From 8830b9f9c3e61bb5b067e51dca0295a83ac58369 Mon Sep 17 00:00:00 2001
From: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com>
Date: Mon, 2 Aug 2021 18:35:30 -0400
Subject: [PATCH] [DOCS] 7.14.0 Release Notes (#811) (#869)

* First draft.

* Added features and enhancements.

* Removed duplicates.

* Saving changes.

* Saving updates.

* Saving changes.

* Saving updates.

* Saving changes.

* Fixing broken link and adding more changes.

* Saving updates.

* Saving changes.

* Adding two known issues.

* Changes to case PRs.

* Added Joe's comments.

* Fixed typo.

* Saving updates.

* New styling for PATCH API.

* Added Joe

* Fixed punctuation errors.
---
 docs/release-notes.asciidoc | 76 ++++++++++++++++++++++++++++++++++++-
 1 file changed, 75 insertions(+), 1 deletion(-)

diff --git a/docs/release-notes.asciidoc b/docs/release-notes.asciidoc
index 113d1cf16e..82aac37f6b 100644
--- a/docs/release-notes.asciidoc
+++ b/docs/release-notes.asciidoc
@@ -7,6 +7,80 @@
 :issue: https://github.com/elastic/kibana/issues/
 :pull: https://github.com/elastic/kibana/pull/
 
+[discrete]
+[[release-notes-7.14.0]]
+== 7.14.0
+
+[discrete]
+[[features-7.14.0]]
+==== Features
+* Host isolation allows analysts to isolate hosts from their networks while investigating a potential attack. Analysts can use this feature to respond to malicious activity by containing infected hosts, curbing potential attacks, and preventing lateral movement to other hosts. This feature is supported on Windows and macOS.
+* Adds malware protection for Linux endpoints. Users can enable Linux malware protection in their policy to receive detection alerts ({pull}103404[#103404])({pull}95014[#95014])({pull}104984[#104984]).
+* Adds threat intelligence to alerts ({pull}101553[#101553])({pull}103383[#103383]).
+* Introduces the Swimlane connector for rules and cases ({pull}100086[#100086]).
+* Introduces role-based access control for cases and allows users to be given all, write, or no access to cases ({pull}95058[#95058]).
+* Adds new functionality and usability improvements to the Osquery Manager integration:
+** Users can create and curate a library of saved queries.
+** When running a live query, users can select a saved query or create a new one.
+** Scheduled queries can be constrained to a particular OS or osquery version.
+** Users can view who ran or scheduled a query, which is helpful during auditing.
+** The agent list for live queries only shows enrolled agents to make selecting targets easier.
+* Enhances alert documents to have the fields of `constant_keyword`, runtime fields, aliases, and `copy_to` ({pull}102280[#102280]).
+* Paginates long activity logs ({pull}102261[#102261]).
+* Validates path values for trusted apps ({pull}99035[#99035]).
+* Allows the wildcard symbol in trusted app paths ({pull}97623[#97623]).
+* Adds the option to select all rules within the Rules table that match the currently selected filter ({pull}100554[#100554]).
+
+[discrete]
+[[bug-fixes-7.14.0]]
+==== Bug fixes and enhancements
+* The Prebuilt Security Detection Rules package updates automatically ({pull}101846[#101846]).
+* Adds a merge strategy key to `kibana.yml` and adds additional security keys to the Docker container that Elastic Security previously overlooked ({pull}103800[#103800]).
+* Adds an overflow container to the rule name column in the Exceptions table for exceptions that have been assigned to three or more rules ({pull}103377[#103377]).
+* Adds the Threat Intelligence view to the Overview page ({pull}100423[#100423]).
+* Enhances the callout that describes missing privileges and feature access ({pull}98125[#98125]).
+* Fixes the rule preview issue that occurred if users created a threshold rule that was configured to group the IP data type ({pull}105126[#105126]).
+* Removes the comma delimiter for the `is one of` operator when defining rule exception conditions ({pull}104960[#104960]).
+* Resolves bug that left outdated validation messages on the action type selection form ({pull}104868[#104868]).
+* Fixes the sort logic that didn't work for certain fields within the Rules table ({pull}103960[#103960]).
+* Allows activity log scrolling on small screens ({pull}103852[#103852]).
+* Fixes the bug that caused the checkbox value for *Show only threat indicator alerts* from updating properly within the Alerts table ({pull}103746[#103746]).
+* Disables the *Load Elastic prebuilt rules and timeline templates* button when pre-built rules are loading ({pull}103568[#103568]).
+* Allows users to view the details of a deleted rule ({pull}103491[#103491]).
+* Includes actions and responses for endpoints only ({pull}103159[#103159]).
+* Resolves the issue that cause an error message to display if users created rule exceptions with empty fields ({pull}102583[#102583]).
+* Removes the search bar on the *Activity log* tab ({pull}102550[#102550]).
+* Does not show activity log error popups ({pull}102450[#102450]).
+* Shows up to one hour of relative time in the activity log when viewing it from the endpoint details flyout ({pull}102162[#102162]).
+* Updates mappings for detection alerts to ECS v1.10.0 ({pull}101680[#101680]).
+* Fixes timestamp bugs within source indexes when the formats are not in ISO 8601 format ({pull}101349[#101349]).
+* Exposes the EQL query in Kibana logs for detections ({pull}100565[#100565]).
+* Resolves bugs linked to invalid KQL queries ({pull}99442[#99442]).
+* Allows users to view the details of a rule after the rule's been deleted ({pull}99406[#99406]).
+* Fixes the histogram IP legend error ({pull}99468[#99468]).
+
+[discrete]
+[[known-issue-7.14.0]]
+==== Known issues
+* The {agent} must be upgraded to the newest version to use the Osquery Manager integration in 7.14.0. Upgrade instructions are available at {fleet-guide}/upgrade-elastic-agent.html[Upgrade {agent}] ({pull}26545[#26545]).
+* Customized event rendering settings do not persist on the Alerts page ({pull}106819[#106819]).
+* Fields that have been added to the Alerts table don’t display in the table, but do in the alert details ({pull}106840[#106840]).
+* After upgrading from 7.8 to 7.14, rules sometimes fail to execute, activate, or deactivate. To resolve this, use the <<rules-api-update, PATCH rule API>> to update each rule that encounters this problem. The payload of the PATCH call should set the `author` field to `[]`, as shown in the example below. After the `author` field is populated, the rule works as expected ({pull}106233[#106233]).
++
+--
+[source,json]
+----
+PATCH <kibana host>:<port>/api/detection_engine/rules
+{
+  "id": <id-value-of-rule>",
+  "author": []
+}
+----
+//CONSOLE
+--
++
+
+
 [discrete]
 [[release-notes-7.13.3]]
 == 7.13.3
@@ -30,7 +104,7 @@ The following {ml-cap} rules contain incorrectly configured ML job IDs (undersco
 * `high-count-network-events`
 * `rare-destination-country`
 
-To ensure these rules can sucessfully run, duplicate the rule and edit it using these steps:
+To ensure these rules can successfully run, duplicate the rule and edit it using these steps:
 
 . Go to the Detections page and select **Manage detection rules**.
 . Filter the Rules table to only display rules with the `ML` tag and search for the ML rule you want to duplicate.