulk exporting rules by informing users early which rules can and cannot be exported ( #136418).Īdds index pattern information to the Inspect panel ( #136407).Īdds a custom dashboards table to the Dashboards page ( #136221, #136671).įixes a performance issue with creating alerts from source documents that contain a large number of fields ( #135956). Turns grouped navigation on by default ( #136819). Improves the experience of bulk editing index patterns on rules by warning users early that machine learning rules can’t be edited ( #134664).Įnhances rule previews with configurable rule intervals and look-back times ( #137102).Įnhances the status pending badge for endpoint actions with a detailed status when you hover on it ( #136966). Updates the Network page’s UI to match the Hosts and Users pages ( #137541, #136913). Also adds the related integrations badge to the Rules table ( #131475). You must enable the session view data setting on your Endpoint and Cloud Security integration policy to enrich these events with session data and Kubernetes metadata fields.Īdds support for Amazon Elastic Kubernetes Service (EKS) to Kubernetes Security Posture Management (KSPM).Īdds new fields to prebuilt detection rules' schemas: related_integrations, required_fields, and setup ( #132409).Īdds the Related integrations, Required fields, and Setup guide sections to the rule details page to help users identify and meet a rule’s prerequisites. Provides support for process, file, and network events in Kubernetes. Credential hardening prevents attackers from stealing credentials stored in Windows system process memory.Īdds an endpoint self-healing feature to roll back file changes and processes on Windows endpoints when a prevention alert is generated by enabled protection features.Īdds the ability to run query packs as live queries ( #132198). Includes integration policy errors and statuses in Fleet and Elastic Security to help troubleshoot when an Elastic Agent has an Unhealthy status ( #136241, #136038).Īdds Attack surface reduction protections feature to reduce vulnerabilities on Windows endpoints. New operators are matches and does not match ( #136147).Īdds a new search query parameter, dry_run, to the bulk actions API that allows you to simulate a bulk action without permanently updating rules ( #134664).Ĭreates the response console, an interface that enables you to take actions on specific hosts ( #135360, #134520). Shows process alerts in the event process analyzer ( #135340).Īdds support for wildcard exceptions for detection rules. ![]() ![]() ![]() Creates a new rule type, New Terms, that creates an alert when a value appears for the first time in a particular field ( #134526).Īdds the Insights section to the Alert details flyout to show related cases and alerts ( #136009, #138419)
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |