Merge branch 'main' into issue-5922-exec-type-field

Author: nastasha-solomon

docs/advanced-entity-analytics/asset-criticality.asciidoc

@@ -30,7 +30,7 @@ Entities do not have a default asset criticality level. You can either assign as
 
 When you assign, change, or unassign an individual entity's asset criticality level, that entity's risk score is immediately recalculated.
 
-NOTE: If you assign asset criticality using the file import feature, risk scores are **not** immediately recalculated. The newly assigned or updated asset criticality levels will impact entity risk scores during the next hourly risk scoring calculation.
+NOTE: If you assign asset criticality using the file import feature, risk scores are **not** immediately recalculated. However, you can trigger an immediate recalculation by clicking **Recalculate entity risk scores now**. Otherwise, the newly assigned or updated asset criticality levels will be factored in during the next hourly risk scoring calculation.
 
 You can view, assign, change, or unassign asset criticality from the following places in the {elastic-sec} app:
 
@@ -84,7 +84,9 @@ To import a file:
 NOTE: The file validation step highlights any lines that don't follow the required file structure. The asset criticality levels for those entities won't be assigned. We recommend that you fix any invalid lines and re-upload the file.
 . Click **Assign**. 
 
-This process overwrites any previously assigned asset criticality levels for the entities included in the imported file. The newly assigned or updated asset criticality levels are immediately visible within all asset criticality workflows and will impact entity risk scores during the next risk scoring calculation.
+This process overwrites any previously assigned asset criticality levels for the entities included in the imported file. The newly assigned or updated asset criticality levels are immediately visible within all asset criticality workflows.
+
+You can trigger an immediate recalculation of entity risk scores by clicking **Recalculate entity risk scores now**. Otherwise, the newly assigned or updated asset criticality levels will be factored in during the next hourly risk scoring calculation.
 
 [discrete]
 == Improve your security operations

docs/advanced-entity-analytics/ers-req.asciidoc

@@ -40,9 +40,7 @@ Follow these guidelines to ensure clusters have adequate memory to handle data v
 [discrete]
 === Known limitations
 
-* You can only enable the risk scoring engine in a single {kib} space within a cluster.
-
-* The risk scoring engine uses an internal user role to score all hosts and users, and doesn't respect privileges applied to custom users or roles. After you turn on the risk scoring engine for a {kib} space, all alerts in the space will contribute to host and user risk scores.
+The risk scoring engine uses an internal user role to score all hosts and users, and doesn't respect privileges applied to custom users or roles. After you turn on the risk scoring engine for a {kib} space, all alerts in the space will contribute to host and user risk scores.
 
 [discrete]
 == Asset criticality

docs/detections/rules-ui-manage.asciidoc

@@ -128,6 +128,7 @@ The manual run's details are shown in the <<manual-runs-table,Manual runs>> tabl
 [NOTE] 
 =====
 Be mindful of the following:
+
 * Rule actions are not activated during manual runs. 
 * Except for threshold rules, duplicate alerts aren't created if you manually run a rule during a time range that was already covered by a scheduled run.
 * Manual runs are executed with low priority and limited concurrency, meaning they might take longer to complete. This can be especially apparent for rules requiring multiple executions.

docs/release-notes.asciidoc

@@ -3,6 +3,7 @@
 
 This section summarizes the changes in each release.
 
+* <<release-notes-8.15.3, {elastic-sec} version 8.15.3>>
 * <<release-notes-8.15.2, {elastic-sec} version 8.15.2>>
 * <<release-notes-8.15.1, {elastic-sec} version 8.15.1>>
 * <<release-notes-8.15.0, {elastic-sec} version 8.15.0>>

docs/release-notes/8.14.asciidoc

@@ -37,7 +37,10 @@ When you add tags to alerts from the Alerts table, the previously-selected tags
 
 *Workaround* +
 
-When adding tags to an alert, click the previously-applied tags to re-apply them, then click them again to remove them. Save your changes by clicking *Apply tags*. This removes the old tags from the alert.
+Upgrade to 8.15.3. Alternatively, when adding tags to an alert, click the previously-applied tags to re-apply them, then click them again to remove them. Save your changes by clicking *Apply tags*. This removes the old tags from the alert.
+
+*Resolved* +
+On October 17, 2024, this issue was resolved.
 
