elastic · nastasha-solomon · Feb 10, 2025 · Feb 10, 2025 · Feb 12, 2025 · Feb 12, 2025
@@ -3,6 +3,6 @@
 
 This section summarizes the changes in each release.
 
-* <<release-notes-9.0.0, {elastic-sec} version 9.0.0>>
+* <<release-notes-9.0.0-beta, {elastic-sec} version 9.0.0-beta>>
 
 include::release-notes/9.0.asciidoc[]
@@ -4,29 +4,65 @@
 coming::[9.0.0]
 
 [discrete]
-[[release-notes-9.0.0]]
-=== 9.0.0
+[[release-notes-9.0.0-beta]]
+=== 9.0.0-beta
 
 [discrete]
-[[known-issue-9.0.0]]
+[[breaking-changes-9.0.0-beta]]
+==== Breaking changes
+* Removes deprecated bulk action API endpoints ({kibana-pull}207906[#207906]).
+* Refactors the Timeline HTTP API endpoints ({kibana-pull}200633[#200633]).
+* Removes deprecated API endpoints for {elastic-defend} ({kibana-pull}199598[#199598]).
+* Disables deprecated API endpoints for bulk CRUD actions ({kibana-pull}197422[#197422]).
+
+[discrete]
+[[deprecations-9.0.0-beta]]
+==== Deprecations
+* Renames the `integration-assistant` plugin to `automatic-import` to match the associated feature ({kibana-pull}207325[#207325]).
+* Removes all legacy risk engine code and features ({kibana-pull}201810[#201810]).
+* Removes deprecated API endpoints for {elastic-defend} ({kibana-pull}199598[#199598]).
+* Deprecates the SIEM signals migration APIs ({kibana-pull}202662[#202662]). 
+
+[discrete]
+[[known-issue-9.0.0-beta]]
 ==== Known issues
 
+// tag::known-issue[]
 [discrete]
-[[breaking-changes-9.0.0]]
-==== Breaking changes
+.Duplicate alerts can be produced from manually running threshold rules 
+[%collapsible]
+====
+*Details* +
+On November 12, 2024, it was discovered that manually running threshold rules could produce duplicate alerts if the date range was already covered by a scheduled rule execution.
+====
+// end::known-issue[]
 
+// tag::known-issue[]
 [discrete]
-[[deprecations-9.0.0]]
-==== Deprecations
+.Manually running custom query rules with suppression could suppress more alerts than expected
+[%collapsible]
+====
+*Details* +
+On November 12, 2024, it was discovered that manually running a custom query rule with suppression could incorrectly inflate the number of suppressed alerts. 
+====
+// end::known-issue[]
 
 [discrete]
-[[features-9.0.0]]
+[[features-9.0.0-beta]]
 ==== New features
+* Enables automatic import to accept CEL log samples ({kibana-pull}206491[#206491]).
+* Applies the latest Elastic UI framework (EUI) to {elastic-sec} features ({kibana-pull}204007[#204007], {kibana-pull}204908[#204908]).
 
 [discrete]
-[[enhancements-9.0.0]]
+[[enhancements-9.0.0-beta]]
 ==== Enhancements
+* Enhances Automatic Import by including setup and troubleshooting documentation for each input type that's selected in the readme ({kibana-pull}206477[#206477]).
+* Allows users to include `closed`` alerts in risk score calculations ({kibana-pull}201909[#201909]).
+* Adds the ability to continue to the Entity Analytics dashboard when there is no data ({kibana-pull}201363[#201363]).
+* Modifies the privilege-checking behavior during rule execution. Now, only read privileges of extant indices are checked during rule execution ({kibana-pull}177658[#177658]).
 
 [discrete]
-[[bug-fixes-9.0.0]]
+[[bug-fixes-9.0.0-beta]]
 ==== Bug fixes
+* Ensures that table leading actions are using standardized colors ({kibana-pull}207743[#207743]).
+