[DOCS] 8.5 Release Notes

docs/release-notes.asciidoc

@@ -3,6 +3,7 @@
 
 This section summarizes the changes in each release.
 
+* <<release-notes-8.5.0, {elastic-sec} version 8.5.0>>
 * <<release-notes-8.4.3, {elastic-sec} version 8.4.3>>
 * <<release-notes-8.4.2, {elastic-sec} version 8.4.2>>
 * <<release-notes-8.4.1, {elastic-sec} version 8.4.1>>
@@ -28,6 +29,7 @@ This section summarizes the changes in each release.
 :issue: https://github.com/elastic/kibana/issues/
 :pull: https://github.com/elastic/kibana/pull/
 
+include::release-notes/8.5.asciidoc[]
 include::release-notes/8.4.asciidoc[]
 include::release-notes/8.3.asciidoc[]
 include::release-notes/8.2.asciidoc[]

docs/release-notes/8.5.asciidoc

@@ -0,0 +1,78 @@
+[[release-notes-header-8.5.0]]
+== 8.5
+
+[discrete]
+[[release-notes-8.5.0]]
+=== 8.5.0
+
+[discrete]
+[[known-issue-8.5.0]]
+==== Known issues
+* Users might experience slightly longer installation and upgrade times for the user and host risk score features ({pull}142434[#142434]).
+
+[discrete]
+[[breaking-changes-8.5.0]]
+==== Breaking changes
+// tag::breaking-changes[]
+// NOTE: The breaking-changes tagged regions are reused in the Elastic Installation and Upgrade Guide. The pull attribute is defined within this snippet so it properly resolves in the output.
+:pull: {pull}
+* Host and user risk score features that were installed in 8.4 or earlier are not ECS-compatible and therefore cannot generate new risk scores in 8.5.0. Before upgrading, users can archive their existing risk indices if they want to keep their "old" host and user risk scores. Otherwise, new risk indices will be generated once users upgrade host and user risk score features.
+// end::breaking-changes[]
+
+[discrete]
+[[deprecations-8.5.0]]
+==== Deprecations
+* Deprecates the risk score index and displays the Upgrade button in host and user risk score cards on the the Entity Analytics dashboard ({pull}140143[#140143]).
+
+[discrete]
+[[features-8.5.0]]
+==== Features
+* Introduces the Entity Analytics dashboard, which showcases host and user risk scores and anomalies. Also adds host and user risk data to the user and host detail pages. These features require at least a platinum license ({pull}137688[#137688], {pull}140270[#140270], {pull}139462[#139462]).
+* Update *Anomalies* tab to display the same quantity of anomalies when navigating from Entity Analytics dashboard ({pull}139910[#139910]).
+* Enriches alerts with host and user risk scores ({pull}139478[#139478]).
+* Enables the Intelligence page by default and makes the functionality generally available ({pull}141117[#141117]).
+* Allows indicator data to be investigated in Timeline by including the *Add to Timeline* button throughout the Indicators table ({pull}138836[#138836], {pull}140496[#140496]).
+* Removes the Host risk score card from the Overview dashboard ({pull}140177[#140177]).
+* Adds the option to bulk edit rule schedules to the bulk actions menu in the Rules table ({pull}140166[#140166]).
+* Adds the option to bulk edit rule actions to the bulk actions menu in the Rules table ({pull}138900[#138900]).
+* Adds an alert count card to the User, Host, and Network detail pages. The card shows alerts per rule and can be filtered by alert status ({pull}140150[#140150]).
+* Enables the Alerts related by process ancestry section by default. It appears in the Alert details flyout if you have a https://www.elastic.co/pricing[Platinum or Enterprise subscription]. Also allows users with a https://www.elastic.co/pricing[Platinum or Enterprise subscription] to examine alerts associated with events ({pull}140006[#140006]).
+* Enables the Alerts related by session ID section by default. It appears in the Alert details flyout if you have a https://www.elastic.co/pricing[Platinum or Enterprise subscription].
+* Renames the Elastic Endpoint and Cloud Security integration to the Elastic Defend integration ({pull}139517[#139517]).
