Skip to content

[Security] Add resolved date for entity risk score known issue #3800

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 5 commits into from
Nov 4, 2025
Merged

[Security] Add resolved date for entity risk score known issue #3800

Changes from 3 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
6f5831d
[Security] Update All hosts screenshot
natasha-moore-elastic Nov 3, 2025
082996d
Add resolved date for entity risk score known issue
natasha-moore-elastic Nov 4, 2025
544ac07
Merge branch 'main' into ea-known-issue
natasha-moore-elastic Nov 4, 2025
3d031c9
reorder
natasha-moore-elastic Nov 4, 2025
bd1aead
Merge branch 'main' into ea-known-issue
natasha-moore-elastic Nov 4, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 17 additions & 13 deletions release-notes/elastic-cloud-serverless/known-issues.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,22 @@ Set the alert delay value to 1 or turn on **Alert flapping detection**.

::::

## Resolved

:::{dropdown} Installing the {{elastic-defend}} integration or a new agent policy in {{sec-serverless}} forces an upgrade of prebuilt rules

On April 10, 2025, it was discovered that when you install a new {{elastic-defend}} integration or agent policy, the installed prebuilt detection rules upgrade to their latest versions (if any new versions are available). The upgraded rules lose any user-added rule actions, exceptions, and customizations.

**Workaround**

To resolve this issue, before you add an {{elastic-defend}} integration to a policy in {{fleet}}, apply any pending prebuilt rule updates. This will prevent rule actions, exceptions, and customizations from being overwritten.

**Resolved**

This was resolved on April 14, 2025.

:::

:::{dropdown} In {{sec-serverless}}, the entity risk score feature may stop persisting risk score documents

On May 30, 2025, it was discovered that the entity risk score feature may stop persisting risk score documents if risk scoring was previously turned on. This is due to a bug that prevents the `entity_analytics_create_eventIngest_from_timestamp-pipeline-<space_name>` ingest pipeline (which is set as a default pipeline for the risk scoring index in an earlier {{serverless-short}} release) from being created when {{kib}} starts up.
Expand Down Expand Up @@ -93,20 +109,8 @@ PUT /_ingest/pipeline/entity_analytics_create_eventIngest_from_timestamp-pipelin

After you complete this step, risk scores should automatically begin to successfully persist during the entity risk engine's next run. Details for the next run time are described on the **Entity risk score** page, where you can also manually run the risk score by clicking **Run Engine**.

:::

## Resolved

:::{dropdown} Installing the {{elastic-defend}} integration or a new agent policy in {{sec-serverless}} forces an upgrade of prebuilt rules

On April 10, 2025, it was discovered that when you install a new {{elastic-defend}} integration or agent policy, the installed prebuilt detection rules upgrade to their latest versions (if any new versions are available). The upgraded rules lose any user-added rule actions, exceptions, and customizations.

**Workaround**

To resolve this issue, before you add an {{elastic-defend}} integration to a policy in {{fleet}}, apply any pending prebuilt rule updates. This will prevent rule actions, exceptions, and customizations from being overwritten.

**Resolved**

This was resolved on April 14, 2025.
This was resolved on June 17, 2025.

:::