Announcing Hunt 2.3
Improved Threat Hunting Experience & SSO Availability

Announcing Hunt 2.3
Improved Threat Hunting Experience & SSO Availability

Announcing Hunt 2.3
Improved Threat Hunting Experience & SSO Availability

Published on

Published on

Published on

Jun 25, 2025

Jun 25, 2025

Jun 25, 2025

Announcing Hunt 2.3: Improved Threat Hunting Experience & SSO Availability
Announcing Hunt 2.3: Improved Threat Hunting Experience & SSO Availability
Announcing Hunt 2.3: Improved Threat Hunting Experience & SSO Availability
Announcing Hunt 2.3: Improved Threat Hunting Experience & SSO Availability

Announcing Hunt 2.3: Improved Threat Hunting Experience & SSO Availability

We’re back with another update focused on making threat hunting faster and more efficient.

Hunt 2.3 introduces smoother phishing investigation workflows, new analyst-driven context in AttackCapture™, smarter SQL guidance in HuntSQL™, and a series of UX improvements that help you move quicker and pivot with less friction.

Here's a quick snapshot of what's new:

Feature What's New?
UX Improvements Many details tweaked in the UI throughout the product.
AttackCapture™ It's much easier to understand what the attacker is doing with the re-launch of Analyst Notes. No more hunting for a needle in a haystack, we highlight attacks of interest.
HuntSQL™ Now Easier! Inspirational SQL queries, SQL easy record download, and Time cheat sheet launch.
Bulk Domain Enrichment Domains are now enriched with C2s, Open Directories and IOCs - hundreds at a time.
Enterprise SSO SAML 2.0 is now fully supported.

AttackCapture™

  • Analyst Notes Directory: At the bottom of the main AttackCapture™ dashboard, we now include a global list of all directories with analyst-written notes, visible to every user. Use it to prioritize investigations, pivot faster, and gain instant context without digging through raw files.

    Analyst Notes Directory


  • New Editorial Observation: As part of the new Analysts Notes, AttackCapture™ now includes an Editorial Observation for each host, giving you a quick summary of the exposed content without needing to dig through every file.

    New Editorial Observation


HuntSQL™

  • Inspirational SQL Queries: Provides users with helpful examples and usage hints for the SQL editor. When a user clicks on a specific table or use case, a relevant query is automatically populated into the editor to guide them.

    Inspirational SQL Queries


  • SQL Pop-out Download: Users can now download a single SQL result record in a JSON or CSV file for offline processing.

    SQL Pop-out Download


  • Time Zone Cheat Sheet: This new feature in HuntSQL™ helps you write time-based queries faster, with built-in examples for relative filters, absolute dates, date ranges, and timestamp aggregation, right in the query editor.

    Time Zone Cheat Sheet


General Updates

  • Domain Enrichment: Now displays apex domains alongside extracted IPs, helping you quickly spot related infrastructure and streamline pivots during investigations.

    Domain Enrichment


  • Phishing Navigation: A dedicated section has been added for Phishing, including an Overview, Actors, and Kits, giving you quicker access to targeted phishing intelligence.

    Phishing Navigation


  • Enterprise SSO: SAML 2.0 is now fully supported. Organizations can integrate their existing SSO systems using our ACS endpoint. Contact us if you'd like to enable this for your team.

Bug Fixes

  • Added pagination to the AttackCapture™ search results page

  • Fixed IOCs that provided links that weren’t defanged throughout the domain searching

  • Fixed a bug in AttackCapture™ details which put the wrong date to "2025-03-10" in some cases

  • Fixed a bug on AttackCapture™ Listin on 16" monitors that had horizontal scrolling

  • Fixed a bug on Code Search Examples to make examples clickable, as well as added several more examples


Hunt 2.3 brings practical upgrades across core areas of the platform, better pivots, more context, and smoother workflows. It's built around what threat hunters actually need, based on what we've seen in real investigations. More improvements are on the way.

We’re back with another update focused on making threat hunting faster and more efficient.

Hunt 2.3 introduces smoother phishing investigation workflows, new analyst-driven context in AttackCapture™, smarter SQL guidance in HuntSQL™, and a series of UX improvements that help you move quicker and pivot with less friction.

Here's a quick snapshot of what's new:

Feature What's New?
UX Improvements Many details tweaked in the UI throughout the product.
AttackCapture™ It's much easier to understand what the attacker is doing with the re-launch of Analyst Notes. No more hunting for a needle in a haystack, we highlight attacks of interest.
HuntSQL™ Now Easier! Inspirational SQL queries, SQL easy record download, and Time cheat sheet launch.
Bulk Domain Enrichment Domains are now enriched with C2s, Open Directories and IOCs - hundreds at a time.
Enterprise SSO SAML 2.0 is now fully supported.