 ====
 // end::known-issue-192084[]
@@ -84,7 +87,10 @@ When you add tags to alerts from the Alerts table, the previously-selected tags
 
 *Workaround* +
 
-When adding tags to an alert, click the previously-applied tags to re-apply them, then click them again to remove them. Save your changes by clicking *Apply tags*. This removes the old tags from the alert.
+Upgrade to 8.15.3. Alternatively, when adding tags to an alert, click the previously-applied tags to re-apply them, then click them again to remove them. Save your changes by clicking *Apply tags*. This removes the old tags from the alert.
+
+*Resolved* +
+On October 17, 2024, this issue was resolved.
 
 ====
 // end::known-issue-192084[]
@@ -131,7 +137,10 @@ When you add tags to alerts from the Alerts table, the previously-selected tags
 
 *Workaround* +
 
-When adding tags to an alert, click the previously-applied tags to re-apply them, then click them again to remove them. Save your changes by clicking *Apply tags*. This removes the old tags from the alert.
+Upgrade to 8.15.3. Alternatively, when adding tags to an alert, click the previously-applied tags to re-apply them, then click them again to remove them. Save your changes by clicking *Apply tags*. This removes the old tags from the alert.
+
+*Resolved* +
+On October 17, 2024, this issue was resolved.
 
 ====
 // end::known-issue-192084[]
@@ -182,7 +191,10 @@ When you add tags to alerts from the Alerts table, the previously-selected tags
 
 *Workaround* +
 
-When adding tags to an alert, click the previously-applied tags to re-apply them, then click them again to remove them. Save your changes by clicking *Apply tags*. This removes the old tags from the alert.
+Upgrade to 8.15.3. Alternatively, when adding tags to an alert, click the previously-applied tags to re-apply them, then click them again to remove them. Save your changes by clicking *Apply tags*. This removes the old tags from the alert.
+
+*Resolved* +
+On October 17, 2024, this issue was resolved.
 
 ====
 // end::known-issue-192084[]

docs/release-notes/8.15.asciidoc

@@ -1,6 +1,38 @@
 [[release-notes-header-8.15.0]]
 == 8.15
 
+[discrete]
+[[release-notes-8.15.3]]
+=== 8.15.3
+
+[discrete]
+[[known-issue-8.15.3]]
+==== Known issues
+
+// tag::known-issue-189676[]
+[discrete]
+.Tags appear in Elastic AI Assistant's responses
+[%collapsible]
+====
+*Details* +
+On August 1, 2024, it was discovered that Elastic AI Assistant's responses when using Bedrock Sonnet 3.5 may include `<antThinking>` tags, for example `<search_quality_reflection>` ({kibana-issue}189676[#189676]).
+
+====
+// end::known-issue-189676[]
+
+[discrete]
+[[bug-fixes-8.15.3]]
+==== Bug fixes
+* Fixes a bug that could cause {elastic-defend} to crash on Linux when scanning paths (or paths with children) which include virtual file systems, such as procfs.
+* Fixes a bug that made alerts wrongfully inherit previously-selected tags ({kibana-pull}194428[#194428]).
+* Prevents Automatic Import from requesting that LLMs map to reserved ECS fields ({kibana-pull}195168[#195168]).
+* Makes Automatic Import more forgiving if LLMs return ECS mappings in unexpected formats ({kibana-pull}195167[#195167]).
+* Fixes an Automatic Import bug that prevented non-ECS compatible fields from resolving in structured and unstructured system logs ({kibana-pull}194727[#194727]).
+* Fixes an Automatic Import bug that occurred when uploading a new version of an existing integration ({kibana-pull}194298[#194298]).
+* Fixes an Automatic Import bug that caused integration deployments to fail after you edited the ingest pipeline ({kibana-pull}194203[#194203]).
+* Improves Attack discoveries by including the `user.target.name` field in the default anonymization allow list ({kibana-pull}193496[#193496]).
+* Fixes an Attack discovery UI bug where entities repeated in a description were displayed with a UUID instead of a value ({kibana-pull}193428[#193428]).
+
 [discrete]
 [[release-notes-8.15.2]]
 === 8.15.2
@@ -31,7 +63,10 @@ When you add tags to alerts from the Alerts table, the previously-selected tags
 
