[Security] 8.19.0 release notes (#6925)

natasha-moore-elastic · gabriellandau · nastasha-solomon · web-flow · commit 4b18cab193e4 · 2025-07-29T09:09:39.000+01:00
* [Security] 8.19.0 release notes

* Adds Endpoint RNs

* minor fixes

* Applies Endpoint feedback

Co-authored-by: Gabriel Landau &lt;42078554+gabriellandau@users.noreply.github.com&gt;

* fix variable formatting

* Applies feedback

* address RM and DE feedback

* Update docs/release-notes/8.19.asciidoc

---------

Co-authored-by: Gabriel Landau &lt;42078554+gabriellandau@users.noreply.github.com&gt;
Co-authored-by: Nastasha Solomon &lt;79124755+nastasha-solomon@users.noreply.github.com&gt;
diff --git a/docs/release-notes.asciidoc b/docs/release-notes.asciidoc
@@ -3,6 +3,7 @@
 
 This section summarizes the changes in each release.
 
+* <<release-notes-8.19.0, {elastic-sec} version 8.19.0>>
 * <<release-notes-8.18.4, {elastic-sec} version 8.18.4>>
 * <<release-notes-8.18.3, {elastic-sec} version 8.18.3>>
 * <<release-notes-8.18.2, {elastic-sec} version 8.18.2>>
@@ -89,6 +90,7 @@ This section summarizes the changes in each release.
 * <<release-notes-8.0.0, {elastic-sec} version 8.0.0>>
 * <<release-notes-8.0.0-rc2, {elastic-sec} version 8.0.0-rc2>>
 
