Please add your features and enhancements for 8.14. Don't forget to include the related PR link!

Detections & Response

• Value list improvements ([ESS][8.14] Documentation for Value list modal #5195)
  You can now edit value lists directly from the UI and wherever you use them. For example, you can add items to a value list while creating a rule exception that references that value list.
• Alert suppression improvements
  • Alert suppression for custom query rules is now generally available ([Request][Detection Engine][ESS][8.14] GA-ing alert suppression for custom query rule #5114)
    In 8.14, we're moving alert suppression from technical preview to generally available.
  • Alert suppression for custom query rules is now generally available ([ESS][8.14] Alert suppression docs for EQL (non-seq) and new term rule types  #5057)
    Alert suppression is now supported for the EQL rule (non-sequence queries only) and new terms rule.
• ES|QL fields can be added as custom highlighted fields ([Request][8.14] improved ES|QL investigation (highlighted) fields #5182)
  When adding custom highlighted fields to an ES|QL rule, you can now specify any fields returned by the rule's query. This allows you to surface ES|QL fields that contain useful information for investigating alerts.

Rules Management

• Editable setup guide field for detection rules (Editable setup guide field for custom rules [classic] #5091)
  You can now edit the Setup guide field for user-created custom rules. Use this informational field to list rule prerequisites such as required integrations, configuration steps, and anything else needed for the rule to work correctly.

Detection Engine

• Add features here.

Threat Hunting

Explore

• Add features here.

Investigations

• Nothing major to mention.

Entity Analytics

• Asset criticality file upload (Asset criticality file upload #5112)
  You can now assign asset criticality to multiple entities at a time by importing a text file from your asset management tools. This file-based bulk upload feature allows you to quickly and easily import a list of entities and their asset criticality levels into the Elastic Security app.

• Entity details flyout is available from the Entity Analytics dashboard (Updates EA dashboard behavior #4988)
  Clicking on a specific host or user name in the Entity Analytics dashboard now opens the host or user details flyout instead of the host or user details page. This allows you to access entity metadata and risk score information without navigating away from the dashboard.

• Risk scoring engine processes up to 10,000 alerts per entity (Max number of alerts per entity processed by risk scoring engine #4989)
  When calculating risk scores, the risk scoring engine now takes into account a maximum of 10,000 alerts per entity. This ensures that the engine remains operational in environments with extremely large data volume.

• Entity details flyout shows contributions scores per alert (Updates contribution scores info and screenshots in risk scoring docs #5071)
  The Risk contributions section of the entity details flyout now shows the top 10 alerts that contributed to the latest risk scoring calculation, and each alert's contribution score. This improves the explainability of each entity's calculated risk score, and gives better insight into what alerts you should investigate at the entity level.

• Asset criticality can be unassigned (Updates docs for ability to unassign asset criticality #5096)
  You can now unassign asset criticality from a host or user, in case the criticality level is no longer known, or the currently assigned level is incorrect.

Generative AI

• Attack Discovery (Documents Attack Discovery feature #5100) Introducing Attack discovery, a new AI-powered tool that analyzes multiple alerts to identify and describe potential attacks that span multiple alerts. It can identify connections between alerts and map them to the MITRE ATT&CK matrix to help make the most of each security analyst's time, fight alert fatigue, and reduce your mean time to respond.

• Elastic AI Assistant (AI Assistant image updates, edits from twin PR, model recommendation #5237) Elastic AI Assistant for security has a redesigned user interface that uses a flyout instead of a popup, making it fit more smoothly within your workflows and with standard {kib} design patterns. Also, when using OpenAI models, responses from AI Assistant can now "stream", meaning render word-by-word rather than appearing as complete text blocks after processing is complete, which provides a more conversational experience.

EDR Workflows/Asset Management

• Malware file scanning options (Defend - Malware scanning on modification toggle [classic] #5196)
  You can choose whether Elastic Defend scans files when they’re modified or executed. This can improve performance on hosts where files are frequently modified, while continuing to identify malware as it attempts to run.

• Automatic antivirus registration of Elastic Defend (Defend - Sync antivirus option [classic] #5197)
  If you’re using Elastic Defend’s malware protection, you can now automatically register Elastic Defend as the antivirus software for Windows endpoints.

Cloud Security

• CSPM Support for AWS GovCloud ([8.14] Introduces AWS GovCloud support for CSPM #5247) Elastic's Cloud security posture management integration now supports AWS GovCloud, so you can monitor and track how your GovCloud clusters perform against security benchmarks.

Endpoint

• Add features here.

Protections Experience

• Add features here.

ResponseOps

• No changes to Cases in 8.14.