 *Workaround* +
 
-When adding tags to an alert, click the previously-applied tags to re-apply them, then click them again to remove them. Save your changes by clicking *Apply tags*. This removes the old tags from the alert.
+Upgrade to 8.15.3. Alternatively, when adding tags to an alert, click the previously-applied tags to re-apply them, then click them again to remove them. Save your changes by clicking *Apply tags*. This removes the old tags from the alert.
+
+*Resolved* +
+On October 17, 2024, this issue was resolved.
 
 ====
 // end::known-issue-192084[]
@@ -93,7 +128,10 @@ When you add tags to alerts from the Alerts table, the previously-selected tags
 
 *Workaround* +
 
-When adding tags to an alert, click the previously-applied tags to re-apply them, then click them again to remove them. Save your changes by clicking *Apply tags*. This removes the old tags from the alert.
+Upgrade to 8.15.3. Alternatively, when adding tags to an alert, click the previously-applied tags to re-apply them, then click them again to remove them. Save your changes by clicking *Apply tags*. This removes the old tags from the alert.
+
+*Resolved* +
+On October 17, 2024, this issue was resolved.
 
 ====
 // end::known-issue-192084[]
@@ -197,7 +235,10 @@ When you add tags to alerts from the Alerts table, the previously-selected tags
 
 *Workaround* +
 
-When adding tags to an alert, click the previously-applied tags to re-apply them, then click them again to remove them. Save your changes by clicking *Apply tags*. This removes the old tags from the alert.
+Upgrade to 8.15.3. Alternatively, when adding tags to an alert, click the previously-applied tags to re-apply them, then click them again to remove them. Save your changes by clicking *Apply tags*. This removes the old tags from the alert.
+
+*Resolved* +
+On October 17, 2024, this issue was resolved.
 
 ====
 // end::known-issue-192084[]

docs/serverless/advanced-entity-analytics/asset-criticality.mdx

@@ -34,7 +34,7 @@ Entities do not have a default asset criticality level. You can either assign as
 When you assign, change, or unassign an individual entity's asset criticality level, that entity's risk score is immediately recalculated.
 
 <DocCallOut title="Note">
-If you assign asset criticality using the file import feature, risk scores are **not** immediately recalculated. The newly assigned or updated asset criticality levels will impact entity risk scores during the next hourly risk scoring calculation.
+If you assign asset criticality using the file import feature, risk scores are **not** immediately recalculated. However, you can trigger an immediate recalculation by clicking **Recalculate entity risk scores now**. Otherwise, the newly assigned or updated asset criticality levels will be factored in during the next hourly risk scoring calculation.
 </DocCallOut>
 
 You can view, assign, change, or unassign asset criticality from the following places in the ((elastic-sec)) app:
@@ -85,7 +85,9 @@ To import a file:
 
 1. Click **Assign**. 
 
-This process overwrites any previously assigned asset criticality levels for the entities included in the imported file. The newly assigned or updated asset criticality levels are immediately visible within all asset criticality workflows and will impact entity risk scores during the next risk scoring calculation.
+This process overwrites any previously assigned asset criticality levels for the entities included in the imported file. The newly assigned or updated asset criticality levels are immediately visible within all asset criticality workflows.
+
+You can trigger an immediate recalculation of entity risk scores by clicking **Recalculate entity risk scores now**. Otherwise, the newly assigned or updated asset criticality levels will be factored in during the next hourly risk scoring calculation.
 
 ## Improve your security operations