Elastic Security deprecations
Over time, certain Elastic functionality becomes outdated and is replaced or removed. To help with the transition, Elastic deprecates functionality for a period before removal, giving you time to update your applications.
Review the deprecated functionality for Elastic Security. While deprecations have no immediate impact, we strongly encourage you update your implementation after you upgrade. To learn how to upgrade, check out Upgrade.
Entity Analytics: Asset Criticality APIs deprecated
The dedicated Asset Criticality APIs are deprecated in 9.4 and replaced by the Entity Store CRUD APIs.
Deprecated endpoints:
DELETE /api/asset_criticalityPOST /api/asset_criticalityGET /api/asset_criticalityGET /api/asset_criticality/list
Impact
These endpoints will continue to work in 9.4 but will be removed in a future release.
Action
Migrate to the equivalent Entity Store APIs.
For more information, check #258440.
Removes the Threat Hunting Agent from Agent Builder
Removes the built-in Threat Hunting Agent from Agent Builder. Security AI workflows now use the Elastic AI Agent with Security skills, which is the default experience in 9.4.0. For more information, refer to #263996.
Impact
Conversations stored with the Threat Hunting Agent will no longer appear in the conversation list and cannot be continued from the UI. No automatic migration is planned.
Deprecates Enable CCS Warning Privileges in Kibana advanced settings
Deprecates the Enable CCS Warning Privileges setting in Kibana Advanced settings. For more information, refer to #252183.
Removes default quick prompts
Removes default quick prompts from the Security AI Assistant. For more information, refer to #225536.
Removes Defend for Containers (D4C)
Defend for Containers is no longer supported starting with Elastic Stack 9.0.
Renames the integration-assistant plugin
Renames the integration-assistant plugin to automatic-import to match the associated feature.
For more information, refer to #207325.
Removes legacy risk engine
Removes all legacy risk engine code and features. For more information, refer to #201810.
Removes Elastic Defend API endpoints
Removes deprecated API endpoints for Elastic Defend. For more information, refer to #199598.
Deprecates SIEM signals migration APIs
Removes the SIEM signals migration APIs. For more information, refer to #202662.