[DOCS] Endpoint 8.4.0 release notes

[ferullo]

Can we please get the following items added to 8.4.0 release notes.

1. This bug introduced in 8.3.3 (with a known issue) was fixed in 8.4.0.
2. A bug that could cause Endpoint to crash when outputting to Logstash was fixed.
3. Endpoint added support for Ubuntu 22.04 and Debian 11
4. Self healing was added on Windows
5. Attack surface reduction was added on Windows
6. Response actions were added (I assume this is already being noted)

@lrishi may also add more notes either in this issue or in another.

cc @roxana-gheorghe @caitlinbetz @norrietaylor @kevinlog @magermark

[nastasha-solomon]

Notes for self and anyone following this issue:

• This bug introduced in 8.3.3 (with a known issue) was fixed in 8.4.0.
  • Doc'd as a fixed bug.
• A bug that could cause Endpoint to crash when outputting to Logstash was fixed.
  • Doc'd as a fixed bug. @ferullo was Elastic Endpoint crashing or was this affecting the Endpoint and Cloud Security integration?
• Endpoint added support for Ubuntu 22.04 and Debian 11
  • Doc'd as a fixed bug. @ferullo just to clarify, is this saying that users can install Elastic Endpoint on endpoints running Ubuntu 22.04 or Debian 11, correct?
• Self healing was added on Windows
  • Added placeholder to new features section. Summary pending.
• Attack surface reduction was added on Windows
  • Added placeholder to new features section. Summary pending.
• Response actions were added (I assume this is already being noted)
  • Summary is in release notes but will likely be revised.

[ferullo]

Doc'd as a fixed bug. @ferullo was Elastic Endpoint crashing or was this affecting the Endpoint and Cloud Security integration?

Both. Elastic Endpoint is the thing that runs on the comptures that are protected. It "implements" Endpoint and Cloud Security. So like with this known issue I think referencing it as "Endpoint and Cloud Security" is correct.

Doc'd as a fixed bug. @ferullo just to clarify, is this saying that users can install Elastic Endpoint on endpoints running Ubuntu 22.04 or Debian 11, correct?

Correct. Endpoint and Cloud Security integration can now be added to Elastic Agents running on Ubuntu 22.04 and Debian 11.

[lrishi]

Had a chat with Dan about the supported features.

Currently we support Process, File and Network Events in Kubernetes. These events can be enriched with session data and kubernetes metadata fields by enabling the session_data toggle.

[nastasha-solomon]

@lrishi are these new features or enhancements that were added to 8.4? Also, did you want to link to a PR for any of these or is this work being stored in a private repo? If it is, we don't need to publicize the PR.

[lrishi]

@nastasha-solomon Yes these are new features in 8.4. This is all private.

[nastasha-solomon]

@ferullo would you mind sharing the issue/PR for #3: Endpoint added support for Ubuntu 22.04 and Debian 11

@joepeeples might need to include this detail in the host isolation docs.

[ferullo]

Yes, Ubuntu 22.04 and Debian 11 will both support host isolation. This Agent testing issue covered adding testing for these new platforms. elastic/e2e-testing#2603 Endpoint added support based on that issue, we didn't create an Endpoint specific one.