9.0 Security RN updates

release-notes/elastic-security/breaking-changes.md

@@ -17,9 +17,9 @@ Breaking changes can impact your Elastic applications, potentially disrupting no
 % ::::
 
 ## 9.0.0 [elastic-security-900-breaking-changes]
-**Release date:** April 2, 2025
+**Release date:** April 8, 2025
 
-::::{dropdown} Removed legacy security rules bulk endpoints
+::::{dropdown} Removes legacy security rules bulk endpoints
 * `POST /api/detection_engine/rules/_bulk_create` has been replaced by `POST /api/detection_engine/rules/_import`
 * `PUT /api/detection_engine/rules/_bulk_update` has been replaced by `POST /api/detection_engine/rules/_bulk_action`
 * `PATCH /api/detection_engine/rules/_bulk_update has been replaced by `POST /api/detection_engine/rules/_bulk_action`
@@ -50,7 +50,7 @@ Update your implementations to use the new endpoints:
     * Alternatively, delete rules individually using `DELETE /api/detection_engine/rules` ([API documentation](https://www.elastic.co/docs/api/doc/kibana/operation/operation-deleterule)).
 ::::
 
-::::{dropdown} Remove deprecated endpoint management endpoints
+::::{dropdown} Removes deprecated endpoint management endpoints
 * `POST /api/endpoint/isolate` has been replaced by `POST /api/endpoint/action/isolate`
 * `POST /api/endpoint/unisolate` has been replaced by `POST /api/endpoint/action/unisolate`
 * `GET /api/endpoint/policy/summaries` has been deprecated without replacement. Will be removed in v9.0.0
@@ -70,13 +70,13 @@ Update your implementations to use the new endpoints:
 ::::
 
 ::::{dropdown} Refactors the Timeline HTTP API endpoints
-For more information, check [#200633]({{kib-pull}}200633).
+For more information, refer to [#200633]({{kib-pull}}200633).
 ::::
 
 ::::{dropdown} Removes deprecated {{elastic-defend}} APIs
-For more information, check [#199598]({{kib-pull}}199598).
+For more information, refer to [#199598]({{kib-pull}}199598).
 ::::
 
 ::::{dropdown} Removes deprecated API endpoints for bulk CRUD actions on detection rules
-For more information, check [#197422]({{kib-pull}}197422) and [#207906]({{kib-pull}}207906).
+For more information, refer to [#197422]({{kib-pull}}197422) and [#207906]({{kib-pull}}207906).
 ::::

release-notes/elastic-security/deprecations.md

@@ -12,30 +12,30 @@ Review the deprecated functionality for {{elastic-sec}}. While deprecations have
 
 % ::::{dropdown} Deprecation title
 % Description of the deprecation.
-% For more information, check [PR #](PR link).
+% For more information, refer to [PR #](PR link).
 % **Impact**<br> Impact of deprecation. 
 % **Action**<br> Steps for mitigating deprecation impact.
 % ::::
 
 ## 9.0.0 [elastic-security-900-deprecations]
-**Release date:** April 2, 2025
+**Release date:** April 8, 2025
 
 ::::{dropdown} Renames the `integration-assistant` plugin
 Renames the `integration-assistant` plugin to `automatic-import` to match the associated feature.
-For more information, check [#207325]({{kib-pull}}207325).
+For more information, refer to [#207325]({{kib-pull}}207325).
 ::::
 
 ::::{dropdown} Removes legacy risk engine
 Removes all legacy risk engine code and features.
-For more information, check [#201810]({{kib-pull}}201810).
+For more information, refer to [#201810]({{kib-pull}}201810).
 ::::
 
 ::::{dropdown} Removes {{elastic-defend}} API endoints
 Removes deprecated API endpoints for {{elastic-defend}}.
-For more information, check [#199598]({{kib-pull}}199598).
+For more information, refer to [#199598]({{kib-pull}}199598).
 ::::
 
 ::::{dropdown} Deprecates SIEM signals migration APIs
-Deprecates the SIEM signals migration APIs.
-For more information, check [#202662]({{kib-pull}}202662).
+Removes the SIEM signals migration APIs.
+For more information, refer to [#202662]({{kib-pull}}202662).
 ::::

release-notes/elastic-security/index.md

@@ -23,21 +23,26 @@ To check for security updates, go to [Security announcements for the Elastic sta
 % *
 
 ## 9.0.0 [elastic-security-900-release-notes]
-**Release date:** April 2, 2025
+**Release date:** April 8, 2025
+
+::::{NOTE}
+All features introduced in 8.18.0 are also available in 9.0.0.
+::::
 
 ### Features and enhancements [elastic-security-900-features-enhancements]
 * Enables Automatic Import to accept CEL log samples [#206491]({{kib-pull}}206491)
-* Applies the latest Elastic UI framework (EUI) to {{elastic-sec}} features [#204007]({{kib-pull}}204007) and [#204908]({{kib-pull}}204908)
-* Adds the option to view {es} queries that run during rule execution for threshold, custom query, and {{ml}} rules [#203320]({{kib-pull}}203320)
-* Enables Automatic Import to accept CEL log samples [#206491]({{kib-pull}}206491)
+* Enhances Automatic Import by including setup and troubleshooting documentation for each input type that's selected in the readme [#206477]({{kib-pull}}206477)
 * Applies the latest Elastic UI framework (EUI) to {{elastic-sec}} features [#204007]({{kib-pull}}204007) and [#204908]({{kib-pull}}204908)
 * Adds the option to view {{es}} queries that run during rule execution for threshold, custom query, and {{ml}} rules [#203320]({{kib-pull}}203320)
-* Enhances Automatic Import by including setup and troubleshooting documentation for each input type that's selected in the readme [#206477]({{kib-pull}}206477)
 * Allows users to include `closed` alerts in risk score calculations [#201909]({{kib-pull}}201909)
 * Adds the ability to continue to the Entity Analytics dashboard when there is no data [#201363]({{kib-pull}}201363)
 * Modifies the privilege-checking behavior during rule execution. Now, only read privileges of extant indices are checked during rule execution [#177658]({{kib-pull}}177658)
 
 
 ### Fixes [elastic-security-900-fixes]
+* Fixes a bug that caused the Entity Analytics Dashboard refresh button to break risk score tables [#215472]({{kib-pull}}215472).
+* Fixes AI Assistant `apiConfig` set by Security getting started page [#213971]({{kib-pull}}213971).
+* Limits the length of `transformID` to 36 characters [#213405]({{kib-pull}}213405).
 * Ensures that table actions use standard colors [#207743]({{kib-pull}}207743)
 * Fixes a bug with the **Save and continue** button on a {{fleet}} form [#211563]({{kib-pull}}211563)
+

release-notes/elastic-security/known-issues.md

@@ -19,15 +19,3 @@ Known issues are significant defects or limitations that may impact your impleme
 % Workaround description.
 
 :::
-
-:::{dropdown} Duplicate alerts can be produced from manually running threshold rules
-**Elastic Stack versions: 9.0.0**
-
-On November 12, 2024, it was discovered that manually running threshold rules could produce duplicate alerts if the date range was already covered by a scheduled rule execution.
-:::
-
-:::{dropdown} Manually running custom query rules with suppression could suppress more alerts than expected
-**Elastic Stack versions: 9.0.0**
-
-On November 12, 2024, it was discovered that manually running a custom query rule with suppression could incorrectly inflate the number of suppressed alerts. 
-:::