+* Adds preconfigured use-cases to the setup wizard for the Elastic Defend integration (formerly known as Endpoint and Cloud Security), each with different default settings ({pull}139230[#139230]).
+* Updates the UI for the rule details flyout's *Exceptions* tab ({pull}138770[138770]).
+* Enables the Osquery Response Action and adds an *Osquery Results* tab to the Alert details flyout. You can use the Osquery Response Action to immediately query hosts that generate alerts ({pull}133279[#133279]).
+* Enables rule exceptions to reference value lists, regardless of rule type. One caveat is that text type value lists still do not work for EQL and threshold rules ({pull}133254[#133254]).
+* Introduces the new alert renderer, which concisely displays a detailed summary of the `kibana.alert.reason` field. It appears in Timeline, throughout the Alerts page, and on the alert details flyout ({pull}140825[#140825]).
+
+[discrete]
+[[bug-fixes-8.5.0]]
+==== Bug fixes and enhancements
+* Fixes a bug that sometimes caused event correlation rule (EQL) errors whenever rule queries contain regular expressions using wildcard fields and predefined character classes (for example, `\w`, `\s`, `\d`) (https://github.com/elastic/elasticsearch/pull/90064[#90064]).
+* Adds the `has_guide` tag to all prebuilt rules with investigation guides. Users can filter the Rules table by this tag to quickly find prebuilt rules with investigation guides (https://github.com/elastic/detection-rules/pull/2297[2297]).
+* Informs you when the event analyzer's current time range is too narrow to include event data ({pull}140831[#140831]).
+* Lets you inspect bar charts and data grids, as with other data visualizations ({pull}140810[#140810]).
+* Makes the Indicators table sortable by any column ({pull}140582[#140582]).
+* Provides the ability to add fields to Indicators table ({pull}138882[#138882]).
+* Updates the rule preview UI ({pull}140221[#140221]).
+* Adds an overview tab to the Indicator details flyout ({pull}140073[#140073]).
+* Improves the UI for saved rule queries ({pull}140064[#140064]).
+* Computes `threat.indicator.name` on the {es} server instead of on the client ({pull}139814[#139814]).
+* Makes the state of tables throughout {es-sec} persist, for example when you toggle between table view and grid view ({pull}139696[#139696]).
+* Lets you enable multiple filters using various plus `+` and minus `-` buttons. Previously, adding a new filter in this way could remove the existing filters ({pull}139616[#139616]).
+* Updates rule details page URLs to specify which tab to focus ({pull}139592[#139592]).
+* Simplifies the process of adding a rule exception ({pull}138169[#138169]).
+* Hides the process ancestry insights interface when data is not available ({pull}141751[#141751]).
+* Formats the Rules table's `Last Gap` column in a human-readable way ({pull}141363[#141363]).
+* Introduces fuzzy search for user names in the Actions Log ({pull}141239[#141239]).
+* Improves the *Add Field* menu ({pull}141084[#141084]).
+* Restores your ability to create exceptions with leading or trailing white space ({pull}139617[#139617]).
+* Fixes two minor bugs with the *Overwrite existing rules* option for rule import ({pull}138758[#138758],{pull}139470[#139470]).
+* Fixes a bug that made the `binary` field type seem appear usable in Exception entries despite not being supported ({pull}139370[#139370]).
+* Fixes a bug that prevented a toast message from appearing after you export a rule from the rule details page ({pull}139209[#139209]).
+* Fixes sorting and pagination bugs on the *Import value lists* menu ({pull}138381[#138381]).
+* Mimics native link behavior for single page application links ({pull}142304[#142304]).
+* Fixes validation issues within the rule Actions tab ({pull}141811[#141811]).
+* Fixes a bug with visualization types on the Hosts, Network, Users page ({pull}141235[#141235]).
+* Updates the documentation link in the Trusted applications page ({pull}142467[#142467]).
+* Provides the ability to run Osquery from a rule's investigation guide ({pull}95149[#95149]).