Announcing Hunt 2.3
Improved Threat Hunting Experience & SSO Availability
Announcing Hunt 2.3
Improved Threat Hunting Experience & SSO Availability
Announcing Hunt 2.3
Improved Threat Hunting Experience & SSO Availability
Published on
Published on
Published on
Jun 25, 2025
Jun 25, 2025
Jun 25, 2025




We’re back with another update focused on making threat hunting faster and more efficient.
Hunt 2.3 introduces smoother phishing investigation workflows, new analyst-driven context in AttackCapture™, smarter SQL guidance in HuntSQL™, and a series of UX improvements that help you move quicker and pivot with less friction.
Here's a quick snapshot of what's new:
Feature | What's New? |
---|---|
UX Improvements | Many details tweaked in the UI throughout the product. |
AttackCapture™ | It's much easier to understand what the attacker is doing with the re-launch of Analyst Notes. No more hunting for a needle in a haystack, we highlight attacks of interest. |
HuntSQL™ | Now Easier! Inspirational SQL queries, SQL easy record download, and Time cheat sheet launch. |
Bulk Domain Enrichment | Domains are now enriched with C2s, Open Directories and IOCs - hundreds at a time. |
Enterprise SSO | SAML 2.0 is now fully supported. |
AttackCapture™
Analyst Notes Directory: At the bottom of the main AttackCapture™ dashboard, we now include a global list of all directories with analyst-written notes, visible to every user. Use it to prioritize investigations, pivot faster, and gain instant context without digging through raw files.
New Editorial Observation: As part of the new Analysts Notes, AttackCapture™ now includes an Editorial Observation for each host, giving you a quick summary of the exposed content without needing to dig through every file.
HuntSQL™
Inspirational SQL Queries: Provides users with helpful examples and usage hints for the SQL editor. When a user clicks on a specific table or use case, a relevant query is automatically populated into the editor to guide them.
SQL Pop-out Download: Users can now download a single SQL result record in a JSON or CSV file for offline processing.
Time Zone Cheat Sheet: This new feature in HuntSQL™ helps you write time-based queries faster, with built-in examples for relative filters, absolute dates, date ranges, and timestamp aggregation, right in the query editor.
General Updates
Domain Enrichment: Now displays apex domains alongside extracted IPs, helping you quickly spot related infrastructure and streamline pivots during investigations.
Phishing Navigation: A dedicated section has been added for Phishing, including an Overview, Actors, and Kits, giving you quicker access to targeted phishing intelligence.
Enterprise SSO: SAML 2.0 is now fully supported. Organizations can integrate their existing SSO systems using our ACS endpoint. Contact us if you'd like to enable this for your team.
Bug Fixes
Added pagination to the AttackCapture™ search results page
Fixed IOCs that provided links that weren’t defanged throughout the domain searching
Fixed a bug in AttackCapture™ details which put the wrong date to "2025-03-10" in some cases
Fixed a bug on AttackCapture™ Listin on 16" monitors that had horizontal scrolling
Fixed a bug on Code Search Examples to make examples clickable, as well as added several more examples
Hunt 2.3 brings practical upgrades across core areas of the platform, better pivots, more context, and smoother workflows. It's built around what threat hunters actually need, based on what we've seen in real investigations. More improvements are on the way.
We’re back with another update focused on making threat hunting faster and more efficient.
Hunt 2.3 introduces smoother phishing investigation workflows, new analyst-driven context in AttackCapture™, smarter SQL guidance in HuntSQL™, and a series of UX improvements that help you move quicker and pivot with less friction.
Here's a quick snapshot of what's new:
Feature | What's New? |
---|---|
UX Improvements | Many details tweaked in the UI throughout the product. |
AttackCapture™ | It's much easier to understand what the attacker is doing with the re-launch of Analyst Notes. No more hunting for a needle in a haystack, we highlight attacks of interest. |
HuntSQL™ | Now Easier! Inspirational SQL queries, SQL easy record download, and Time cheat sheet launch. |
Bulk Domain Enrichment | Domains are now enriched with C2s, Open Directories and IOCs - hundreds at a time. |
Enterprise SSO | SAML 2.0 is now fully supported. |
AttackCapture™
Analyst Notes Directory: At the bottom of the main AttackCapture™ dashboard, we now include a global list of all directories with analyst-written notes, visible to every user. Use it to prioritize investigations, pivot faster, and gain instant context without digging through raw files.
New Editorial Observation: As part of the new Analysts Notes, AttackCapture™ now includes an Editorial Observation for each host, giving you a quick summary of the exposed content without needing to dig through every file.
HuntSQL™
Inspirational SQL Queries: Provides users with helpful examples and usage hints for the SQL editor. When a user clicks on a specific table or use case, a relevant query is automatically populated into the editor to guide them.
SQL Pop-out Download: Users can now download a single SQL result record in a JSON or CSV file for offline processing.
Time Zone Cheat Sheet: This new feature in HuntSQL™ helps you write time-based queries faster, with built-in examples for relative filters, absolute dates, date ranges, and timestamp aggregation, right in the query editor.
General Updates
Domain Enrichment: Now displays apex domains alongside extracted IPs, helping you quickly spot related infrastructure and streamline pivots during investigations.
Phishing Navigation: A dedicated section has been added for Phishing, including an Overview, Actors, and Kits, giving you quicker access to targeted phishing intelligence.
Enterprise SSO: SAML 2.0 is now fully supported. Organizations can integrate their existing SSO systems using our ACS endpoint. Contact us if you'd like to enable this for your team.
Bug Fixes
Added pagination to the AttackCapture™ search results page
Fixed IOCs that provided links that weren’t defanged throughout the domain searching
Fixed a bug in AttackCapture™ details which put the wrong date to "2025-03-10" in some cases
Fixed a bug on AttackCapture™ Listin on 16" monitors that had horizontal scrolling
Fixed a bug on Code Search Examples to make examples clickable, as well as added several more examples
Hunt 2.3 brings practical upgrades across core areas of the platform, better pivots, more context, and smoother workflows. It's built around what threat hunters actually need, based on what we've seen in real investigations. More improvements are on the way.
Related Posts:
Get biweekly intelligence to hunt adversaries before they strike.
Products
Hunt Intelligence, Inc.
Get biweekly intelligence to hunt adversaries before they strike.
Products
Hunt Intelligence, Inc.
Get biweekly intelligence to hunt adversaries before they strike.
Products
Hunt Intelligence, Inc.