What's New?

Version 5.3

📅 Search Anywhere Framework version 5.3.0 released on February 2, 2026.

Critical changes

Please note the critical changes section.

Core

⚡️ Changes

• The appearance of the Metric visualization has been updated
• Added the ability to enter custom values for filters of type Selection and Multi-selection in dashboards
• Now, when editing a visualization on a dashboard, changes are applied automatically

Fixes

• In the settings of Search Anywhere connections of types DB, ClickHouse, Hadoop, fixed the issue of slow loading of the JDBC drivers list
• In the settings of Search Anywhere connections of type ClickHouse, fixed incorrect connection string formation
• Added the ability to open links in a new window in HTML visualizations

Core: Engine

⚡️ Changes

• Added the ability to configure access in ClickHouse through user role settings in Search Anywhere Framework
• The search command now supports field comparison syntax: search <field>=<field>
• Added the exclude parameter to the source command, allowing exclusion of indices from the search
• Added the ability to create fields with dynamic names in the eval command

Improvements

• Added full error message output when checking Search Anywhere connections of types DB, ClickHouse, Hadoop fails
• Added support for parameters keepevicted, startswith, and endswith in the transaction command
• The transaction command now works up to 10 times faster
• Added functions eval to_timezone(<epoch>, <timezone>), eval from_timezone(<epoch>, <timezone>)
• Added function peval mvdedup in searches on source type ClickHouse
• Added functions aggs median/perc in searches on source type ClickHouse
• Line breaks in search queries are now supported

Fixes

• Fixed the operation of the rename command when using characters (, ), and . in the rename pattern
• Fixed incorrect field output after the fields/table command or after adding a field via eval in searches on source type ClickHouse
• Fixed the operation of the following commands, which are translated to source type ClickHouse:
  • peval: substr, mvcoint, mvindex, cidrmatch
  • aggs: earliest/latest
• Added the ability to use special characters in index names for OpenSearch/Elasticsearch connections: source os:os_sa_connection:'audit_t-2026':10

Core: Job Scheduler

⚡️ Changes

• Added the ability to configure the display order of Additional fields in the incident in the active action Create Incident
• Added the ability to add custom headers in the active action Send Email
• The Score field in the active action Risk Score Assignment now supports tokenization

Improvements

• Local tasks can now be created in SP Server mode
• Added a filter in the task list to separately view local and SP-tasks in SP Server mode
• Added the ability for multiple editing of SP-tasks

User Behavior Analytics

⚡️ Changes

• The Objects page now supports filtering by basic and additional fields
• Added an interface for displaying duplicates
• Added the ability to manually run profiling policies
• The profiling policy table now displays statistics of the last 5 runs

Improvements

• Added the ability to filter objects in profiling policies and scoring calculations
• General time interval fixation for all objects used in profiling policy and scoring calculations is now supported
• Added cloning and bulk editing capabilities for profiling policies and object population configurations
• Added bulk deletion capability for objects
• Redesigned object creation and editing interfaces

Incident Manager

⚡️ Changes

• New interface for displaying incident history:
  • Added history filtering
  • Simplified comment input, expanded text styling functions

Improvements

• Added display of the total number of incidents
• Added the ability to configure the order of fields in the Additional Fields and Incident Details sections in the incident card

Move To Clickhouse

Improvements

• Expanded list of compatible data types
• Added parameters for more flexible data transfer configuration
• Added mechanisms to stop data transfer and track status

ASM 2.0

⚡️ Changes

• Added the ability to configure graph display using levels
• Added import/export capability for layers and metrics

Inventory

Improvements

• Asset filters now allow entering custom values
• PostgreSQL connection timeout can now be configured

Fixes

• Optimized retrieval of asset count statistics
• Fixed the Request failed with status code 503 Service Unavailable error during module initialization in the Module Settings section
• Filters on the asset page are no longer reset after navigating to a specific asset and returning
• Fixed migration error for fields created and updated in PostgreSQL

Content Management

⚡️ Changes

• Added the ability to upload tag types

Critical Changes

• Added new fields to the task structure: job_category, actions.incident.order_fields; field type score changed from float to text
• New fields in the Incident Manager: Card Settings section can no longer be created with a . character in the identifier