Version: 5.1

Glossary

A

Absolute range

Allows users to set exact start and end dates and times for data analysis. This feature enables more precise query tuning and helps retrieve information for a specific time period of interest.

Active Actions

A tool that allows the execution of Workflow actions in various ways, helping to respond to specific incidents.

Agentless Data Collection

A method for retrieving and collecting system, network, or device information without installing dedicated software agents or components on the endpoints or servers.

Aggregation Result

The process of combining, processing, and summarizing data or results from various sources or components to obtain a more generalized outcome.

Allocation

The process of data exchange between OpenSearch cluster nodes. Data is automatically distributed across shards after being loaded into an index, and each shard can reside on different nodes. Allocation ensures high availability and system performance by evenly distributing the data.

Ansible

An open-source IT automation platform that automates configuration management, application deployment, orchestration, and many other IT processes.

C

ClickHouse

A database management system (DBMS) designed for real-time analytics of large volumes of data. (More information available at the official ClickHouse).

Cluster

A group of servers or computing nodes that work together to perform specific tasks, such as data processing, information storage, or computational operations.

Cluster State

A representation of the current state of a distributed cluster, including configuration and status of all nodes, as well as data and task distribution.

Column Chart

A type of data visualization where information is represented as rectangular bars of varying heights.

Common Vulnerabilities and Exposures (CVE)

A publicly available database that provides unique identifiers and descriptions of known software, operating system, and hardware vulnerabilities. CVEs standardize vulnerability tracking and identification to support consistent cybersecurity practices.

Comparison Operators

Special symbols or keywords used to compare values or expressions to determine whether one is greater than, less than, or equal to another.

Confidence Intervals

An interval constructed based on observations of a random variable, which-with a given probability-contains the unknown value of that variable's distribution parameter.

Core

The analytical core of Search Anywhere Framework, central to all Search Anywhere Framework installations. It includes the task scheduler, knowledge center, visualization tools, and response mechanisms.

Correlation

The process of identifying, analyzing, and utilizing relationships between different data sets or events to uncover patterns or improve system performance.

Correlation Rules

A set of predefined conditions and logical expressions used to identify relationships or links between various events, data points, or actions occurring within the system.

Coverage Matrix

A matrix in the MITRE ATT&CK module used to assess how well the current security system covers relevant techniques and tactics.

Cross Cluster Search (CCS)

A feature in OpenSearch and Elasticsearch that allows searching across multiple clusters as if they were a single cluster. CCS facilitates working with distributed data across different clusters, supporting scalability and flexibility in large-scale systems.

Cryptographic Operations

Mathematical and algorithmic processes used to secure data by transforming it to ensure confidentiality, integrity, authenticity, and other aspects of security. These processes form the foundation of cryptography and involve techniques designed to prevent unauthorized access or modification of information.

Cyber Security (CS)

A Search Anywhere Framework module designed to track events and provide statistics on processes related to information security.

D

Dashboard

A visual interface that displays data from one or more sources in the form of charts, graphs, tables, and other visual elements. Dashboards provide up-to-date information and metrics, allowing users to conveniently monitor, analyze, and interact with system data.

Data Conversion Operations

Processes of transforming data from one format or type to another. This is essential when working with different data types or systems that use various data representations.

Data Storage

The processes and technologies used to store, manage, protect, and retrieve data in various formats. Data storage is a critical component of any information system, enabling the retention of information for future use, analysis, or processing.

Data Type Identification Operations

Processes in which a system or program evaluates the data type of a variable, object, or expression to determine how it should be handled.

Data Visualization

A method of presenting data processing results visually using tools like charts, graphs, pivot tables, flowcharts, infographics, and heatmaps.

Detection Matrix

A matrix in the MITRE ATT&CK module used to evaluate the effectiveness of protection measures and track recent cybersecurity events.

Dictionary

Generates a list of actions characteristic of an object and its relationships with other objects.

Drilldown

An analytics mechanism that allows users to move from a general overview to more detailed data. Drilldown enables progressive exploration of data by starting with an aggregated view and revealing increasingly specific elements for in-depth analysis.

Dynamic options

Parameters or settings that can be changed during the operation of a system, program, or device, depending on user preferences.

E

Elastic Common Schema (ECS)

A specification developed by the Elastic user community. ECS defines a standardized set of fields for storing event data in OpenSearch.

