v9.0.0

What's Changed

• Add fleet unenrolled audit fields by @pzl in #579
• update metrics custom documentation by @jdu2600 in #580
• update alerts custom documentation by @jdu2600 in #581
• [macOS] Security events by @ricardo-estc in #582
• Add custom documentation for noisy processes by @brian-mckinney in #583

Release and Maintenance work

• Update branch target for major v9 by @pzl in #578
• Catch up from 8.18 by @pzl in #587
• disable DRY_RUN on releasable branches by @pzl in #589
• 9.0 release by @pzl in #593

Full Changelog: v8.18.0...v9.0.0

v8.18.0

What's Changed

• Prepare 8.18 dev cycle by @pzl in #563
• Add memfd_create fields to process datastream by @fearful-symmetry in #564
• Aggregate network events for macOS, Linux, and Windows by @nicholasberlin in #555
• Memfd field types fix by @pzl in #568
• global artifacts rollout channel by @intxgo in #569
• [8.18] Add new memory region field (region_start_bytes) by @AsuNa-jp in #567
• Include policy name in alerts by @intxgo in #570
• Update README.md by @nick-alayil in #566
• [8.18] Add Target.process.Ext.protection to API event custom docs by @gabriellandau in #573
• Update schema and docs for ptrace, shmget events, fix docs for memfd events by @fearful-symmetry in #565
• Add linux dns events by @nicholasberlin in #574
• documentation update, policy name in alert by @intxgo in #571
• [8.18] API - AmsiScanBuffer events and new final_hook_module fields by @jdu2600 in #572
• Add Ext.command_line_truncated by @nicholasberlin in #576
• update version constraint to be upgradable to 9.0, bump pre by @pzl in #577
• Release 8.18 by @pzl in #584

New Contributors

• @fearful-symmetry made their first contribution in #564
• @nick-alayil made their first contribution in #566

Full Changelog: v8.17.0...v8.18.0

v8.17.0

What's Changed

• Prepare 8.17 dev cycle on main branch by @pzl in #558
• 8.17.0 Release by @pzl in #562

there are no functional changes between this release and 8.16.0. This release will simply keep in line with stack release, so that kibana 8.17 users do not get confused, or wonder if an upgrade failed, if they see their defend integration is still at 8.16.0.

Full Changelog: v8.16.0...v8.17.0

v8.16.0

What's Changed

• Prepare 8.16 dev cycle by @pzl in #517
• index call_stack_summary in API events by @jdu2600 in #520
• Enable endpoint policy.applied.artifacts mapping by @pzl in #523
• Add Target.process.Ext.authentication_id and process.Ext.authentication_id to Security events by @ayfaouzi in #525
• pull-forward 8.15.1 changelog by @pzl in #533
• Secondary Malware Signature Fields by @gabriellandau in #538
• Add dns.resolved_ip to Windows custom docs to address recent regression. by @gabriellandau in #540
• WMI (WMI-Activity ETW Provider) API Event (production) by @AsuNa-jp in #527
• API - DeviceIoControl events and new final_user_module fields by @jdu2600 in #545
• Add winlog.event_data.PrivilegeList to security events by @ayfaouzi in #547
• Update WMI event fields and add missing custom documentation fields by @AsuNa-jp in #546
• 8.16.0 Release by @pzl in #557

New Contributors

• @ayfaouzi made their first contribution in #519

Full Changelog: v8.15.2...v8.16.0

8.15.2

What's Changed

• Secondary Malware Signature Fields (#538) by @gabriellandau in #539

Full Changelog: v8.15.1...v8.15.2

8.15.1

What's Changed

• Add process.Ext.protection to Windows library events by @jdu2600 in #528

Full Changelog: v8.15.0...v8.15.1

8.15.0

What's Changed

• Prepare main branch for next release cycle by @pzl in #495
• cherry-pick update custom documentation (#497) by @intxgo in #498
• remove unreleased document fields documentation which were accidental… by @intxgo in #501
• Fix formatting/order from ecs build tool by @pzl in #505
• [8.15] add truncated_stack to api.behaviors documentation by @jdu2600 in #504
• Add event.dataset to api datastream by @pzl in #507
• add heartbeat billable field by @joeypoon in #510
• 8.15 update custom documentation by @intxgo in #513
• Add file.origin_referrer_url and file.origin_url to FileEvent by @AsuNa-jp in #514
• Prepare 8.15 release by @pzl in #515

Full Changelog: v8.14.0...v8.15.0

v8.14.0

What's Changed

• setup 8.14 cycle by @pzl in #476
• Test Enable HTTPS cloning by @pzl in #481
• Add missing branch defs by @pzl in #482
• add the files missing from #470 by @ferullo in #486
• Added 'effective' user field. by @matthewscherer in #485
• [8.14] API event field updates by @jdu2600 in #479
• Convert transforms to v3 yaml definition & set to unattended by @pzl in #487
• Bump prerelease for testing by @pzl in #488
• Revert unattended transforms, bump prelease by @pzl in #489
• HWBP => Production by @gabriellandau in #490
• Release 8.14 by @pzl in #493

New Contributors

• @matthewscherer made their first contribution in #485

Full Changelog: v8.13.0...v8.14.0

8.13.0

What's Changed

• Revert "Revert "Transform schema v2 (#270)" (#411)" by @pzl in #418
• add 8.11 custom documentation by @ferullo in #446
• Enable Unattended Transforms by @pzl in #447
• additional 8.11 custom documentation fields by @ferullo in #450
• make endpoint team sole owners of custom docs by @pzl in #451
• Original Extension field for file rename events by @ricardoungureanu in #457
• Revert v3 compliance work by @pzl in #461
• Setup 8.13 cycle by @pzl in #462
• Signing using Buildkite by @gogochan in #463
• [BUILDKITE] trigger publishing by @gogochan in #464
• validating publishing by @gogochan in #465
• fix branch_configuration by @gogochan in #466
• disable jenkins by @gogochan in #467
• add 8.12 custom documentation by @ferullo in #470
• Fix kibana version condition and additional buildkite settings by @gogochan in #473

Full Changelog: v8.12.0...v8.13.0

8.12.0

What's Changed

• convert main branch to 8.12 release cycle by @pzl in #434
• remove obj type for api generated files by @pzl in #460
• additional process callstack fields by @jdu2600 in #435
• reformat metadata yaml, removed dotted-keys by @pzl in #441
• artifacts manifest update age, snapshot date by @intxgo in #440
• Replace more dotted keys by @pzl in #442
• Add memory_region to api events by @jdu2600 in #445
• Keylogging (Win32k ETW) API Event (production) by @AsuNa-jp in #444
• Keylogging (Win32k ETW) API Event (production) (rename some fields) by @AsuNa-jp in #456
• mark integration as requiring root-level agent by @pzl in #458

Full Changelog: v8.11.0...v8.12.0