From 6996c2603faebdcb143cbc870d15836ecacd697c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Wed, 17 Dec 2025 14:44:15 +0100 Subject: [PATCH 1/3] note for Elastic Security users added to 7.x to 9.x upgrade doc --- .../upgrade/deployment-or-cluster/upgrade-717.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/deploy-manage/upgrade/deployment-or-cluster/upgrade-717.md b/deploy-manage/upgrade/deployment-or-cluster/upgrade-717.md index 6f5612977a..4e97172826 100644 --- a/deploy-manage/upgrade/deployment-or-cluster/upgrade-717.md +++ b/deploy-manage/upgrade/deployment-or-cluster/upgrade-717.md @@ -90,6 +90,15 @@ This step covers upgrading your deployment from 7.17.x to 8.19.x, following the It's highly recommended to start this upgrade from the latest 7.17.x patch release to ensure that you’re using the most recent version of the Elastic Upgrade Assistant. You should also upgrade to the latest available 8.19.x patch release so that the same benefits apply when you later upgrade to 9.x. +:::::{note} +If you use the [{{elastic-sec}} solution](/solutions/security.md), read the full [Upgrade {{elastic-sec}} from 7.17 to 8.x](https://www.elastic.co/guide/en/security/8.19/upgrade-7.17-8x.html) guide when planning the upgrade. + +In particular: +- Export all custom detection rules as a backup before upgrading, in case there are issues with the detection engine after the upgrade. +- Review [alert schema changes](https://www.elastic.co/guide/en/security/8.19/alert-schema.html) if alerts are forwarded to an external SOAR. +- Plan for the [post-upgrade steps](https://www.elastic.co/guide/en/security/8.19/upgrade-7.17-8x.html#_post_upgrade_steps), such as re-enabling disabled rules after the upgrade. +::::: + ### 8.19 upgrade preparations The [upgrade preparation steps from 7.x](https://www.elastic.co/guide/en/elastic-stack/8.19/upgrading-elastic-stack.html#prepare-to-upgrade) are designed to prevent upgrade failures by detecting and addressing internal incompatibilities, including deprecated settings that are no longer supported in the next release. From 4216038cbc282402f63fb4a053622ace19bd444d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Wed, 17 Dec 2025 14:51:40 +0100 Subject: [PATCH 2/3] note for Elastic Security users added to 7.x to 9.x upgrade doc --- deploy-manage/upgrade/deployment-or-cluster/upgrade-717.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy-manage/upgrade/deployment-or-cluster/upgrade-717.md b/deploy-manage/upgrade/deployment-or-cluster/upgrade-717.md index 4e97172826..7c15cb3c47 100644 --- a/deploy-manage/upgrade/deployment-or-cluster/upgrade-717.md +++ b/deploy-manage/upgrade/deployment-or-cluster/upgrade-717.md @@ -95,8 +95,8 @@ If you use the [{{elastic-sec}} solution](/solutions/security.md), read the full In particular: - Export all custom detection rules as a backup before upgrading, in case there are issues with the detection engine after the upgrade. -- Review [alert schema changes](https://www.elastic.co/guide/en/security/8.19/alert-schema.html) if alerts are forwarded to an external SOAR. -- Plan for the [post-upgrade steps](https://www.elastic.co/guide/en/security/8.19/upgrade-7.17-8x.html#_post_upgrade_steps), such as re-enabling disabled rules after the upgrade. +- Review [alert schema changes](https://www.elastic.co/guide/en/security/8.19/alert-schema.html) if alerts are forwarded to an external SOAR, or if you directly query alert data in custom dashboards or tools. +- Plan for the [post-upgrade steps](https://www.elastic.co/guide/en/security/8.19/upgrade-7.17-8x.html#_post_upgrade_steps), such as re-enabling and verifying rules after the upgrade. ::::: ### 8.19 upgrade preparations From 40d9c59ec8b040cf45ccde1193f361b78267e307 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Wed, 17 Dec 2025 14:52:02 +0100 Subject: [PATCH 3/3] note for Elastic Security users added to 7.x to 9.x upgrade doc --- deploy-manage/upgrade/deployment-or-cluster/upgrade-717.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/deploy-manage/upgrade/deployment-or-cluster/upgrade-717.md b/deploy-manage/upgrade/deployment-or-cluster/upgrade-717.md index 7c15cb3c47..350cc0b306 100644 --- a/deploy-manage/upgrade/deployment-or-cluster/upgrade-717.md +++ b/deploy-manage/upgrade/deployment-or-cluster/upgrade-717.md @@ -94,9 +94,9 @@ It's highly recommended to start this upgrade from the latest 7.17.x patch relea If you use the [{{elastic-sec}} solution](/solutions/security.md), read the full [Upgrade {{elastic-sec}} from 7.17 to 8.x](https://www.elastic.co/guide/en/security/8.19/upgrade-7.17-8x.html) guide when planning the upgrade. In particular: -- Export all custom detection rules as a backup before upgrading, in case there are issues with the detection engine after the upgrade. -- Review [alert schema changes](https://www.elastic.co/guide/en/security/8.19/alert-schema.html) if alerts are forwarded to an external SOAR, or if you directly query alert data in custom dashboards or tools. -- Plan for the [post-upgrade steps](https://www.elastic.co/guide/en/security/8.19/upgrade-7.17-8x.html#_post_upgrade_steps), such as re-enabling and verifying rules after the upgrade. +* Export all custom detection rules as a backup before upgrading, in case there are issues with the detection engine after the upgrade. +* Review [alert schema changes](https://www.elastic.co/guide/en/security/8.19/alert-schema.html) if alerts are forwarded to an external SOAR, or if you directly query alert data in custom dashboards or tools. +* Plan for the [post-upgrade steps](https://www.elastic.co/guide/en/security/8.19/upgrade-7.17-8x.html#_post_upgrade_steps), such as re-enabling and verifying rules after the upgrade. ::::: ### 8.19 upgrade preparations