elastic · benironside · Jul 25, 2023 · Jul 6, 2023 · Jul 6, 2023 · Jul 6, 2023
@@ -3,6 +3,7 @@
 
 This section summarizes the changes in each release.
 
+* <<release-notes-8.9.0, {elastic-sec} version 8.9.0>>
 * <<release-notes-8.8.2, {elastic-sec} version 8.8.2>>
 * <<release-notes-8.8.1, {elastic-sec} version 8.8.1>>
 * <<release-notes-8.8.0, {elastic-sec} version 8.8.0>>
@@ -40,6 +41,7 @@ This section summarizes the changes in each release.
 :issue: https:/elastic/kibana/issues/
 :pull: https:/elastic/kibana/pull/
 
+include::release-notes/8.9.asciidoc[]
 include::release-notes/8.8.asciidoc[]
 include::release-notes/8.7.asciidoc[]
 include::release-notes/8.6.asciidoc[]

@@ -231,12 +231,7 @@ GET .kibana*/_search
 [[breaking-changes-8.7.0]]
 ==== Breaking changes
 
-//tag::breaking-changes[]
-// NOTE: The breaking-changes tagged regions are reused in the Elastic Installation and Upgrade Guide. The pull attribute is defined within this snippet so it properly resolves in the output.
-:pull: https:/elastic/kibana/pull/
 There are no breaking changes in 8.7.0.
-//end::breaking-changes[]
-
 
 [discrete]
 [[deprecations-8.7.0]]

@@ -0,0 +1,72 @@
+[[release-notes-header-8.9.0]]
+== 8.9.0
+
+[discrete]
+[[release-notes-8.9.0]]
+=== 8.9
+
+[discrete]
+[[known-issue-8.9.0]]
+==== Known issues
+
+* On the new Detection rule monitoring dashboard, total `Rule executions` will not always equal the sum of `Succeeded`, `Warning`, and `Failed` executions. This is expected because rules can write multiple statuses per execution. One typical example is gap detection: if a rule detects a gap in rule execution it will write an intermediate `Failed` status, then continue to run, and write a final status (such as `Warning`) before finishing its execution.
+* Rule changes can't be saved if the rule's action frequency is shorter than the rule's run interval.
+* The upload response action does not report the correct amount of available disk space. The correct amount is approximately four gigabytes. 
+
+[discrete]
+[[breaking-changes-8.9.0]]
+==== Breaking changes
+//tag::breaking-changes[]
+// NOTE: The breaking-changes tagged regions are reused in the Elastic Installation and Upgrade Guide. The pull attribute is defined within this snippet so it properly resolves in the output.
+// THIS ALSO MEANS IF YOU USE LINKS HERE, THEY SHOULD BE FULL URLS WITH NO ATTRIBUTES
+
+:pull: https:/elastic/kibana/pull/
+
+There are no breaking changes in 8.9.0.
+
+//end::breaking-changes[]
+
+[discrete]
+[[deprecations-8.9.0]]
+==== Deprecations
+* Removes the option to use the legacy navigation menu ({pull}158094[#158094]).
+* Several prebuilt threat indicator match rules were deprecated and replaced with improved indicator type rules. 
+
+[discrete]
+[[features-8.9.0]]
+==== New features
+* Allows you to install the Cloud Security Posture Management (CSPM) integration via CloudFormation ({pull}159994[#159994]).
+* Creates a new dashboard, Cloud Native Vulnerability Management, that provides an overview of vulnerabilities on your cloud hosts ({pull}159699[#159699]).
+* Allows you to group vulnerabilities by resource (host) on the Vulnerabilities Findings page, and creates a Resource flyout that displays detailed vulnerability findings for individual hosts ({pull}159873[#159873], {pull}158987[#158987]).
+* Adds a new custom dashboard, "Detection rule monitoring" ({pull}159875[#159875]).
+* Allows you to anonymize event field values sent to AI Assistant ({pull}159857[#159857]).
+* Adds a *Chat* button that opens AI Assistant to the alert details flyout ({pull}159633[#159633]).
+* Updates AI Assistant to let you create and delete custom system prompts and default conversations ({pull}159365[#159365]).
+* Allows you to add alert tags ({pull}157786[#157786]).
+* Adds the ability to automatically isolate a host through a rule’s endpoint response action. 
+* Moves response actions to General Availability.
+* Adds a new response action that allows you to upload files to an endpoint that has {elastic-endpoint} installed.
+* Makes the Lateral Movement Detection advanced analytics package General Availability, and adds the ability to detect malicious activities in Windows RDP events (https:/elastic/integrations/pull/6588[#6588]).
+
+[discrete]
+[[enhancements-8.9.0]]
+==== Enhancements
+* Adds a *Last response* dropdown menu to the Rules table that allows you to filter rules by the status of their last execution ("Succeeded", "Warning", or "Failed") ({pull}159865[#159865]).
+* Creates a Lens dashboard for monitoring the use of tokens by AI Assistant ({pull}159075[#159075]).
+* Creates a connector for D3 Security ({pull}158569[#158569]).
+* Improves the interface for installing and upgrading Elastic prebuilt rules ({pull}158450[#158450]).
+* Shows a rule's actions on its details page ({pull}158189[#158189]).
+* Allows you to add Lens visualizations to cases from the visualization's *More actions* menu ({pull}154918[#154918]).
+* Adds a tooltip to snoozed rules that shows exactly when alerting will resume ({pull}157407[#157407]).
+* Enhances the Data Exfiltration Detection package by adding the ability to detect exfiltration anomalies through USB devices and Airdrop (https:/elastic/integrations/pull/6577[#6577]).
+
+[discrete]
+[[bug-fixes-8.9.0]]
+==== Bug fixes
+* Fixes a bug that prevented rule exceptions from being auto-populated when you created a new exception from an alert's **Take action** menu.
+* Fixes a UI bug that overlaid **Default Risk score** values as you created a new rule.
+* Fixes a bug that restricted the number of cloud accounts which could appear on the Cloud Security Posture dashboard to 10 ({pull}157233[#157233]).
+* Fixes a bug that allowed you to save a rule with an alert filter missing a query ({pull}159690[#159690]).
+* Fixes inconsistent filtering behavior on the Alerts page. Now, when you select a filter that would exclude all alerts, an empty table appears as expected ({pull}160374[#160374]).
+* Improves input validation for investigation guide queries ({pull}160574[#160574], {pull}160577[#160577]).
+* Fixes a bug that caused rules to snooze longer than specified ({pull}152873[#152873]).