Escape Characters

Special characters used in text strings to represent symbols like quotes, tabs, and newlines that cannot be directly typed or may interfere with syntax. They help prevent conflicts related to programming or scripting languages.

Export

The process of transferring data, resources, or functions from one system, program, or environment to another in a predefined format.

F

Field Bar

A visualization component used to show the distribution of results across the values of a specific field or data attribute.

Filter

A condition or set of conditions used to search for and select specific records.

Filtering

The process of selecting the most relevant data from a large dataset using specific criteria or conditions.

Frequency

Calculates how often certain actions are performed by an object (i.e., repetitions within a time interval). Useful for anomaly detection.

Full-Text Search

A method of searching information in text data that allows for locating words or phrases within large text volumes-such as documents, databases, web pages, and other resources. Unlike simple exact-match searches, full-text search analyzes text at the level of words, phrases, or even context.

H

Heatmap

A type of data visualization where information is represented as rectangular areas colored differently to indicate intensity or value.

I

Incident Manager (IM)

A Search Anywhere Framework module designed to analyze critical events and actions triggered by correlation rules. It enables incident management and prioritization based on severity.

Index

A data structure used for storing, organizing, and searching documents. An index is a logical entity that groups documents with specific characteristics and enables efficient data querying.

Index State Management (ISM)

A feature in OpenSearch similar to Index Lifecycle Management (ILM) in Elasticsearch. ISM automates the management of index lifecycles based on criteria such as age, size, document count, or other conditions. It helps efficiently manage cluster resources and data.

Indicators

Higher-level metrics derived from raw metric values or other indicators. They form a hierarchical structure, often represented in a PSM (Resource-Service Model) tree.

Inventory

A Search Anywhere Framework module that creates and maintains a unified database of assets and users, ensuring the data remains up to date.

Inventory Processor

An executable component of the Inventory module responsible for populating the asset database.

J

Java Database Connectivity (JDBC)

An API in the Java programming language that provides a mechanism for connecting to, querying, and interacting with databases.

Java Virtual Machine (JVM)

A virtual machine that is part of the Java platform, allowing programs written in Java (or compiled to Java bytecode) to run independently of hardware and operating systems.

Job

A scheduled task feature of the Core module in Search Anywhere Framework. It represents a list of active actions that operate on search results according to a predefined schedule. The API allows for retrieving, adding, updating, and deleting these tasks.

K

Knowledge Center (KwC)

A component of the Core module in Search Anywhere Framework designed to serve as a centralized knowledge base. KwC allows users to create and store diagrams, rules, scenarios, tags, and custom articles.

L

Limit

A constraint placed on a specific parameter or value that governs the execution of software processes, operations, or resource usage within a computing system.

Line Chart

A type of data visualization commonly used to display changes in a variable over time or in relation to another variable.

Log

A record of events, errors, or issues within a system or application, maintained for analysis and diagnostics. Logs support security and system monitoring, helping track application behavior and identify and resolve problems.

Lookup Manager

A component or tool for managing lookup operations across various data sources. It can be used to search, match, or retrieve data from databases, directories, tables, or external services

M

Machine Data

Data generated by devices, applications, services, and systems as they operate. This data is used for monitoring, analysis, optimization, and ensuring the secure functioning of IT infrastructure.

Managed Security Service Provider (MSSP)

A Search Anywhere Framework operating mode that enables an organization to act as a service provider. In this mode, client data is stored in separate clusters, ensuring data isolation and independent processing.

Mapping

The process of associating elements from one data set with elements from another. Mapping is used during data transformation or when working with various data structures such as objects, collections, or databases.

Masking

The process of hiding or protecting specific data, usually to maintain confidentiality or enhance security.

Mathematical Operations

Operations involving numeric values to perform calculations such as addition, subtraction, multiplication, division, and more.

Metric

An element of the Resource-Service Model (RSM) that represents the state of a monitoring object at the first level. It is calculated based on data source logic and may assume different states depending on configured thresholds.

MITRE ATT&CK

A Search Anywhere Framework module designed to detect and analyze cyberattacks on an organization using the MITRE ATT&CK knowledge base.

A type of graphical user interface (GUI) element that temporarily blocks interaction with the rest of the application or web page, requiring the user to take an action before returning to the main content.

Multi-Value Field

A field that contains more than one value. For example, a list of user roles.

