What’s new in 8.15edit
Here are the highlights of what’s new and improved in Elastic Security. For detailed information about this release, check out our release notes.
Other versions: 8.13 | 8.12 | 8.11 | 8.10 | 8.9 | 8.8 | 8.7 | 8.6 | 8.5 | 8.4 | 8.3 | 8.2 | 8.1 | 8.0 | 7.17 | 7.16 | 7.15 | 7.14 | 7.13 | 7.12 | 7.11 | 7.10 | 7.9
Generative AI enhancementsedit
Attack Discoveryedit
Attack discovery is a new AI-powered tool that identifies potential attacks and maps connections between alerts to the MITRE ATT&CK® matrix, helping you to fight alert fatigue and reduce your mean time to respond.
Redesigned Elastic AI Assistant UIedit
Elastic AI Assistant for Elastic Security has a redesigned user interface that uses a flyout instead of a popup, aligning it with standard Kibana design patterns. Also, when using OpenAI models, AI Assistant can now "stream" responses, rendering word-by-word rather than appearing as complete text blocks, providing a more conversational experience.
Entity Analytics enhancementsedit
Asset criticality file uploadedit
You can bulk assign asset criticality to multiple entities at a time by importing a text file from your asset management tools. This feature allows you to quickly and easily import a list of entities and their asset criticality levels into the Elastic Security app.
Unassign asset criticalityedit
You can unassign asset criticality from a host or user if the criticality level is no longer known, or the currently assigned level is incorrect.
Risk scoring engine processes up to 10,000 alerts per entityedit
When calculating entity risk scores, the risk scoring engine now takes into account a maximum of 10,000 alerts per entity. This ensures that the engine remains operational in environments with extremely large data volume.
Access the entity details flyout from the Entity Analytics dashboardedit
Clicking on a specific host or user name in the Entity Analytics dashboard now opens the host or user details flyout instead of the host or user details page. This allows you to access entity metadata and risk score information without navigating away from the dashboard.
Entity details flyout shows contribution scores per alertedit
The Risk contributions section of the entity details flyout now shows the top 10 alerts that contributed to the latest risk scoring calculation and each alert’s contribution score. This makes each entity’s risk score easier to understand and gives better insight into which alerts you should investigate at the entity level.
Detection rules and alerts enhancementsedit
Value list improvementsedit
You can now edit value lists from the UI, wherever you use them. For example, you can now add items to a value list while creating a rule exception that references that value list.
Add ES|QL fields as custom highlighted fieldsedit
When adding custom highlighted fields to an ES|QL rule, you can now specify any fields returned by the rule’s query. This allows you to surface fields that contain useful information for investigating alerts.
Editable setup guide field for detection rulesedit
You can now edit the Setup guide field for user-created custom rules. Use this informational field to list rule prerequisites such as required integrations, configuration steps, and anything else needed for the rule to work correctly.
Alert suppression improvementsedit
In 8.14, we’ve moved alert suppression for custom query rules from technical preview to generally available. We’ve also added alert suppression to event correlation rules (non-sequence queries only) and new terms rules.
Elastic Defend enhancementsedit
New malware file scanning optionsedit
When configuring malware protection, you can choose whether Elastic Defend scans files when they’re modified or executed. This can improve performance on hosts where files are frequently modified, while continuing to identify malware as it attempts to run.
Automatically register Elastic Defend as antivirusedit
If you’re using Elastic Defend’s malware protection, you can now automatically register Elastic Defend as the antivirus software for Windows endpoints.
Cloud Security Posture Management support for AWS GovCloudedit
Elastic’s Cloud Security Posture Management (CSPM) integration now supports AWS GovCloud so you can monitor and track how your GovCloud clusters perform against security benchmarks.