v8.17.0

What's Changed

• Prepare 8.17 dev cycle on main branch by @pzl in #558
• 8.17.0 Release by @pzl in #562

there are no functional changes between this release and 8.16.0. This release will simply keep in line with stack release, so that kibana 8.17 users do not get confused, or wonder if an upgrade failed, if they see their defend integration is still at 8.16.0.

Full Changelog: v8.16.0...v8.17.0

v8.16.0

What's Changed

• Prepare 8.16 dev cycle by @pzl in #517
• index call_stack_summary in API events by @jdu2600 in #520
• Enable endpoint policy.applied.artifacts mapping by @pzl in #523
• Add Target.process.Ext.authentication_id and process.Ext.authentication_id to Security events by @ayfaouzi in #525
• pull-forward 8.15.1 changelog by @pzl in #533
• Secondary Malware Signature Fields by @gabriellandau in #538
• Add dns.resolved_ip to Windows custom docs to address recent regression. by @gabriellandau in #540
• WMI (WMI-Activity ETW Provider) API Event (production) by @AsuNa-jp in #527
• API - DeviceIoControl events and new final_user_module fields by @jdu2600 in #545
• Add winlog.event_data.PrivilegeList to security events by @ayfaouzi in #547
• Update WMI event fields and add missing custom documentation fields by @AsuNa-jp in #546
• 8.16.0 Release by @pzl in #557

New Contributors

• @ayfaouzi made their first contribution in #519

Full Changelog: v8.15.2...v8.16.0

8.15.2

What's Changed

• Secondary Malware Signature Fields (#538) by @gabriellandau in #539

Full Changelog: v8.15.1...v8.15.2

8.15.1

What's Changed

• Add process.Ext.protection to Windows library events by @jdu2600 in #528

Full Changelog: v8.15.0...v8.15.1

8.15.0

What's Changed

• Prepare main branch for next release cycle by @pzl in #495
• cherry-pick update custom documentation (#497) by @intxgo in #498
• remove unreleased document fields documentation which were accidental… by @intxgo in #501
• Fix formatting/order from ecs build tool by @pzl in #505
• [8.15] add truncated_stack to api.behaviors documentation by @jdu2600 in #504
• Add event.dataset to api datastream by @pzl in #507
• add heartbeat billable field by @joeypoon in #510
• 8.15 update custom documentation by @intxgo in #513
• Add file.origin_referrer_url and file.origin_url to FileEvent by @AsuNa-jp in #514
• Prepare 8.15 release by @pzl in #515

Full Changelog: v8.14.0...v8.15.0

v8.14.0

What's Changed

• setup 8.14 cycle by @pzl in #476
• Test Enable HTTPS cloning by @pzl in #481
• Add missing branch defs by @pzl in #482
• add the files missing from #470 by @ferullo in #486
• Added 'effective' user field. by @matthewscherer in #485
• [8.14] API event field updates by @jdu2600 in #479
• Convert transforms to v3 yaml definition & set to unattended by @pzl in #487
• Bump prerelease for testing by @pzl in #488
• Revert unattended transforms, bump prelease by @pzl in #489
• HWBP => Production by @gabriellandau in #490
• Release 8.14 by @pzl in #493

New Contributors

• @matthewscherer made their first contribution in #485

Full Changelog: v8.13.0...v8.14.0

8.13.0

What's Changed

• Revert "Revert "Transform schema v2 (#270)" (#411)" by @pzl in #418
• add 8.11 custom documentation by @ferullo in #446
• Enable Unattended Transforms by @pzl in #447
• additional 8.11 custom documentation fields by @ferullo in #450
• make endpoint team sole owners of custom docs by @pzl in #451
• Original Extension field for file rename events by @ricardoungureanu in #457
• Revert v3 compliance work by @pzl in #461
• Setup 8.13 cycle by @pzl in #462
• Signing using Buildkite by @gogochan in #463
• [BUILDKITE] trigger publishing by @gogochan in #464
• validating publishing by @gogochan in #465
• fix branch_configuration by @gogochan in #466
• disable jenkins by @gogochan in #467
• add 8.12 custom documentation by @ferullo in #470
• Fix kibana version condition and additional buildkite settings by @gogochan in #473

Full Changelog: v8.12.0...v8.13.0

8.12.0

What's Changed

• convert main branch to 8.12 release cycle by @pzl in #434
• remove obj type for api generated files by @pzl in #460
• additional process callstack fields by @jdu2600 in #435
• reformat metadata yaml, removed dotted-keys by @pzl in #441
• artifacts manifest update age, snapshot date by @intxgo in #440
• Replace more dotted keys by @pzl in #442
• Add memory_region to api events by @jdu2600 in #445
• Keylogging (Win32k ETW) API Event (production) by @AsuNa-jp in #444
• Keylogging (Win32k ETW) API Event (production) (rename some fields) by @AsuNa-jp in #456
• mark integration as requiring root-level agent by @pzl in #458

Full Changelog: v8.11.0...v8.12.0

8.11.0

What's Changed

• set up 8.11 release cycle by @pzl in #406
• fix buildkite catalog owner by @gogochan in #417
• Custom documentation 8.10 by @ferullo in #421
• move where custom documentation is rendered by @ferullo in #422
• [macOS] Add Effective_process fields for file events by @ricardoungureanu in #423
• add more custom documentation fields on windows by @ferullo in #424
• Add buildkite Build step by @gogochan in #425
• Effective Process for library load events by @ricardoungureanu in #426
• add more missing custom_documentation fields by @ferullo in #430
• Add linux capabilities to process events by @nicholasberlin in #431
• ETW Threat-Intelligence API events by @jdu2600 in #427
• Update package spec and capabilities for serverless filtering by @pzl in #428
• mark 8.11.0 release by @pzl in #432

New Contributors

• @nicholasberlin made their first contribution in #431

Full Changelog: v8.10.2...v8.11.0

8.10.2

What's Changed

• setup 8.10.2 dev cycle by @pzl in #410
• Revert "Transform schema v2 (#270)" (#411) by @pzl in #412
• [backport][8.10] update 8.10.2 changelog (#413) by @pzl in #414
• Release 8.10.2 by @pzl in #415

Full Changelog: v8.10.1...v8.10.2