diff --git a/docs/release-notes.asciidoc b/docs/release-notes.asciidoc index 7af0c94f46..5a35b79060 100644 --- a/docs/release-notes.asciidoc +++ b/docs/release-notes.asciidoc @@ -6,6 +6,7 @@ This section summarizes the changes in each release. * <> * <> * <> +* <> * <> * <> * <> diff --git a/docs/release-notes/8.16.asciidoc b/docs/release-notes/8.16.asciidoc index ce1ddfd289..dbd253ce7e 100644 --- a/docs/release-notes/8.16.asciidoc +++ b/docs/release-notes/8.16.asciidoc @@ -1,6 +1,61 @@ [[release-notes-header-8.16.0]] == 8.16 +[discrete] +[[release-notes-8.16.4]] +=== 8.16.4 + +[discrete] +[[known-issue-8.16.4]] +==== Known issues + +// tag::known-issue[] +[discrete] +.Duplicate alerts can be produced from manually running threshold rules +[%collapsible] +==== +*Details* + +On November 12, 2024, it was discovered that manually running threshold rules could produce duplicate alerts if the date range was already covered by a scheduled rule execution. +==== +// end::known-issue[] + +// tag::known-issue[] +[discrete] +.Manually running custom query rules with suppression could suppress more alerts than expected +[%collapsible] +==== +*Details* + +On November 12, 2024, it was discovered that manually running a custom query rule with suppression could incorrectly inflate the number of suppressed alerts. +==== +// end::known-issue[] + +[discrete] +[[features-8.16.4]] +==== New features +* Adds the `advanced.malware.max_file_size_bytes` <>, which allows you to control the maximum file size for malware protection. + +[discrete] +[[enhancements-8.16.4]] +==== Enhancements +* Enhances the performance of {elastic-defend} network events monitoring for better CPU utilization and responsiveness. +* Adds byte counts to Linux {elastic-defend} network disconnect events. + +[discrete] +[[bug-fixes-8.16.4]] +==== Bug fixes +* Ensures that multiple IPs are displayed as individual links in the Alerts table, even if they're passed as a single string ({kibana-pull}209475[#209475]). +* Fixes an AI Assistant bug that prevented you from selecting different connector types after initially choosing one ({kibana-pull}208969[#208969]). +* Adds missing fields to Automatic Import's input manifest templates ({kibana-pull}208768[#208768]). +* Ensures that Automatic Import's structured log template surrounds single backslashes with single quotes when the backslash is used as an escape character ({kibana-pull}209736[#209736]). +* Adds fields that are missing from Automatic Import's `aws-s3-manifest.yml` file ({kibana-pull}208080[#208080]). +* Allows {elastic-defend} to detect or prevent malware process or image loads from WebDAV servers. +* Allows {elastic-defend} to bypass network traffic from other computers when promiscuous mode is enabled on Windows. +* Fixes a bug with the `get-file` Endpoint response action. When you used the `get-file` response action to retrieve a Windows Alternate Data Stream, the resulting `.zip` archive would contain a checksum error that made it unusable by most zip tools. +* Increases the maximum number of ETW buffers that {elastic-defend} can use. +* Fixes a bug in {elastic-defend} where a combination of "descendent of process" event filters and unenriched events would not match other event filters. +* Fixes an issue where {elastic-defend} wasn't correctly populating `event.created` for process events on Windows. +* When aggregating events, {elastic-defend} was using the final event's timestamp for the aggregated event, which was a bug. Now, {elastic-defend} will use the first event's timestamp as originally intended. + [discrete] [[release-notes-8.16.3]] === 8.16.3