What's new in 8.19

[natasha-moore-elastic]

Please add your features and enhancements for 8.19. Don't forget to include the related PR link!

Detections & Response

Rules Management

• Revert a customized prebuilt rule to its original version - After modifying a prebuilt rule, you can restore it's original version. To do this, open the rule's details page, click the All actions> Revert to Elastic version, review the modified fields, then click Revert. The original rule version might be unavailable for comparison if you haven't updated your rules in a while. [8.19] Prebuilt rule reversion documentation  #6937
• Modified fields on prebuilt rules are marked with a badge. - Modified fields on prebuilt rules are marked with the Modified badge on the rule's details page. You can compare the original Elastic version and the modified version of the field by clicking on the badge. [8.19] Prebuilt rule reversion documentation  #6937

Detection Engine

• Bulk-apply and remove alert suppression from rules - From the Rules table, use the Bulk actions menu to quickly apply or remove alert suppression to multiple rules. Note that threshold rules have a dedicated option for bulk-applying alert suppression. [8.19] Bulk-apply and remove alert suppression  #6936
• Improvements to gap fills - Several enhancements have been made to the gap fill feature [8.19] Improvements to the gap remediation feature #6935:
  • The Gaps table is now generally available and provides you with an option to fill all gaps for a rule.
  • In the panel above the Rules table, the Total rules with gaps field now shows how many rules have unfilled gaps and how many are currently having their gaps filled. The Only rules with gaps: filter has also been renamed to Only rules with unfilled gaps: and now only shows rules that have unfilled gaps. Rules with partial gaps or gaps that are being filled are excluded from the filter results.
  • You can now bulk-fill gaps for multiple rules.

Threat Hunting

Explore

• Add features here

Investigations

• Customize highlighted fields for alerts - You can now add more fields to the an alert's highlighted fields to display information that's relevant to your investigations. [8.19][Security]: Edit highlighted fields in alert flyout  #6924
• Access the response console from events - Now, you can access the response console from events, giving you more places to use response actions. You can now also isolate or release a host from events. [REQUEST][8.19]: Enable endpoint actions in events #6868

Entity Analytics

Nothing for 8.19.

Generative AI

• Use Elastic Managed LLM in Security AI Assistant
  Elastic Managed LLM is now the default large language model connector in AI Assistant. It gives you immediate access to generative AI features without any setup or external model integration. ([8.19] Adds section about Elastic Managed LLM to Security AI assistant #6902)
• Use prompt tiles in Security AI Assistant
  The Security AI Assistant’s chat UI now uses prompt tiles instead of default quick prompts. Prompt tiles help you begin structured tasks or investigations into common {elastic-sec} workflows. ([8.19] Replace default quick prompts with prompt tiles #6950)
• Schedule recurring attack discoveries
  You can now define recurring schedules to automatically generate attack discoveries without needing manual runs. When discoveries are found, you’ll receive notifications through your configured connectors, such as Slack or email. You can customize the notification content to tailor alert context to your needs. ([8.19] Attack Discovery scheduling and saved discoveries #6951)
• View and manage saved attack discoveries
  Attack discoveries are now automatically saved whenever they’re generated. You can update their status, share manually generated discoveries with other {kib} users, and perform bulk actions like status changes or adding discoveries to cases. Use the search box and filters to quickly find relevant discoveries. ([8.19] Attack Discovery scheduling and saved discoveries #6951)
• Automatic Migration is generally available
  Automatic Migration is moving from technical preview to general availability. Use this feature to quickly convert SIEM rules from the Splunk Processing Language (SPL) to the Elasticsearch Query Language ({esql}). (no PR yet)

EDR Workflows/Asset Management

• Run a script on Microsoft Defender for Endpoint-enrolled hosts
  Using Elastic’s Microsoft Defender for Endpoint integration and connector, you can now run a script on Microsoft Defender for Endpoint-enrolled hosts. ([8.19] Runscript for MS Defender #6903)

• Select saved scripts for runscript third-party response actions
  When using the runscript response action with hosts enrolled in CrowdStrike and Microsoft Defender for Endpoint, you can now select from a list of saved custom scripts. This means you no longer need to type the script name manually. ([8.19] Document external EDR script picker for CrowdStrike #6896, [8.19] Runscript for MS Defender #6903)

Cloud Security

• Enables three new integrations: Rapid7 InsightVM, Tenable Vulnerability Management
  , and Qualys VMDR.

Endpoint

Nothing for 8.19.

Protections Experience

• Add features here

ResponseOps

• Nothing (case analytics was pulled from 8.19/9.1)