From 975af366bf422f8d7a2627391e825b66d3b9725e Mon Sep 17 00:00:00 2001
From: natasha-moore-elastic <natasha.moore@elastic.co>
Date: Thu, 8 Jan 2026 12:36:30 +0000
Subject: [PATCH 1/6] Security 8.19.10 release notes

---
 docs/release-notes.asciidoc      |  3 ++-
 docs/release-notes/8.19.asciidoc | 26 ++++++++++++++++++++++++++
 2 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/docs/release-notes.asciidoc b/docs/release-notes.asciidoc
index 7f9585fd17..303e4971b2 100644
--- a/docs/release-notes.asciidoc
+++ b/docs/release-notes.asciidoc
@@ -3,7 +3,8 @@
 
 This section summarizes the changes in each release.
 
-* <<release-notes-8.19.8, {elastic-sec} version 8.19.9>>
+* <<release-notes-8.19.10, {elastic-sec} version 8.19.10>>
+* <<release-notes-8.19.9, {elastic-sec} version 8.19.9>>
 * <<release-notes-8.19.8, {elastic-sec} version 8.19.8>>
 * <<release-notes-8.19.7, {elastic-sec} version 8.19.7>>
 * <<release-notes-8.19.6, {elastic-sec} version 8.19.6>>
diff --git a/docs/release-notes/8.19.asciidoc b/docs/release-notes/8.19.asciidoc
index 48ca6b16fb..2f52bb3260 100644
--- a/docs/release-notes/8.19.asciidoc
+++ b/docs/release-notes/8.19.asciidoc
@@ -1,6 +1,32 @@
 [[release-notes-header-8.19.0]]
 == 8.19
 
+[discrete]
+[[release-notes-8.19.10]]
+=== 8.19.10
+
+[discrete]
+[[enhancements-8.19.10]]
+==== Enhancements
+* Updates MITRE ATT&CK mappings to `v18.1` ({kibana-pull}246770[#246770]).
+* Adds support for multiple values in the indicator details flyout **Table** tab ({kibana-pull}236110[#236110]).
+* Updates Gemini Connector configuration ({kibana-pull}245647[#245647]).
+* Improves general system responsiveness while {elastic-defend} is installed.
+* Improves the {elastic-defend} startup log to explain details about unsigned policies.
+
+[discrete]
+[[bug-fixes-8.19.10]]
+==== Fixes
+* Fixes an issue where the Security AI Assistant API didn't use an associated conversation's system prompt ({kibana-pull}248020[#248020]).
+* Fixes an issue in the notes filter where the `createdBy` field didn't use exact matching ({kibana-pull}247351[#247351]).
+* Fixes a display issue with filters on the **MITRE ATT&CK® coverage** page ({kibana-pull}246794[#246794]).
+* Fixes an issue where Timeline actions appeared in the Alerts table bulk actions menu without proper privileges ({kibana-pull}246150[#246150]).
+* Fixes an issue where the **Threat intelligence** section in the alert details flyout didn't display multiple values ({kibana-pull}245449[#245449]).
+* Fixes an issue where {elastic-defend} upgrades and uninstallations could fail on busy systems.
+* Fixes a bug where {elastic-defend} on Linux could fail to initialize with {elastic-agent}.
+* For {elastic-defend} on Linux, reduces the occurrence of policy failures related to malware protection system deadlock avoidance.
+* Fixes an issue in {elastic-defend} on Windows where Mark of the Web parsing incorrectly handled file origin information ending with a CRLF or `\0`.
+
 [discrete]
 [[release-notes-8.19.9]]
 === 8.19.9

From 68288731fa3f63f003b94d15aed385454285ae54 Mon Sep 17 00:00:00 2001
From: natasha-moore-elastic <natasha.moore@elastic.co>
Date: Thu, 8 Jan 2026 14:13:49 +0000
Subject: [PATCH 2/6] escapism

---
 docs/release-notes/8.19.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release-notes/8.19.asciidoc b/docs/release-notes/8.19.asciidoc
index 2f52bb3260..ba2e5e084e 100644
--- a/docs/release-notes/8.19.asciidoc
+++ b/docs/release-notes/8.19.asciidoc
@@ -25,7 +25,7 @@
 * Fixes an issue where {elastic-defend} upgrades and uninstallations could fail on busy systems.
 * Fixes a bug where {elastic-defend} on Linux could fail to initialize with {elastic-agent}.
 * For {elastic-defend} on Linux, reduces the occurrence of policy failures related to malware protection system deadlock avoidance.
-* Fixes an issue in {elastic-defend} on Windows where Mark of the Web parsing incorrectly handled file origin information ending with a CRLF or `\0`.
+* Fixes an issue in {elastic-defend} on Windows where Mark of the Web parsing incorrectly handled file origin information ending with a CRLF or `\\0`.
 