+include::release-notes/8.19.asciidoc[]
 include::release-notes/8.18.asciidoc[]
 include::release-notes/8.17.asciidoc[]
 include::release-notes/8.16.asciidoc[]
diff --git a/docs/release-notes/8.19.asciidoc b/docs/release-notes/8.19.asciidoc
@@ -0,0 +1,94 @@
+[[release-notes-header-8.19.0]]
+== 8.19
+
+[discrete]
+[[release-notes-8.19.0]]
+=== 8.19.0
+
+[discrete]
+[[deprecations-8.19.0]]
+==== Deprecations
+* Removes default quick prompts from the Security AI Assistant ({kibana-pull}225536[#225536]).
+
+
+[discrete]
+[[features-8.19.0]]
+==== New features
+* Adds an option to update the `kibana.alert.workflow_status` field for alerts associated with attack discoveries ({kibana-pull}225029[#225029]).
+* The rule execution gaps functionality is now generally available ({kibana-pull}224657[#224657]).
+* Adds the ability to bulk fill gaps ({kibana-pull}224585[#224585]).
+* Automatic migration is now generally available ({kibana-pull}224544[#224544]).
+* Adds a name field to the automatic migration UI ({kibana-pull}223860[#223860]).
+* Adds the ability to bulk set up and delete alert suppression ({kibana-pull}223090[#223090]).
+* Adds the ability to change rule migration execution settings when re-processing a migration ({kibana-pull}222542[#222542]).
+* Adds `runscript` response action support for Microsoft Defender for Endpoint–enrolled hosts ({kibana-pull}222377[#222377]).
+* Updates automatic migration API schema ({kibana-pull}219597[#219597]).
+* Adds automatic saving of attack discoveries, with search and filter capabilities ({kibana-pull}218906[#218906]).
+* Adds the ability to edit highlighted fields in the alert details flyout ({kibana-pull}216740[#216740]).
+* Adds the XSOAR connector ({kibana-pull}212049[#212049]).
+* Adds a custom script selector for choosing scripts to execute when using the `runscript` response action ({kibana-pull}204965[#204965]).
+
+[discrete]
+[[enhancements-8.19.0]]
+==== Enhancements
+* Updates {elastic-sec} Labs Knowledge Base content ({kibana-pull}227125[#227125]).
+* Bumps default Gemini model ({kibana-pull}225917[#225917]).
+* Groups vulnerabilities by resource and cloud account using IDs instead of names ({kibana-pull}225492[#225492]).
+* Adds prompt tiles to the Security AI Assistant ({kibana-pull}224981[#224981]).
+* Adds support for collapsible sections in integrations READMEs ({kibana-pull}223916[#223916]).
+* Adds advanced policy settings in {elastic-defend} to enable collection of file origin information for File, Process, and DLL (ImageLoad) events ({kibana-pull}222030[#222030], {kibana-pull}223882[#223882]).
+* Adds the `ecs@mappings` component to the transform destination index template ({kibana-pull}223878[#223878]).
+* Adds the ability to revert a customized prebuilt rule to its original version ({kibana-pull}223301[#223301]).
+* Displays which fields are customized for prebuilt rules ({kibana-pull}225939[#225939]).
+* Adds an {elastic-defend} advanced policy setting that allows you to enable or disable the Microsoft-Windows-Security-Auditing ETW provider for security events collection ({kibana-pull}222197[#222197]).
+* Updates the highlighted fields button styling in the alert details flyout ({kibana-pull}221862[#221862]).
+* Expands CVE ID search to all search parameters, not just names ({kibana-pull}221099[#221099]).
+* Improves alert searching and filtering by including additional ECS data stream fields ({kibana-pull}220447[#220447]).
+* Updates default model IDs for {bedrock} and OpenAI connectors ({kibana-pull}220146[#220146]).
+* Adds support for PKI (certificate-based) authentication for the OpenAI **Other** connector providers ({kibana-pull}219984[#219984]).
+* Adds pinning and settings to the **Table** tab in the alert and event details flyouts ({kibana-pull}218686[#218686]).
+* Adds the Security AI prompts integration ({kibana-pull}216106[#216106]).
+* Adds support for grouping multi-value fields in Cloud Security ({kibana-pull}215913[#215913]).
+* Limits unassigned notes to a maximum of 100 per document instead of globally ({kibana-pull}214922[#214922]).
+* Updates the Detection rule monitoring dashboard to include rule gaps histogram ({kibana-pull}214694[#214694]).
+* Adds support for the `MV_EXPAND` command for the {esql} rule type ({kibana-pull}212675[#212675]).
+* Adds support for partial results for the {esql} rule type ({kibana-pull}223198[#223198]).
+* Updates the data view selector in Timelines ({kibana-pull}210585[#210585]).
+* Enables `isolate` and `release` response actions from the event details flyout ({kibana-pull}206857[#206857]).
+* Standardizes action triggers in alerts KPI visualizations ({kibana-pull}206340[#206340]).
+* Adds {elastic-defend} process event monitoring for `ptrace` and `memfd` activity on Linux (kernel 5.10+) using eBPF.
+* Reduces {elastic-defend} CPU usage for ETW events, API events, and behavioral protections. In some cases, this may be a significant reduction.
+* {elastic-defend}: Changes the security events source from the Event Log provider to Event Tracing for Windows (Microsoft-Windows-Security Auditing) provider and enriches the events with additional data.
+* Reduces {elastic-defend} CPU and memory usage for behavioral protections.
+* Improves the resilience of {elastic-defend} in low memory situations.
+* Reduces {elastic-defend} CPU usage and improves system responsiveness for malware and memory protections.
+* Reduces {elastic-defend} CPU when processing events from the System process, such as IIS network events.
+* Improves {elastic-defend} logging of fatal exceptions.
+* Improves {elastic-defend} call site analysis logic.
+
+[discrete]
+[[bug-fixes-8.19.0]]
+==== Fixes
+* Fixes a bug where Timelines and investigations did not consistently use the default Security data view ({kibana-pull}226314[#226314]).
+* Fixes a bug where opening an alert deeplink didn't correctly load filters on the **Alerts** page ({kibana-pull}225650[#225650]).
+* Updates entity links to open in a flyout instead of leaving the current page ({kibana-pull}225381[#225381]).
+* Adds a title to the rule gap histogram in the Detection rule monitoring dashboard ({kibana-pull}225274[#225274]).
+* Fixes a bug where pressing Escape with an alert details flyout open from a Timeline closed the Timeline instead of the flyout ({kibana-pull}224352[#224352]).
+* Fixes a bug where comma-separated `process.args` values didn't wrap properly in the alert details flyout's **Overview** tab ({kibana-pull}223544[#223544]).
+* Fixes a bug where cell actions didn't work when opening a Timeline from specific rule types ({kibana-pull}223305[#223305]).
+* Fixes wrapping for threat indicator match event renderer ({kibana-pull}223164[#223164]).
+* Fixes a z-index issue in the {esql} query editor within Timeline ({kibana-pull}222841[#222841]).
+* Fixes incorrect content displaying after tab switching in the integrations section on the **Get started** page.
+({kibana-pull}222271[#222271]).
+* Fixes the exception flyout to show the correct "Edit rule exception" title and button label when editing an exception item ({kibana-pull}222248[#222248]).
+* Retrieves active integrations from the installed integrations API ({kibana-pull}218988[#218988]).
+* Updates tooltips in the gap fills table ({kibana-pull}218926[#218926]).
+* Fixes AI Assistant prompt updates so UI changes reflect only successful updates ({kibana-pull}217058[#217058]).
+* Fixes error callout placement on the **Engine Status** tab of the **Entity Store** page ({kibana-pull}216228[#216228]).
+* Generalizes and consolidates custom {fleet} onboarding logic ({kibana-pull}215561[#215561]).
+* Fixes an alert grouping re-render issue that caused infinite rendering loops when selecting a group ({kibana-pull}215086[#215086]).
+* Fixes a bug in the alert details flyout's **Table** tab where fields displayed duplicate hover actions ({kibana-pull}212316[#212316]).
+* Refactors conversation pagination for the Security AI Assistant ({kibana-pull}211831[#211831]).
+* Fixes the {elastic-defend} artifact `channel` field and adds `manifest_type` in {elastic-defend} policy responses.
+* Fixes a bug in {elastic-defend} where Linux network events would have source and destination byte counts swapped.
+* Fixes a memory growth bug in {elastic-defend} on Linux when both **Collect session data** and **Capture terminal output** are enabled.