N

Network

A Search Anywhere Framework module dedicated to thorough monitoring of network equipment and responding to changes in network configurations or behavior.

O

OpenSearch

An open-source software suite licensed under Apache 2.0 that simplifies data ingestion, search, visualization, and analysis.

P

Pie Chart

A type of data visualization represented as a circle divided into sectors, each illustrating a proportion of the whole.

Pipeline

A sequence of handlers or stages through which data or tasks are processed.

Pipeline processing

A data processing method where operations or tasks are performed sequentially through a chain of stages. Each stage processes incoming data, performs specific actions, and passes results to the next stage.

Playbook

A set of pre-defined scenarios or instructions detailing steps to be taken to complete certain tasks or respond to specific situations. In Search Anywhere Framework, playbooks are used to resolve incidents in the Knowledge Center component.

Priority Matrix

A matrix in the MITRE ATT&CK module that helps evaluate and visualize which attack techniques may pose the greatest threat to an organization.

R

Radar Chart

A type of data visualization presented as a chart with radial axes, used to compare one or more sets of values across multiple variables.

Regular Expression

A sequence of characters that defines a search pattern within text strings. Regular expressions are used for searching, replacing, or validating string data, as well as extracting information from text based on defined rules and patterns.

Relative Interval

Allows users to set a time range relative to the current date. By specifying time relative to the present moment, users can define offsets in different time units (minutes, hours, days, years).

Replica

An exact copy or duplicate of data, objects, or a system, created to ensure security, increase availability, improve performance, or enhance fault tolerance.

Resource-Service Model (RSM)

A component of the Core Search Anywhere Framework model that illustrates hierarchical relationships between all IT infrastructure objects.

Risk Action

Measures taken to reduce or eliminate risks that may arise during a project or process.

S

SAF Beat

A component of the Search Anywhere Framework Core module used for automated deployment of applications and configurations related to log collection.

Sankey

A type of data visualization where information is displayed as nodes connected by lines of varying width. Sankey diagrams are often used to show business processes and illustrate the intensity of flow between steps.

Scalability

The ability of a system, application, or infrastructure to function efficiently as the amount of data, users, or load increases, without significant degradation in performance.

Scheduler

A component of the Core Search Anywhere Framework module that controls the execution of tasks or processes, managing their order and scheduling.

Scoring

The process of assigning a numerical score (from the word score, meaning points) to an object, event, or entity based on specific criteria or characteristics.

Script

A set of commands or instructions executed by a virtual machine or interpreter in a specific programming language.

Search Anywhere (SA)

A concept or feature allowing users to search for information across multiple sources, databases, documents, or platforms from a single location, without being limited to a specific application or system.

Search Anywhere Engine Remote Executor (SA Engine RE)

It is a remote script execution service designed to integrate user scripts into various Search Anywhere Framework extension points such as search queries, jobs, and others.

Search Anywhere Framework (SAF)

A versatile platform designed for collecting and analyzing machine data. It addresses a variety of tasks in IT infrastructure monitoring, cybersecurity, and business process analysis.

Search Anywhere Framework Language (SAFL)

A query language designed for working with data on the Search Anywhere Framework platform. It provides users with powerful tools for data analysis and processing.

Search Bar

The primary tool for formulating queries and searching data within Search Anywhere Framework.

Security Assertion Markup Language (SAML)

An open standard for exchanging authentication and authorization data between parties, such as identity providers and service providers. SAML enables Single Sign-On (SSO), allowing users to access multiple applications with a single login.

Security Information and Event Management (SIEM)

A technology used to collect, analyze, and manage security events and information from various sources within an IT infrastructure. SIEM tools support threat detection and compliance with information security regulations.

Servers

A Search Anywhere Framework module focused on optimizing resources and monitoring efficiency. It tracks and analyzes server processes, including CPU, memory, and disk usage.

Service Level Agreement (SLA)

An agreement defining the level of service between a service provider and a client. In IT, SLAs specify the expected quality of service and the consequences for failing to meet those standards.

Shard

A subset of data within a database that is stored on a single server. In a cluster context, shards are distributed across different servers to allow for parallel processing of requests.

Single Sign-On (SSO)

An authentication method allowing users to access multiple applications or services with a single set of login credentials.

