From d36baae08989e80dca7127ae063c4a03f9e3ca66 Mon Sep 17 00:00:00 2001
From: natasha-moore-elastic
 <137783811+natasha-moore-elastic@users.noreply.github.com>
Date: Tue, 12 Aug 2025 10:21:56 +0100
Subject: [PATCH] 8.17.10 release notes (#7021)

* 8.17.10 release notes

* Update docs/release-notes/8.17.asciidoc

Co-authored-by: Gabriel Landau <42078554+gabriellandau@users.noreply.github.com>

* adds more Defend RNs

* removes RN from 8.17.9

* apply suggestions

* updates old known issue

---------

Co-authored-by: Gabriel Landau <42078554+gabriellandau@users.noreply.github.com>
(cherry picked from commit 58a4177e44b4b4f3884b56a1bce766b9bac75271)
---
 docs/release-notes.asciidoc      |  1 +
 docs/release-notes/8.17.asciidoc | 26 ++++++++++++++++++++++----
 2 files changed, 23 insertions(+), 4 deletions(-)

diff --git a/docs/release-notes.asciidoc b/docs/release-notes.asciidoc
index 4bcc698d79..6672b5a560 100644
--- a/docs/release-notes.asciidoc
+++ b/docs/release-notes.asciidoc
@@ -8,6 +8,7 @@ This section summarizes the changes in each release.
 * <<release-notes-8.18.2, {elastic-sec} version 8.18.2>>
 * <<release-notes-8.18.1, {elastic-sec} version 8.18.1>>
 * <<release-notes-8.18.0, {elastic-sec} version 8.18.0>>
+* <<release-notes-8.17.10, {elastic-sec} version 8.17.10>>
 * <<release-notes-8.17.9, {elastic-sec} version 8.17.9>>
 * <<release-notes-8.17.8, {elastic-sec} version 8.17.8>>
 * <<release-notes-8.17.7, {elastic-sec} version 8.17.7>>
diff --git a/docs/release-notes/8.17.asciidoc b/docs/release-notes/8.17.asciidoc
index 9acf1b3ddc..0d7f57e82e 100644
--- a/docs/release-notes/8.17.asciidoc
+++ b/docs/release-notes/8.17.asciidoc
@@ -2,13 +2,28 @@
 == 8.17
 
 [discrete]
-[[release-notes-8.17.9]]
-=== 8.17.9
+[[release-notes-8.17.10]]
+=== 8.17.10
 
 [discrete]
-[[enhancements-8.17.9]]
+[[enhancements-8.17.10]]
 ==== Enhancements
-* Shortens the time it takes to recover from a `DEGRADED` status caused by {elastic-agent} communication issues.
+* Due to an issue in macOS, {elastic-defend} would sometimes send network events without `user.name` populated. {elastic-defend} now identifies these events and populates `user.name` if necessary.
+* Reduces {elastic-defend} CPU usage when processing events from the System process.
+* Reduces {elastic-defend} CPU usage for ETW events, API events, and Behavioral Protections. In some cases, this may be a significant reduction.
+
+[discrete]
+[[bug-fixes-8.17.10]]
+==== Fixes
+* Fixes a race condition in {elastic-defend} on Windows that occasionally resulted in corrupted process command lines. This could cause incorrect values for `process.command_line`, `process.args_count`, and `process.args`, leading to false positives.
+* Improves the efficiency of the {elastic-defend} malware scan queue by not blocking scan requests when an oplock for the file being scanned cannot be acquired.
+* Fixes an issue in {elastic-defend} performance metrics that resulted in `endpoint_uptime_percent` always being 0 for behavioral rules.
+* Fixes an issue in {elastic-defend} that could result in a crash if a {ls} output configuration contains a certificate that cannot be parsed.
+* Shortens the time it takes for {elastic-defend} to recover from a `DEGRADED` status caused by {agent} communication issues.
+
+[discrete]
+[[release-notes-8.17.9]]
+=== 8.17.9
 
 [discrete]
 [[bug-fixes-8.17.9]]
@@ -40,6 +55,9 @@ For more information, check https://github.com/elastic/endpoint/issues/90[#90]
 Downgrade to 8.17.7 or install 8.17.9 once it becomes available.
 
 If you're unable to upgrade or downgrade, set the `advanced.kernel.network` advanced setting to `false` in your {elastic-defend} integration policy.
+
+*Resolved* +
+This issue is fixed in {stack} version 8.17.9.
 ====
 // end::known-issue[]