We’re back with another update focused on making threat hunting faster and more efficient.

Hunt 2.3 introduces smoother phishing investigation workflows, new analyst-driven context in AttackCapture™, smarter SQL guidance in HuntSQL™, and a series of UX improvements that help you move quicker and pivot with less friction.

Here's a quick snapshot of what's new:

AttackCapture™

• Analyst Notes Directory: At the bottom of the main AttackCapture™ dashboard, we now include a global list of all directories with analyst-written notes, visible to every user. Use it to prioritize investigations, pivot faster, and gain instant context without digging through raw files.

  

  
  

• New Editorial Observation: As part of the new Analysts Notes, AttackCapture™ now includes an Editorial Observation for each host, giving you a quick summary of the exposed content without needing to dig through every file.

  

  
  

HuntSQL™

• Inspirational SQL Queries: Provides users with helpful examples and usage hints for the SQL editor. When a user clicks on a specific table or use case, a relevant query is automatically populated into the editor to guide them.

  

  
  

• SQL Pop-out Download: Users can now download a single SQL result record in a JSON or CSV file for offline processing.

  

  
  

• Time Zone Cheat Sheet: This new feature in HuntSQL™ helps you write time-based queries faster, with built-in examples for relative filters, absolute dates, date ranges, and timestamp aggregation, right in the query editor.

  

  
  

General Updates

• Domain Enrichment: Now displays apex domains alongside extracted IPs, helping you quickly spot related infrastructure and streamline pivots during investigations.

  

  
  

• Phishing Navigation: A dedicated section has been added for Phishing, including an Overview, Actors, and Kits, giving you quicker access to targeted phishing intelligence.

  

  
  

• Enterprise SSO: SAML 2.0 is now fully supported. Organizations can integrate their existing SSO systems using our ACS endpoint. Contact us if you'd like to enable this for your team.

Bug Fixes

• Added pagination to the AttackCapture™ search results page

• Fixed IOCs that provided links that weren’t defanged throughout the domain searching

• Fixed a bug in AttackCapture™ details which put the wrong date to "2025-03-10" in some cases

• Fixed a bug on AttackCapture™ Listin on 16" monitors that had horizontal scrolling

• Fixed a bug on Code Search Examples to make examples clickable, as well as added several more examples

Hunt 2.3 brings practical upgrades across core areas of the platform, better pivots, more context, and smoother workflows. It's built around what threat hunters actually need, based on what we've seen in real investigations. More improvements are on the way.