Skip to main content

What's new?

Version 4.0

📅 Search Anywhere Framework version 4.0.0 was released on April 12, 2024.

Core

⚡️ Changes
  • Added Search Anywhere settings interface (connection to external data stores)
  • Added auto-completion for database connection strings in Search Anywhere
  • Added the ability to test connections to external storage
  • Added scoring configuration options
Improvements
  • JDBC query configuration is now integrated into Search Anywhere
  • The Upload Data and Active Tasks links have been moved to the left menu
  • The xlsx library was updated to version 0.20.1
Fixes
  • Fixed the filter-saving mechanism in the address bar

Core: Search Interface

⚡️ Changes
  • Added a new visualization type: Heatmap

Core: Engine

⚡️ Changes
  • Support for searching Clickhouse using Search Language
  • Added Timeline and Sidebar for Clickhouse queries
  • Time parameter passing is now available for Clickhouse storage queries

Core: Job Scheduler

⚡️ Changes
  • Added the ability to select which columns to display in the Task List
Improvements
  • The MITRE ATT&CK action now supports multi-selection of techniques

⚡️ User Behavior Analytics

⚡️ Changes
  • Added module configuration on first launch
  • Added new profiling algorithms: Dictionary, Statistics, Frequency, and Chronology
  • Added UBA object profile page and object information card
  • Added warning for UBA object duplicates
  • Added the ability to configure the type of object profiling
  • Added the ability to link scoring type to an object
  • Added automatic object list population by schedule
  • Added support for running multiple profiling algorithms in policies
  • Added the ability to use a custom function for scoring calculation
  • Added the ability to view profiling policy results
  • Added statistics on runs for each object
  • Added server filtering options for running calculations
Improvements
  • Added deletion confirmation in module settings
  • Added scoring deletion confirmation

Incident Manager

⚡️ Changes
  • Added incident group creation mechanism (aggregations)
  • Added incident group configuration
  • Added the ability to choose the closure status for incident groups
  • Added the ability to configure the display (incidents only or incidents and groups of incidents)
  • Added the ability to edit incident groups with synchronized changes for each incident
  • Added the ability to run Adhoc Actions for incident groups
  • Added the ability to display MITRE techniques for incident groups
  • Each incident group now has configurable group parameters
Improvements
  • Incident or incident group description configuration can now be done with Markdown
  • Added search by owners in the incident table search bar
  • Added search by query results in the incident table search bar
  • System and display names for incident groups are now configurable
Fixes
  • Fixed the error that occurred when the incident list auto-refresh caused an issue due to lack of data

Knowledge Center

Fixes
  • Fixed the display of tags on the Scenarios page
  • Fixed the error when fetching the list on the Wikilogs page

MITRE ATTACK

Fixes
  • Fixed the error in technique information display when mitigations were missing
  • Fixed the error in getting statistics for triggered rules