What's new?

Version 4.2

📅 Search Anywhere Framework version 4.2.0 was released on October 25, 2024.

Core

⚡️ Changes

Introduced an interface for installation and content management
Added an interface to monitor active searches
Updated dark and light themes
Theme selection now replaces style settings
New themes added: Green, Blue, Night Blue, and Ocean

Improvements

Expanded the set of modules and objects available for Spotlight search
Global tag search is now available in Spotlight
Significantly increased data migration speed to ClickHouse
Updated the dompurify to version 2.5.4

Fixes

Fixed an issue where the core.use_cluster_state setting value would reset after cluster restart
Fixed an issue with configuration retrieval from Cluster State

Core: Search Interface

Fixes

Fixed an issue with link generation when clicking the Share button

Core: Engine

⚡️ Changes

Added Machine Learning support for SAF Language commands
Added support for the following algorithms:
- K-means
- Linear regression
- Random Cut Forest (RCF)
- RCF Summarize
- Localization
- Logistic regression
Added the train and predict commands
Added the median function to stats, aggs, timechart, timeaggs, chart, eventstats, and streamstats commands

Improvements

The perc (percentile) function is now available in chart, eventstats, and streamstats commands
Added the option to disable the time filter in the source command using the timefield parameter

Fixes

Fixed incorrect comparison of numbers with different data types in the eval command
Fixed an issue where the random function generated identical values for different documents

Core: Job Scheduler

⚡️ Changes

Added developer mode for editing tasks

Improvements

Added SSL/TLS configuration option for the Webhook action
Password for authorization in the Webhook action is now stored in Keystore with the prefix jobscheduler.webhook.password

Fixes

Fixed an issue with the suppression mechanism for nested fields
Fixed an issue where tasks could run on servers where the node_with_sme attribute was set to false

Core: Remote Executor

Improvements

Updated the spring-boot-starter-parent to version 3.3.4

Smart Beat

⚡️ Changes

Added the rotation.log_path configuration parameter to specify the log directory
Added CN=<hostname> to the agent certificate (or Smart Beat if hostname is unavailable)

Improvements

The server parameter group is now hidden by default in the configuration
Default values set for ssl.cert_ca as ./cert/ca-cert.pem and manager.host as 127.0.0.1

Smart Beat Manager

⚡️ Changes

Added CN=<hostname> to the agent certificate (or Smart Beat if hostname is unavailable)

Improvements

Renamed the console command delete to remove (standardized with Smart Beat)
Optimized data loading speed in the interface
Expanded error descriptions in logs
authorization.opensearch.host now defaults to https
authorization.opensearch.ca_key is now hidden by default
authorization.opensearch.ca_cert now defaults to ca-cert.pem
authorization.opensearch.ssl_enabled is now optional and hidden by default

Inventory

⚡️ Changes

Added the option to set a base field coefficient for more precise partial similarity tuning

Incident Manager

Fixes

Fixed the Responsible filter functionality

Lookup Manager

Improvements

Optimized data lookup search performance

Fixes

Added a parameter in the directory settings to control the amount of data displayed in the interface

Version 4.1

📅 Search Anywhere Framework version 4.1.0 was released on July 11, 2024.

Core

⚡️ Changes

Updated OpenSearch to version 2.13.0
Added the ability to save SAF settings in Cluster State, allowing access to the cluster when it's overloaded
Added the ability to manage Keystore via API
Updated Radar Chart visualization
Updated Sankey Diagram visualization
Updated Table visualization

Improvements

Added the ability to set a custom identifier when creating tags
Notifications now feature a View Error button with detailed information
In the Upload Data and Lookup Manager sections, the maximum import data size now refers to the server.maxPayloadBytes parameter
Added the ability to drag and drop panels to new rows up or down

Fixes

Fixed incorrect breadcrumb display with long text inside

Core: Search Interface

Improvements

Added highlighting for string expressions in search queries
Added the ability to delete words up to the nearest space using the Shift + Option + Backspace or Shift + Alt + Backspace key combination
Improved query expression highlighting in dark mode
Improved error display occurring during search execution
Added additional connection checks (SSL, mandatory authentication) when accessing SME-RE

Fixes

Fixed the inability to export data to Excel with multivalue fields

Core: Engine

⚡️ Changes

Added perc (percentile) function to stats, aggs, timechart, timeaggs commands
Added resource consumption control when sending data using SME Circuit Breaker

Improvements

Optimized search result transfer between SAF modules

Core: Job Scheduler

⚡️ Changes

Added the ability to specify roles under which a search will run within a task
Added the ability to mass enable and disable tasks
Removed Index Aggregation action

Improvements

Added additional connection checks (SSL, mandatory authentication) when accessing SME-RE
Added a driver for ClickHouse in JdbcOutputAction
The database connection password in JdbcOutputAction is now stored in Keystore
Added the ability to specify certificates and SSL protocol version in WebhookAction

Fixes

Fixed incorrect task name truncation
Fixed incorrect table behavior when adding a new column

User Behavior Analytics

⚡️ Changes

Added count to the calculation settings function

Improvements

Added the ability to change permissions for Object Types and Scoring Types

Fixes

Fixed blocked create object button when types are missing
Adjusted out-of-license message display

