v9.0.1

What's Changed

• Change the size of region_start_bytes + add the field to the alert data stream by @AsuNa-jp in #591
• Cleanup format by @pzl in #613
• add prebuilt rules bug banner by @pzl in #612

Full Changelog: v9.0.0...v9.0.1

v8.18.1

What's Changed

• Change the size of region_start_bytes + add the field to the alert data stream by @AsuNa-jp in #591
• Rules notice by @pzl in #618

Full Changelog: v8.18.0...v8.18.1

v9.0.0

What's Changed

• Add fleet unenrolled audit fields by @pzl in #579
• update metrics custom documentation by @jdu2600 in #580
• update alerts custom documentation by @jdu2600 in #581
• [macOS] Security events by @ricardo-estc in #582
• Add custom documentation for noisy processes by @brian-mckinney in #583

Release and Maintenance work

• Update branch target for major v9 by @pzl in #578
• Catch up from 8.18 by @pzl in #587
• disable DRY_RUN on releasable branches by @pzl in #589
• 9.0 release by @pzl in #593

Full Changelog: v8.18.0...v9.0.0

v8.18.0

What's Changed

• Prepare 8.18 dev cycle by @pzl in #563
• Add memfd_create fields to process datastream by @fearful-symmetry in #564
• Aggregate network events for macOS, Linux, and Windows by @nicholasberlin in #555
• Memfd field types fix by @pzl in #568
• global artifacts rollout channel by @intxgo in #569
• [8.18] Add new memory region field (region_start_bytes) by @AsuNa-jp in #567
• Include policy name in alerts by @intxgo in #570
• Update README.md by @nick-alayil in #566
• [8.18] Add Target.process.Ext.protection to API event custom docs by @gabriellandau in #573
• Update schema and docs for ptrace, shmget events, fix docs for memfd events by @fearful-symmetry in #565
• Add linux dns events by @nicholasberlin in #574
• documentation update, policy name in alert by @intxgo in #571
• [8.18] API - AmsiScanBuffer events and new final_hook_module fields by @jdu2600 in #572
• Add Ext.command_line_truncated by @nicholasberlin in #576
• update version constraint to be upgradable to 9.0, bump pre by @pzl in #577
• Release 8.18 by @pzl in #584

New Contributors

• @fearful-symmetry made their first contribution in #564
• @nick-alayil made their first contribution in #566

Full Changelog: v8.17.0...v8.18.0

v8.17.0

What's Changed

• Prepare 8.17 dev cycle on main branch by @pzl in #558
• 8.17.0 Release by @pzl in #562

there are no functional changes between this release and 8.16.0. This release will simply keep in line with stack release, so that kibana 8.17 users do not get confused, or wonder if an upgrade failed, if they see their defend integration is still at 8.16.0.

Full Changelog: v8.16.0...v8.17.0

v8.16.0

What's Changed

• Prepare 8.16 dev cycle by @pzl in #517
• index call_stack_summary in API events by @jdu2600 in #520
• Enable endpoint policy.applied.artifacts mapping by @pzl in #523
• Add Target.process.Ext.authentication_id and process.Ext.authentication_id to Security events by @ayfaouzi in #525
• pull-forward 8.15.1 changelog by @pzl in #533
• Secondary Malware Signature Fields by @gabriellandau in #538
• Add dns.resolved_ip to Windows custom docs to address recent regression. by @gabriellandau in #540
• WMI (WMI-Activity ETW Provider) API Event (production) by @AsuNa-jp in #527
• API - DeviceIoControl events and new final_user_module fields by @jdu2600 in #545
• Add winlog.event_data.PrivilegeList to security events by @ayfaouzi in #547
• Update WMI event fields and add missing custom documentation fields by @AsuNa-jp in #546
• 8.16.0 Release by @pzl in #557

New Contributors

• @ayfaouzi made their first contribution in #519

Full Changelog: v8.15.2...v8.16.0

8.15.2

What's Changed

• Secondary Malware Signature Fields (#538) by @gabriellandau in #539

Full Changelog: v8.15.1...v8.15.2

8.15.1

What's Changed

• Add process.Ext.protection to Windows library events by @jdu2600 in #528

Full Changelog: v8.15.0...v8.15.1

8.15.0

What's Changed

• Prepare main branch for next release cycle by @pzl in #495
• cherry-pick update custom documentation (#497) by @intxgo in #498
• remove unreleased document fields documentation which were accidental… by @intxgo in #501
• Fix formatting/order from ecs build tool by @pzl in #505
• [8.15] add truncated_stack to api.behaviors documentation by @jdu2600 in #504
• Add event.dataset to api datastream by @pzl in #507
• add heartbeat billable field by @joeypoon in #510
• 8.15 update custom documentation by @intxgo in #513
• Add file.origin_referrer_url and file.origin_url to FileEvent by @AsuNa-jp in #514
• Prepare 8.15 release by @pzl in #515

Full Changelog: v8.14.0...v8.15.0

v8.14.0

What's Changed

• setup 8.14 cycle by @pzl in #476
• Test Enable HTTPS cloning by @pzl in #481
• Add missing branch defs by @pzl in #482
• add the files missing from #470 by @ferullo in #486
• Added 'effective' user field. by @matthewscherer in #485
• [8.14] API event field updates by @jdu2600 in #479
• Convert transforms to v3 yaml definition & set to unattended by @pzl in #487
• Bump prerelease for testing by @pzl in #488
• Revert unattended transforms, bump prelease by @pzl in #489
• HWBP => Production by @gabriellandau in #490
• Release 8.14 by @pzl in #493

New Contributors

• @matthewscherer made their first contribution in #485

Full Changelog: v8.13.0...v8.14.0