Software Development Kit (SDK)

A collection of tools, libraries, documentation, and code examples for developing software for a specific platform, OS, or technology. SDKs provide everything needed to create, test, and integrate applications.

Static Operations

Operations defined for an object or object type that are not executed on an individual instance of that object.

Static Options

Fixed parameters or settings that do not change manually during the operation of a system, program, or device.

Statistical Reports

Documents containing processed and analyzed data presented as tables, graphs, charts, and descriptive text. They are used to provide insights into the status, trends, or patterns of a phenomenon, process, or object using statistical methods.

Storage

A system component designed for saving, organizing, managing, and providing access to data. Storage plays a key role in data operations by enabling long-term retention, processing, and analysis.

String Concatenation

An operation that combines two or more values into a single string. This method is useful for creating messages, file paths, processing user input, and more by merging existing strings.

Subqueries

A mechanism that enables nested queries within a main search query. This allows users to build more complex queries by combining results from one query with others or with additional conditions.rk.

T

Table

A form of data visualization presented as an ordered set of rows and columns.

Tag

A label or special marker used to identify, describe, or format information within various data structures and formats.

Time Filter

A tool in Smart Monitor that enables users to restrict the time range of the data they analyze or visualize.

Time Interval

A segment of time representing one of time's core properties: the duration of an object’s (or event’s) movement or development between two points in time.

Time Operations

Actions associated with processing, managing, or analyzing data within a specified time interval.

Time to Live (TTL)

A data management mechanism that automatically moves or deletes data after a set time period. TTL helps reduce system resource usage and maintain data relevance.

Timeline

A graphical representation of data used to visualize the distribution of search or analysis results over time.

Timestamp

Metadata that reflects the temporal aspect of an event or data record. It indicates the exact moment when the event occurred or the record was created.

Trigonometric Operations

Mathematical operations based on trigonometric functions, commonly used in analyzing periodic processes and geometric transformations.

U

Unicode characters

Text characters defined by the Unicode standard a universal encoding system that enables consistent representation of text across languages and systems. Each symbol has a unique code, ensuring consistency across platforms and programs.

Universal Coordinated Time (UTC)

A time standard used as the basis for timekeeping and time zones worldwide. No country uses UTC as its local time.

User Behavior Analytics (UBA)

A Search Anywhere Framework module that provides tools for detecting anomalies in the behavior of various objects, including users, hosts, administrators, information systems, and business processes.

W

Webhook

A mechanism that allows one application to send data to another application or server in real time when specific events occur. Webhooks act as a "callback" or notification system without the need for constant polling (as required with APIs).

Wildcard characters

Special characters used as placeholders for one or more characters in text strings. Wildcards enable flexible filtering, pattern matching, and search queries across systems, databases, and applications.

Workflow

A series of steps, tasks, or operations performed to achieve a specific goal or solve a problem.

A ​

Absolute range​

Active Actions​

Agentless Data Collection​

Aggregation Result​

Allocation​

Ansible​

C ​

ClickHouse​

Cluster​

Cluster State​

Column Chart​

Common Vulnerabilities and Exposures (CVE)​

Comparison Operators​

Confidence Intervals​

Core​

Correlation​

Correlation Rules​

Coverage Matrix​

Cross Cluster Search (CCS)​

Cryptographic Operations​

Cyber Security (CS)​

D ​

Dashboard​

Data Conversion Operations​

Data Storage​

Data Type Identification Operations​

Data Visualization​

Detection Matrix​

Dictionary​

Drilldown​

Dynamic options​

E ​

Elastic Common Schema (ECS)​

Escape Characters​

Export​

F ​

Field Bar​

Filter​

Filtering​

Frequency​

Full-Text Search​

H ​

Heatmap​

I ​

Incident Manager (IM)​

Index​

Index State Management (ISM)​

Indicators​

Inventory​

Inventory Processor​

J ​

Java Database Connectivity (JDBC)​

Java Virtual Machine (JVM)​

Job​

K ​

Knowledge Center (KwC)​

L ​

Limit​

Line Chart​

Log​

Lookup Manager​

M ​

Machine Data​

Managed Security Service Provider (MSSP)​

Mapping​

Masking​

Mathematical Operations​

Metric​

MITRE ATT&CK​

Modal Window​

Multi-Value Field​

N ​

Network​

O ​

OpenSearch​

P ​

Pie Chart​

Pipeline​

Pipeline processing​

A