Smart Beat

⚡️ Changes

Added agent.ip parameter to override localIp sent to Smart Beat Manager
Added agent.tags configuration parameter to filter the list of agents in Smart Beat Manager
Added sending all IPv4 addresses of network interfaces with a filled MAC address

Fixes

Fixed DNS not displaying in the absence of a private IP
Fixed application integrity control
Fixed repeated TLS handshake error from : EOF messages

Smart Beat Manager

⚡️ Changes

Added the ability to store backup user and password in environment variables

Fixes

Fixed repeated TLS handshake error from : EOF messages

Inventory

⚡️ Changes

Added the ability to store login and password for connecting to SM Data Storage in environment variables

Improvements

Added a warning for duplicate names of base and additional fields in the configuration

Incident Manager

⚡️ Changes

Added incident grouping results to the Incident Manager main page
Added Incident Group Settings page for configuring incident grouping
Added tags to grouped incidents

Improvements

Search is now performed by the storage
Added the ability to display user filters in Incident Manager based on their type
Improved incident and incident group history, added incident_history_language flag to set the history language

Lookup Manager

Fixes

Fixed page reload issue during file import into the directory

Knowledge Center

⚡️ Changes

Added the ability to display Markdown articles (read-only)

Fixes

Fixed error when there are no items in the permission group field

MITRE ATTACK

⚡️ Changes

Role model can now be configured for MITRE ATTACK matrix layers

Version 4.0

📅 Search Anywhere Framework version 4.0.0 was released on April 12, 2024.

Core

⚡️ Changes

Added Search Anywhere settings interface (connection to external data stores)
Added auto-completion for database connection strings in Search Anywhere
Added the ability to test connections to external storage
Added scoring configuration options

Improvements

JDBC query configuration is now integrated into Search Anywhere
The Upload Data and Active Tasks links have been moved to the left menu
The xlsx library was updated to version 0.20.1

Fixes

Fixed the filter-saving mechanism in the address bar

Core: Search Interface

⚡️ Changes

Added a new visualization type: Heatmap

Core: Engine

⚡️ Changes

Support for searching Clickhouse using Search Language
Added Timeline and Sidebar for Clickhouse queries
Time parameter passing is now available for Clickhouse storage queries

Core: Job Scheduler

⚡️ Changes

Added the ability to select which columns to display in the Task List

Improvements

The MITRE ATT&CK action now supports multi-selection of techniques

⚡️ User Behavior Analytics

⚡️ Changes

Added module configuration on first launch
Added new profiling algorithms: Dictionary, Statistics, Frequency, and Chronology
Added UBA object profile page and object information card
Added warning for UBA object duplicates
Added the ability to configure the type of object profiling
Added the ability to link scoring type to an object
Added automatic object list population by schedule
Added support for running multiple profiling algorithms in policies
Added the ability to use a custom function for scoring calculation
Added the ability to view profiling policy results
Added statistics on runs for each object
Added server filtering options for running calculations

Improvements

Added deletion confirmation in module settings
Added scoring deletion confirmation

Incident Manager

⚡️ Changes

Added incident group creation mechanism (aggregations)
Added incident group configuration
Added the ability to choose the closure status for incident groups
Added the ability to configure the display (incidents only or incidents and groups of incidents)
Added the ability to edit incident groups with synchronized changes for each incident
Added the ability to run Adhoc Actions for incident groups
Added the ability to display MITRE techniques for incident groups
Each incident group now has configurable group parameters

Improvements

Incident or incident group description configuration can now be done with Markdown
Added search by owners in the incident table search bar
Added search by query results in the incident table search bar
System and display names for incident groups are now configurable

Fixes

Fixed the error that occurred when the incident list auto-refresh caused an issue due to lack of data

Knowledge Center

Fixes

Fixed the display of tags on the Scenarios page
Fixed the error when fetching the list on the Wikilogs page

MITRE ATTACK

Fixes

Fixed the error in technique information display when mitigations were missing
Fixed the error in getting statistics for triggered rules

Version 4.2​

Core​

Core: Search Interface​

Core: Engine​

Core: Job Scheduler​

Core: Remote Executor​

Smart Beat​

Smart Beat Manager​

Inventory​

Incident Manager​

Lookup Manager​

Version 4.1​

Core​

Core: Search Interface​

Core: Engine​

Core: Job Scheduler​

User Behavior Analytics​

Smart Beat​

Smart Beat Manager​

Inventory​

Incident Manager​

Lookup Manager​

Knowledge Center​

MITRE ATTACK​

Version 4.0​

Core​

Core: Search Interface​

Core: Engine​

Core: Job Scheduler​

⚡️ User Behavior Analytics​

Incident Manager​

Knowledge Center​

MITRE ATTACK​

Version 4.2

Core

Core: Search Interface

Core: Engine

Core: Job Scheduler

Core: Remote Executor

Smart Beat

Smart Beat Manager

Inventory

Incident Manager

Lookup Manager

Version 4.1

Core

Core: Search Interface

Core: Engine

Core: Job Scheduler

User Behavior Analytics

Smart Beat

Smart Beat Manager

Inventory

Incident Manager

Lookup Manager

Knowledge Center

MITRE ATTACK

Version 4.0

Core

Core: Search Interface

Core: Engine

Core: Job Scheduler

⚡️ User Behavior Analytics

Incident Manager

Knowledge Center

MITRE ATTACK