From f2ff4de94e99096c99106b9d601187d5a6f4a9f7 Mon Sep 17 00:00:00 2001
From: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com>
Date: Wed, 10 Feb 2021 10:59:44 -0500
Subject: [PATCH] [DOCS] What's new in 7.11 (#511) (#517)

---
 docs/whats-new.asciidoc | 27 +++++++++++++++++++++++++--
 1 file changed, 25 insertions(+), 2 deletions(-)

diff --git a/docs/whats-new.asciidoc b/docs/whats-new.asciidoc
index 39f115bd4e..1283ccedf2 100644
--- a/docs/whats-new.asciidoc
+++ b/docs/whats-new.asciidoc
@@ -2,6 +2,29 @@
 [chapter]
 = What's new
 
+[discrete]
+[[sec-7.11-release]]
+== 7.11 release
+
+[discrete]
+[[sec-enhancements-7.11]]
+=== New features
+
+* New <<prebuilt-rules, prebuilt detection rules>>.
+* <<detections-ui-exceptions, Exceptions>> can be assigned to to threshold and {ml} rules.
+* Enhanced UI to <<manage-exceptions, view and manage exceptions>>.
+* Add MITRE ATT&CK sub-techniques in <<rule-ui-advanced-params, advanced rule settings>>.
+* New <<rule-notifications, rule actions>> and enhanced <<rule-action-variables, alert notifications>>.
+* New support for <<cold-tier-detections, cold tier data>> and searchable snapshots for specific {es} indices.
+* <<self-protection, Self-protection>> enabled on Windows and macOS by default.
+* Register {es-sec} as an <<register-as-antivirus, antivirus solution>> on Windows.
+* Customize <<malware-protection, malware>> notification messages.
+* Enhanced <<timelines-ui, Timeline>> design with accessibility features.
+* Enhanced capability to add a <<trusted-apps-ov, trusted application>> by signer.
+* Enhanced <<visual-event-analyzer, event visualization>> for Endpoint and Windows process events.
+* New <<signals-migration-api, detection alerts migration API>> feature, which can be used to enable new features on existing detection alerts.
+* Fourteen new {ml} {anomaly-jobs} have been added, which support multi-index analysis for Linux or Windows data and detect anomalous user, process, and network port activity. See <<security-linux-jobs>> and <<security-windows-jobs>>.
+
 [discrete]
 [[sec-7.10-release]]
 == 7.10 release
@@ -22,8 +45,8 @@
 * New <<create-eql-rule, Event Correlation rule type>> based on {ref}/eql.html[EQL (Event Query Language)].
 * New <<create-indicator-rule, Indicator Match rule type>> to create alerts for index field values that match threat indices.
 * Free, open detections in the https://github.com/elastic/detection-rules#detection-rules[Detection Rules repo].
-* New <<timelines-ui, timeline enhancements>> that include detection alert actions.
-* Connect and send <<cases-overview, cases>> to external systems (ServiceNow, Jira, Resilient)
+* New <<timelines-ui, Timeline enhancements>> that include detection alert actions.
+* Connect and send <<cases-overview, cases>> to external systems (ServiceNow, Jira, Resilient).
 * In addition to new <<prebuilt-rules, prebuilt rules>> for 7.10, {elastic-sec} now provides additional {anomaly-jobs} for {auditbeat} and
 {winlogbeat} data. Twelve new metadata and discovery analysis jobs have been
 added to enable threat detection on metadata services, system and discovery