A newer version is available. For the latest information, see the
current release documentation.
7.11
edit7.11
edit7.11.2
editBug fixes and enhancements
edit- Updates warning message when no indices match provided index patterns (#93094).
-
Fixes rule edit bug with
max_signals
(#92748). - Fixes issue where the file name in a value modal list would be truncated (#91952).
- Adds an overflow text wrap for rule descriptions (#91945).
- Fixes issue in detection search where searching with the timestamp override field would yield a 400 error(#91597).
-
Replaces
partial failure
withwarning
for rule statuses (#91167).
7.11.0
editBreaking changes
editReferential integrity issues when deleting value lists
The /api/lists
DELETE
API has been updated to check for references before removing the specified resource(s) from value lists and will now return a 409 conflict if any references exist. Set the new ignoreReferences
query param to true
to maintain the behavior of deleting value list(s) without performing any additional checks.
Bug fixes and enhancements
edit- Corrects look-back time logic now displays whatever unit the user selects (#81383).
- Fixes a bug where mapping browser fields were automatically reduced (#81675).
- Allows both status data for enabled and disabled rules are now fetchable (#81783).
- Allows autorefresh to be toggled in Advanced Settings (#82062).
- Makes severity and risk score overrides more flexible (#83723).
- Improves DE query build times for large lists (#85051).
- Adds skeleton exceptions list tab to all rules page (#85465).
- Fixes export on exceptions functionality list view (#86135).
- Fixes exception list table referential deletion (#87231).
- Disables delete button for endpoint exceptions (#87694).
Known issues
edit-
The Elastic Endpoint Security rule will report a failure status until the Endpoint sends an alert for the first time. At that point, the next rule execution will succeed.
logs-endpoint.alerts-*
index pattern does not get created until the Endpoint sends the first alert (#90401). - In the Alert Details Summary view, values for some fields appear truncated. You’ll only be able to see the first character (#90539).