AttackCapture™

  • Analyst Notes Directory: At the bottom of the main AttackCapture™ dashboard, we now include a global list of all directories with analyst-written notes, visible to every user. Use it to prioritize investigations, pivot faster, and gain instant context without digging through raw files.

    Analyst Notes Directory


  • New Editorial Observation: As part of the new Analysts Notes, AttackCapture™ now includes an Editorial Observation for each host, giving you a quick summary of the exposed content without needing to dig through every file.

    New Editorial Observation


HuntSQL™

  • Inspirational SQL Queries: Provides users with helpful examples and usage hints for the SQL editor. When a user clicks on a specific table or use case, a relevant query is automatically populated into the editor to guide them.

    Inspirational SQL Queries


  • SQL Pop-out Download: Users can now download a single SQL result record in a JSON or CSV file for offline processing.

    SQL Pop-out Download


  • Time Zone Cheat Sheet: This new feature in HuntSQL™ helps you write time-based queries faster, with built-in examples for relative filters, absolute dates, date ranges, and timestamp aggregation, right in the query editor.

    Time Zone Cheat Sheet


General Updates

  • Domain Enrichment: Now displays apex domains alongside extracted IPs, helping you quickly spot related infrastructure and streamline pivots during investigations.

    Domain Enrichment


  • Phishing Navigation: A dedicated section has been added for Phishing, including an Overview, Actors, and Kits, giving you quicker access to targeted phishing intelligence.

    Phishing Navigation


  • Enterprise SSO: SAML 2.0 is now fully supported. Organizations can integrate their existing SSO systems using our ACS endpoint. Contact us if you'd like to enable this for your team.

Bug Fixes

  • Added pagination to the AttackCapture™ search results page

  • Fixed IOCs that provided links that weren’t defanged throughout the domain searching

  • Fixed a bug in AttackCapture™ details which put the wrong date to "2025-03-10" in some cases

  • Fixed a bug on AttackCapture™ Listin on 16" monitors that had horizontal scrolling

  • Fixed a bug on Code Search Examples to make examples clickable, as well as added several more examples


Hunt 2.3 brings practical upgrades across core areas of the platform, better pivots, more context, and smoother workflows. It's built around what threat hunters actually need, based on what we've seen in real investigations. More improvements are on the way.

Related Posts:

Introducing Hunt 2.2: AttackCapture™ Zip Extraction, Smarter SQL, IP History Consolidation, and more
Jun 12, 2025

Explore Hunt 2.2: Auto-unpack zips in AttackCapture™, smarter SQL with WHOIS and Nmap, and full IP history consolidation, track abused hosting with Host Radar, and more.

Introducing Hunt 2.2: AttackCapture™ Zip Extraction, Smarter SQL, IP History Consolidation, and more
Jun 12, 2025

Explore Hunt 2.2: Auto-unpack zips in AttackCapture™, smarter SQL with WHOIS and Nmap, and full IP history consolidation, track abused hosting with Host Radar, and more.

Introducing Hunt 2.0: Deeper Threat Analysis & Enhanced Data for Cyber Intelligence
Mar 6, 2025

Our latest release delivers deeper threat analysis with improved threat actor, C2, malware data, and new integrations for robust cyber intelligence.

Introducing Hunt 2.0: Deeper Threat Analysis & Enhanced Data for Cyber Intelligence
Mar 6, 2025

Our latest release delivers deeper threat analysis with improved threat actor, C2, malware data, and new integrations for robust cyber intelligence.

Introducing Hunt 2.1:  Refinements to the Threat Hunting Experience
May 21, 2025

Discover the new Hunt.io updates: deep text assisted analysis, IOC feed improvements, improved threat actor data, and faster advanced search. Learn more.

Introducing Hunt 2.1:  Refinements to the Threat Hunting Experience
May 21, 2025

Discover the new Hunt.io updates: deep text assisted analysis, IOC feed improvements, improved threat actor data, and faster advanced search. Learn more.

Introducing Hunt 2.2: AttackCapture™ Zip Extraction, Smarter SQL, IP History Consolidation, and more
Jun 12, 2025

Explore Hunt 2.2: Auto-unpack zips in AttackCapture™, smarter SQL with WHOIS and Nmap, and full IP history consolidation, track abused hosting with Host Radar, and more.

Introducing Hunt 2.0: Deeper Threat Analysis & Enhanced Data for Cyber Intelligence
Mar 6, 2025

Our latest release delivers deeper threat analysis with improved threat actor, C2, malware data, and new integrations for robust cyber intelligence.

Introducing Hunt 2.1:  Refinements to the Threat Hunting Experience
May 21, 2025

Discover the new Hunt.io updates: deep text assisted analysis, IOC feed improvements, improved threat actor data, and faster advanced search. Learn more.