What’s new in 8.8

Here are the highlights of what’s new and improved in Elastic Security. For detailed information about this release, check out the Release notes.

Other versions: 8.7 | 8.6 | 8.5 | 8.4 | 8.3 | 8.2 | 8.1 | 8.0 | 7.17 | 7.16 | 7.15 | 7.14 | 7.13 | 7.12 | 7.11 | 7.10 | 7.9

New warning for running maintenance windows

A warning banner displays on the Rules page if a maintenance window is running. During an active maintenance window, rule actions won’t run, and alert notifications aren’t sent.

Prebuilt rule updates

Check out the latest updates to prebuilt rules. To download the latest updates, refer to Download latest Elastic prebuilt rules.

Control alert notifications and summaries

The following enhancements give more control over how and when alert notifications are sent. For more information, refer to Set up alert notifications.

Max alerts warning

When a rule reaches the maximum number of alerts it can generate in a single rule execution, the following warning is displayed on the rule’s details page and in the rule execution log: This rule reached the maximum alert limit for the rule execution. Some alerts were not created. To troubleshoot this event, we recommend you check for unexpected alerts. For more information, refer to Troubleshoot maximum alerts warning.

Share an alert

The Share alert button in the alert details flyout provides a shareable link you can copy and paste into browsers, cases, messages, and more.

Edit filter controls on the Alerts page

The drop-down filter controls on the Alerts page allow you to filter alerts by up to four fields. By default, you can filter by Status, Severity, User, and Host, but you can edit these to filter by different fields. You can also remove, add, and reorder them.

New alert suppression options

A new rule configuration option for alert suppression allows you to specify how to handle alerts when a field that’s used for suppression does not have a value.

Filter alerts from the Entity Analytics dashboard

In the Entity Analytics dashboard, you can now filter alerts on the Alerts page by selecting the number link in the column.

Select up to three fields for grouping alerts

You now select up to three fields to group alerts by to customize your alerts view. Each group is nested in the Alerts table by order of selection.

Visualization actions, which allow you to examine Elasticsearch queries used to retrieve data throughout the Elastic Security app or perform actions for the selected visualization, have been added to several places in the Elastic Security app. Look for the Inspect button () or options menu () in the UI.

Inline actions are displayed when you hover over a specific data field or value and allow you to customize your view or investigate further. They’ve also been added to more places throughout the Elastic Security app, such as:

New Container Workload Protection (beta)

You can now use Elastic Agent to protect your containers by detecting and preventing malicious behavior and malware, and to capture workload telemetry data. This solution uses a new integration, Defend for Containers (D4C), which allows you to create custom alerting and enforcement policies.

New Cloud Native Vulnerability Management (CNVM) (beta)

The Cloud Native Vulnerability Management (CNVM) feature helps you identify known vulnerabilities in your cloud workloads. When it finds vulnerabilities, it enables your remediation efforts by providing metadata such as the CVSS, severity, affected package, and a fix version if available, as well as information about impacted systems.

A new response console command, execute, allows you to run shell commands and scripts on the host. The complete output is also saved to a downloadable .zip file.

In Timeline, you can now delete notes for individual events or delete investigation notes for the entire Timeline.

The following enhancements have been added to Cases: