From 1ac2cd37a7616df6e88ed9eddd57fbd7f54906ca Mon Sep 17 00:00:00 2001 From: Janeen Roberts Date: Fri, 11 Apr 2025 13:04:33 -0400 Subject: [PATCH 1/3] Adds a known issue for serverless and 9.0 --- .../elastic-cloud-serverless/known-issues.md | 10 ++++++++++ release-notes/elastic-security/known-issues.md | 12 ++++++++++++ 2 files changed, 22 insertions(+) diff --git a/release-notes/elastic-cloud-serverless/known-issues.md b/release-notes/elastic-cloud-serverless/known-issues.md index 748eb387c..3c5bee004 100644 --- a/release-notes/elastic-cloud-serverless/known-issues.md +++ b/release-notes/elastic-cloud-serverless/known-issues.md @@ -14,4 +14,14 @@ Known issues are significant defects or limitations that may impact your impleme % **Workaround** % Workaround description. +::: + +:::{dropdown} In Elastic Security Serverless, installing an {{elastic-defend}} integration or a new agent policy upgrades installed prebuilt rules, reverting user customizations and overwriting user-added actions and exceptions + +On April 10, 2025, it was discovered that when you install an {{elastic-defend}} integration or a new agent policy for this integration, the installed prebuilt detection rules are upgraded to their latest versions (if any new versions are available). The upgraded rules lose any user-added rule actions, exceptions, and any user customizations. + +**Workaround** + +To resolve this issue, before you add an {{elastic-defend}} integration to a policy in {{fleet}}, apply any pending prebuilt rule updates. This will prevent rule actions, exceptions, and customizations from being overwritten. + ::: \ No newline at end of file diff --git a/release-notes/elastic-security/known-issues.md b/release-notes/elastic-security/known-issues.md index fac1ea8a6..59e923569 100644 --- a/release-notes/elastic-security/known-issues.md +++ b/release-notes/elastic-security/known-issues.md @@ -17,6 +17,18 @@ Known issues are significant defects or limitations that may impact your impleme ::: +:::{dropdown} Installing an {{elastic-defend}} integration or a new agent policy upgrades installed prebuilt rules, reverting user customizations and overwriting user-added actions and exceptions + +**{{stack}} versions: 9.0.0** + +On April 10, 2025, it was discovered that when you install an {{elastic-defend}} integration or a new agent policy for this integration, the installed prebuilt detection rules are upgraded to their latest versions (if any new versions are available). The upgraded rules lose any user-added rule actions, exceptions, and any user customizations. + +**Workaround** + +To resolve this issue, before you add an {{elastic-defend}} integration to a policy in {{fleet}}, apply any pending prebuilt rule updates. This will prevent rule actions, exceptions, and customizations from being overwritten. + +::: + :::{dropdown} The technical preview badge incorrectly displays on the alert suppression fields for event correlation rules **{{stack}} versions: 9.0.0** From e5f3109da4b8783dd8bf50223c52627427f35159 Mon Sep 17 00:00:00 2001 From: Janeen Roberts Date: Fri, 11 Apr 2025 13:43:50 -0400 Subject: [PATCH 2/3] Adds attribute --- release-notes/elastic-cloud-serverless/known-issues.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/release-notes/elastic-cloud-serverless/known-issues.md b/release-notes/elastic-cloud-serverless/known-issues.md index 3c5bee004..b1a78f613 100644 --- a/release-notes/elastic-cloud-serverless/known-issues.md +++ b/release-notes/elastic-cloud-serverless/known-issues.md @@ -16,7 +16,7 @@ Known issues are significant defects or limitations that may impact your impleme ::: -:::{dropdown} In Elastic Security Serverless, installing an {{elastic-defend}} integration or a new agent policy upgrades installed prebuilt rules, reverting user customizations and overwriting user-added actions and exceptions +:::{dropdown} In {{sec-serverless}}, installing an {{elastic-defend}} integration or a new agent policy upgrades installed prebuilt rules, reverting user customizations and overwriting user-added actions and exceptions On April 10, 2025, it was discovered that when you install an {{elastic-defend}} integration or a new agent policy for this integration, the installed prebuilt detection rules are upgraded to their latest versions (if any new versions are available). The upgraded rules lose any user-added rule actions, exceptions, and any user customizations. From bcbf32ad83d657446a3ae5043721c0632560a52b Mon Sep 17 00:00:00 2001 From: Janeen Roberts Date: Fri, 11 Apr 2025 13:47:17 -0400 Subject: [PATCH 3/3] Incorporates feedback --- release-notes/elastic-cloud-serverless/known-issues.md | 2 +- release-notes/elastic-security/known-issues.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/release-notes/elastic-cloud-serverless/known-issues.md b/release-notes/elastic-cloud-serverless/known-issues.md index b1a78f613..02440990b 100644 --- a/release-notes/elastic-cloud-serverless/known-issues.md +++ b/release-notes/elastic-cloud-serverless/known-issues.md @@ -18,7 +18,7 @@ Known issues are significant defects or limitations that may impact your impleme :::{dropdown} In {{sec-serverless}}, installing an {{elastic-defend}} integration or a new agent policy upgrades installed prebuilt rules, reverting user customizations and overwriting user-added actions and exceptions -On April 10, 2025, it was discovered that when you install an {{elastic-defend}} integration or a new agent policy for this integration, the installed prebuilt detection rules are upgraded to their latest versions (if any new versions are available). The upgraded rules lose any user-added rule actions, exceptions, and any user customizations. +On April 10, 2025, it was discovered that when you install a new {{elastic-defend}} integration or agent policy, the installed prebuilt detection rules upgrade to their latest versions (if any new versions are available). The upgraded rules lose any user-added rule actions, exceptions, and customizations. **Workaround** diff --git a/release-notes/elastic-security/known-issues.md b/release-notes/elastic-security/known-issues.md index 59e923569..96dca6490 100644 --- a/release-notes/elastic-security/known-issues.md +++ b/release-notes/elastic-security/known-issues.md @@ -21,7 +21,7 @@ Known issues are significant defects or limitations that may impact your impleme **{{stack}} versions: 9.0.0** -On April 10, 2025, it was discovered that when you install an {{elastic-defend}} integration or a new agent policy for this integration, the installed prebuilt detection rules are upgraded to their latest versions (if any new versions are available). The upgraded rules lose any user-added rule actions, exceptions, and any user customizations. +On April 10, 2025, it was discovered that when you install a new {{elastic-defend}} integration or agent policy, the installed prebuilt detection rules upgrade to their latest versions (if any new versions are available). The upgraded rules lose any user-added rule actions, exceptions, and customizations. **Workaround**