What's new?
Version 4.0
📅 Search Anywhere Framework version 4.0.0 was released on April 12, 2024.
Core
⚡️ Changes- Added Search Anywhere settings interface (connection to external data stores)
- Added auto-completion for database connection strings in Search Anywhere
- Added the ability to test connections to external storage
- Added scoring configuration options
- JDBC query configuration is now integrated into Search Anywhere
- The
Upload Data
andActive Tasks
links have been moved to the left menu - The xlsx library was updated to version 0.20.1
- Fixed the filter-saving mechanism in the address bar
Core: Search Interface
⚡️ Changes- Added a new visualization type:
Heatmap
Core: Engine
⚡️ Changes- Support for searching Clickhouse using Search Language
- Added
Timeline
andSidebar
for Clickhouse queries - Time parameter passing is now available for Clickhouse storage queries
Core: Job Scheduler
⚡️ Changes- Added the ability to select which columns to display in the
Task List
- The
MITRE ATT&CK
action now supports multi-selection of techniques
⚡️ User Behavior Analytics
⚡️ Changes- Added module configuration on first launch
- Added new profiling algorithms:
Dictionary
,Statistics
,Frequency
, andChronology
- Added UBA object profile page and object information card
- Added warning for UBA object duplicates
- Added the ability to configure the type of object profiling
- Added the ability to link scoring type to an object
- Added automatic object list population by schedule
- Added support for running multiple profiling algorithms in policies
- Added the ability to use a custom function for scoring calculation
- Added the ability to view profiling policy results
- Added statistics on runs for each object
- Added server filtering options for running calculations
- Added deletion confirmation in module settings
- Added scoring deletion confirmation
Incident Manager
⚡️ Changes- Added incident group creation mechanism (aggregations)
- Added incident group configuration
- Added the ability to choose the closure status for incident groups
- Added the ability to configure the display (incidents only or incidents and groups of incidents)
- Added the ability to edit incident groups with synchronized changes for each incident
- Added the ability to run Adhoc Actions for incident groups
- Added the ability to display MITRE techniques for incident groups
- Each incident group now has configurable group parameters
- Incident or incident group description configuration can now be done with Markdown
- Added search by owners in the incident table search bar
- Added search by query results in the incident table search bar
- System and display names for incident groups are now configurable
- Fixed the error that occurred when the incident list auto-refresh caused an issue due to lack of data
Knowledge Center
Fixes- Fixed the display of tags on the
Scenarios
page - Fixed the error when fetching the list on the
Wikilogs
page
MITRE ATTACK
Fixes- Fixed the error in technique information display when
mitigations
were missing - Fixed the error in getting statistics for triggered rules