 [discrete]
 [[release-notes-8.19.9]]

From 85e302ba4fa243ad4e261c5f2afb3d24dbf8d0b4 Mon Sep 17 00:00:00 2001
From: natasha-moore-elastic
 <137783811+natasha-moore-elastic@users.noreply.github.com>
Date: Fri, 9 Jan 2026 09:01:56 +0000
Subject: [PATCH 3/6] Update docs/release-notes/8.19.asciidoc

Co-authored-by: Asuka Nakajima <asuka.nakajima@elastic.co>
---
 docs/release-notes/8.19.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release-notes/8.19.asciidoc b/docs/release-notes/8.19.asciidoc
index ba2e5e084e..f4b113eb6a 100644
--- a/docs/release-notes/8.19.asciidoc
+++ b/docs/release-notes/8.19.asciidoc
@@ -25,7 +25,7 @@
 * Fixes an issue where {elastic-defend} upgrades and uninstallations could fail on busy systems.
 * Fixes a bug where {elastic-defend} on Linux could fail to initialize with {elastic-agent}.
 * For {elastic-defend} on Linux, reduces the occurrence of policy failures related to malware protection system deadlock avoidance.
-* Fixes an issue in {elastic-defend} on Windows where Mark of the Web parsing incorrectly handled file origin information ending with a CRLF or `\\0`.
+* Fixes an issue in {elastic-defend} on Windows where Mark of the Web parsing incorrectly handled file origin information ending with a `\\0`.
 
 [discrete]
 [[release-notes-8.19.9]]

From 001e45a9d380ec6b8200af235e5af3c72a7f05d1 Mon Sep 17 00:00:00 2001
From: natasha-moore-elastic <natasha.moore@elastic.co>
Date: Fri, 9 Jan 2026 09:13:08 +0000
Subject: [PATCH 4/6] apply copy feedback

---
 docs/release-notes/8.19.asciidoc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/release-notes/8.19.asciidoc b/docs/release-notes/8.19.asciidoc
index f4b113eb6a..284afaab38 100644
--- a/docs/release-notes/8.19.asciidoc
+++ b/docs/release-notes/8.19.asciidoc
@@ -11,14 +11,14 @@
 * Updates MITRE ATT&CK mappings to `v18.1` ({kibana-pull}246770[#246770]).
 * Adds support for multiple values in the indicator details flyout **Table** tab ({kibana-pull}236110[#236110]).
 * Updates Gemini Connector configuration ({kibana-pull}245647[#245647]).
-* Improves general system responsiveness while {elastic-defend} is installed.
+* Improves responsiveness on systems running {elastic-defend}.
 * Improves the {elastic-defend} startup log to explain details about unsigned policies.
 
 [discrete]
 [[bug-fixes-8.19.10]]
 ==== Fixes
 * Fixes an issue where the Security AI Assistant API didn't use an associated conversation's system prompt ({kibana-pull}248020[#248020]).
-* Fixes an issue in the notes filter where the `createdBy` field didn't use exact matching ({kibana-pull}247351[#247351]).
+* Fixes an issue where the `createdBy` field in the notes filter didn't use exact matching ({kibana-pull}247351[#247351]).
 * Fixes a display issue with filters on the **MITRE ATT&CK® coverage** page ({kibana-pull}246794[#246794]).
 * Fixes an issue where Timeline actions appeared in the Alerts table bulk actions menu without proper privileges ({kibana-pull}246150[#246150]).
 * Fixes an issue where the **Threat intelligence** section in the alert details flyout didn't display multiple values ({kibana-pull}245449[#245449]).

From f20425f7270d1ff6b44ad1e5d6066122df839e70 Mon Sep 17 00:00:00 2001
From: natasha-moore-elastic
 <137783811+natasha-moore-elastic@users.noreply.github.com>
Date: Mon, 12 Jan 2026 09:12:41 +0000
Subject: [PATCH 5/6] Apply suggestions from code review

Co-authored-by: Gabriel Landau <42078554+gabriellandau@users.noreply.github.com>
Co-authored-by: Steph Milovic <stephanie.milovic@elastic.co>
---
 docs/release-notes/8.19.asciidoc | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/docs/release-notes/8.19.asciidoc b/docs/release-notes/8.19.asciidoc
index 284afaab38..3f8d6bbf84 100644
--- a/docs/release-notes/8.19.asciidoc
+++ b/docs/release-notes/8.19.asciidoc
@@ -13,11 +13,12 @@
 * Updates Gemini Connector configuration ({kibana-pull}245647[#245647]).
 * Improves responsiveness on systems running {elastic-defend}.
 * Improves the {elastic-defend} startup log to explain details about unsigned policies.
+* Optimizes the {elastic-defend} kernel driver to collect file and registry access events more efficiently, improving overall system responsiveness and reducing CPU usage.
 
