Elastic Security 7.11 introduces a range of enhancements aimed at improving threat detection, alert management, and data integration capabilities for security teams. Key features include prebuilt detection rules for cloud applications and Windows environments, updated machine learning jobs for anomaly detection across Windows and Linux hosts, and specialized detection rules for SUNBURST-related threats. The update also supports MITRE ATT&CK sub-techniques, offers expanded alert management actions for integration with third-party tools like Jira and ServiceNow, and introduces customizable alert notifications for better context. The usability of the Timeline workspace has been improved with features like tabbed information access and multicolumn sorting, while accessibility enhancements include better keyboard navigation and screen reader support. Elastic Agent now supports additional data sources and can ingest database audit logs, Snyk vulnerability data, and Windows security events by default. Additionally, Elastic 7.11 offers malware prevention options recognized by Windows and streamlined lifecycle management through its Fleet interface. The release also includes the general availability of searchable snapshots, allowing for extended retention and cost-effective access to high-volume security data from various sources.