Skip to main content
Version: 6.0

What's New?

Version 6.0

📅 Search Anywhere Framework version 6.0.0 released on April 30, 2026.

🔥What's New in Search Anywhere Framework

Service Monitor Toolkit

The Service Monitor Toolkit module has appeared in the Search Anywhere Framework platform. It provides observability at infrastructure, service, and application levels. It unites metrics, logs, and traces in a unified health model, correlates events from heterogeneous sources, and helps find root causes of failures

⚡️Changes
  • Added Investigations section - deep analysis and correlation of metrics on a single timeline
  • Root Cause Analysis is now available - automatic search for root causes of service degradation by dependency graph
  • Added ability to create Analytics Hub - a single window for operational monitoring of service health
  • Native integration with Inventory module - automatic construction of health models from existing assets and their relationships
  • Metrics now have the ability for dynamic calculationof criticality ranges using mathematical algorithms and ML
  • Metrics now have time windows configuration, allowing precise criticality tuning depending on time and days of the week
  • Maintenance mode is now available for metrics, you can add exceptions in the form of time periods when the metric state is not calculated and does not affect service health

SAF AI Service

Added SAF AI Service for integrating large language models into Search Anywhere Framework via a unified API and ai command.

⚡️Changes
  • Implemented summary and per_row modes for summarization, analysis, classification, and intelligent data enrichment in SAFL-pipelines
  • Added model registry with centralized management of available models and execution parameters
  • Implemented structured output with support for deterministic results for analytics, investigations, and automation
  • Added limits and auto-truncation mechanisms for controlling data volume, overload protection, and predictable execution of large queries
  • Implemented integration with Langfuse for monitoring, tracing requests, quality control, and model usage analysis

AI Security

Added AI Security module to protect artificial intelligence systems, corporate search, and agent scenarios from new types of threats

⚡️Changes
  • Implemented detection of malicious instructions, hidden commands, dangerous documents, and secret data leaks
  • Added tool abuse control for detecting dangerous action chains, privilege escalation, and unauthorized operations
  • Implemented data leak analysis through agents, including email, messengers, command line, browser, and cloud services
  • Added change verification mechanism for identifying new vulnerabilities after updating instructions, policies, and available tools
  • Implemented security policy layer for applying access restrictions, preventing leaks, and generating protection recommendations

Core

⚡️Changes
  • OpenSearch updated to version 3.5.0

Core: Engine

⚡️Changes
  • Added semanticsearch command for semantic search through documents. Supports meaning-based search using vectorization models and helps find relevant data even without exact keyword matches
  • Added ai command for integrating large language models into SAFL-pipelines. Allows performing summarization, per-row data analysis, result enrichment, and intelligent string processing directly in queries with support for structured output, limits, and controlled execution.

ACM

⚡️Changes
  • Completely redesigned health models display:
    • Clear display of available services and their status
    • Ability to set service as "parent" for analyzing its relationships
    • Extended model navigation with ability to adjust display levels, hide and expand relationships, view parents of current service
    • New Service Card page with display of all associated services and metrics, additional attributes, and state change history
  • Metrics are now global and can be bound to different health models

Incident Manager

⚡️Changes
  • Added ability to configure various Incident Types, in which you can specify:
    • What set of fields will be in the card of a specific type
    • Which roles will have access to incidents of a specific type
    • How the card will be displayed. You can add multiple card views in one incident type. For different roles, visibility and editing capability for individual fields can be configured
  • Added ability to attach files to incident history, as well as save and render them in comments
  • Added ability to configure connection to S3 storage for file storage

User Behavior Analytics

⚡️Changes
  • Now in the task scheduler active action Risk Score Assignment you can configure detailing, with transition to search or link from the list of risk score assignments in the object profile

Servers

⚡️Changes
  • The Servers module has been completely redesigned for centralized monitoring of Linux and Windows server infrastructure
  • Simplified data collection: ready configurations are supplied for quick connection and monitoring startup
  • Added 5 new dashboards for infrastructure, servers, and process control
  • Implemented server inventory for unified infrastructure accounting
  • Added 6 ready-made infrastructure incident scenarios:
    • High CPU load
    • High RAM consumption
    • High Load Average
    • Critical filesystem filling
    • Detection of zombie processes
    • Absence of current metrics from server

Version 6.0.1

📅 Search Anywhere Framework version 6.0.1 was released on June 22, 2026.

Core

Improvements
  • Added cluster permission cluster:admin/sm/nav_settings/write to allow access to editing the navigation menu
  • Added support for ClickHouse drivers version higher than 0.9.6
Fixes
  • Fixed an issue where part of the filter settings interface on the dashboard was hidden beyond the page boundary
  • Now when navigating to the results of a background task, a new query is not launched instead of displaying results from disk
  • The search interval now correctly applies to the query when launched via the Ctrl+Enter key combination
  • Fixed the display of the JDBC Queries page in module settings when special characters are entered in the search bar
  • In the Bar Chart visualization, fixed display when the Vertical Layout option is activated on the Main tab
  • In the Single Value visualization, fixed rendering of negative values when the Shorten Large Numbers option is disabled
  • In the Single Value visualization, trend is now built not only when using timechart and timeaggs commands
  • In the Heatmap visualization, fixed color scheme update without recreating the series
  • In the Pie Chart visualization, fixed color palette update when changing the visualization theme
  • Now when changing filters located inside visualizations on the dashboard, the transition to the top of the dashboard no longer occurs
  • Fixed work with SP-tasks: editing, assigning tags and access rights now works correctly
  • Fixed duplication of fields in the sidebar on the Search page

Core: Engine

Improvements
  • In the eval command, basic mathematical operations now support working with arrays

Core: Job Scheduler

Fixes
  • In the Create Incident active action, if the field referenced by the token contains a null value, a dash is now substituted in the incident description
  • When the Do Not Run for Each Result option is enabled in the Write to DB active action, one request is now formed for all search results

Incident Manager

Fixes
  • Fixed reassigning connections in workflow settings
  • Fixed validation of Multi-select type fields in incident type cards
  • Added validation of required fields when creating (Title and Description) and editing (Severity and Responsible) incidents
  • Fixed display of dynamic options in incident type fields in creation and editing windows, including for fields not included as filters

Inventory

Fixes
  • Fixed hanging of the asset database update process
  • Eliminated cases of data loss when processing data from OpenSearch indexes by the engine
  • Asset cleanup by TTL no longer triggers if the option is active in at least one configuration
  • Fixed jerky interface when expanding and collapsing asset field filters
  • Fixed incorrect field on the Sources tab when creating an asset with time filter override enabled
  • Fixed missing cursors in combobox fields, which caused cursors to disappear on other pages after opening Inventory

User Behavior Analytics

Fixes
  • Fixed calendar clipping for selecting interval values in the schedule of launches when creating and editing in scoring calculations and object profiling
  • Added default page element count values to pagination options for scoring tables, score history, and run statistics in the object profile

SAF Beat Manager

Fixes
  • Fixed operation of Status and Connection filters on the Clients tab