 [discrete]
 [[bug-fixes-8.19.10]]
 ==== Fixes
-* Fixes an issue where the Security AI Assistant API didn't use an associated conversation's system prompt ({kibana-pull}248020[#248020]).
+* Fixes an issue where the Security AI Assistant chat completion API didn't use an associated conversation's system prompt ({kibana-pull}248020[#248020]).
 * Fixes an issue where the `createdBy` field in the notes filter didn't use exact matching ({kibana-pull}247351[#247351]).
 * Fixes a display issue with filters on the **MITRE ATT&CK® coverage** page ({kibana-pull}246794[#246794]).
 * Fixes an issue where Timeline actions appeared in the Alerts table bulk actions menu without proper privileges ({kibana-pull}246150[#246150]).
@@ -26,6 +27,9 @@
 * Fixes a bug where {elastic-defend} on Linux could fail to initialize with {elastic-agent}.
 * For {elastic-defend} on Linux, reduces the occurrence of policy failures related to malware protection system deadlock avoidance.
 * Fixes an issue in {elastic-defend} on Windows where Mark of the Web parsing incorrectly handled file origin information ending with a `\\0`.
+* Reduces the occurrence of Linux {elastic-defend} policy failures due Malware protections system deadlock avoidance.
+* Fixes an issue in {elastic-defend} that could result in delayed or missing malware-on-write alerts.
+* Fixes a bug in {elastic-defend} on Windows that can sometimes result in `KERNEL_AUTO_BOOST_LOCK_ACQUISITION_WITH_RAISED_IRQL` or `PAGE_FAULT_IN_NONPAGED_AREA` bugchecks when [Offloaded Data Transfer (ODX)](https://learn.microsoft.com/en-us/windows-hardware/drivers/storage/offloaded-data-transfer) is used to copy files.  This regression was introduced in {elastic-defend} versions 8.19.8, 9.1.8, and 9.2.2.
 
 [discrete]
 [[release-notes-8.19.9]]

From d1af64ec912770ae6ef741125fa24b5036610778 Mon Sep 17 00:00:00 2001
From: natasha-moore-elastic <natasha.moore@elastic.co>
Date: Mon, 12 Jan 2026 09:13:28 +0000
Subject: [PATCH 6/6] tweak

---
 docs/release-notes/8.19.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release-notes/8.19.asciidoc b/docs/release-notes/8.19.asciidoc
index 3f8d6bbf84..74a0d5d406 100644
--- a/docs/release-notes/8.19.asciidoc
+++ b/docs/release-notes/8.19.asciidoc
@@ -29,7 +29,7 @@
 * Fixes an issue in {elastic-defend} on Windows where Mark of the Web parsing incorrectly handled file origin information ending with a `\\0`.
 * Reduces the occurrence of Linux {elastic-defend} policy failures due Malware protections system deadlock avoidance.
 * Fixes an issue in {elastic-defend} that could result in delayed or missing malware-on-write alerts.
-* Fixes a bug in {elastic-defend} on Windows that can sometimes result in `KERNEL_AUTO_BOOST_LOCK_ACQUISITION_WITH_RAISED_IRQL` or `PAGE_FAULT_IN_NONPAGED_AREA` bugchecks when [Offloaded Data Transfer (ODX)](https://learn.microsoft.com/en-us/windows-hardware/drivers/storage/offloaded-data-transfer) is used to copy files.  This regression was introduced in {elastic-defend} versions 8.19.8, 9.1.8, and 9.2.2.
+* Fixes a bug in {elastic-defend} on Windows that could sometimes result in `KERNEL_AUTO_BOOST_LOCK_ACQUISITION_WITH_RAISED_IRQL` or `PAGE_FAULT_IN_NONPAGED_AREA` bugchecks when [Offloaded Data Transfer (ODX)](https://learn.microsoft.com/en-us/windows-hardware/drivers/storage/offloaded-data-transfer) was used to copy files. This regression was introduced in {elastic-defend} versions 8.19.8, 9.1.8, and 9.2.2.
 
 [discrete]
 [[release-notes-8.19.9]]