Skip to content

Commit 8c5d83d

Browse files
jmikell821jmikell821
authored
Adds a Security known issue for serverless and 9.0.0 (#1100)
Addresses part of #1094.
1 parent 353b531 commit 8c5d83d

File tree

2 files changed

+22
-0
lines changed

2 files changed

+22
-0
lines changed

release-notes/elastic-cloud-serverless/known-issues.md

+10
Original file line numberDiff line numberDiff line change
@@ -14,4 +14,14 @@ Known issues are significant defects or limitations that may impact your impleme
1414
% **Workaround**
1515
% Workaround description.
1616

17+
:::
18+
19+
:::{dropdown} In {{sec-serverless}}, installing an {{elastic-defend}} integration or a new agent policy upgrades installed prebuilt rules, reverting user customizations and overwriting user-added actions and exceptions
20+
21+
On April 10, 2025, it was discovered that when you install a new {{elastic-defend}} integration or agent policy, the installed prebuilt detection rules upgrade to their latest versions (if any new versions are available). The upgraded rules lose any user-added rule actions, exceptions, and customizations.
22+
23+
**Workaround**
24+
25+
To resolve this issue, before you add an {{elastic-defend}} integration to a policy in {{fleet}}, apply any pending prebuilt rule updates. This will prevent rule actions, exceptions, and customizations from being overwritten.
26+
1727
:::

release-notes/elastic-security/known-issues.md

+12
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,18 @@ Known issues are significant defects or limitations that may impact your impleme
1717

1818
:::
1919

20+
:::{dropdown} Installing an {{elastic-defend}} integration or a new agent policy upgrades installed prebuilt rules, reverting user customizations and overwriting user-added actions and exceptions
21+
22+
**{{stack}} versions: 9.0.0**
23+
24+
On April 10, 2025, it was discovered that when you install a new {{elastic-defend}} integration or agent policy, the installed prebuilt detection rules upgrade to their latest versions (if any new versions are available). The upgraded rules lose any user-added rule actions, exceptions, and customizations.
25+
26+
**Workaround**
27+
28+
To resolve this issue, before you add an {{elastic-defend}} integration to a policy in {{fleet}}, apply any pending prebuilt rule updates. This will prevent rule actions, exceptions, and customizations from being overwritten.
29+
30+
:::
31+
2032
:::{dropdown} The technical preview badge incorrectly displays on the alert suppression fields for event correlation rules
2133

2234
**{{stack}} versions: 9.0.0**

0 commit comments

Comments
 (0)