Announcing Hunt 2.3: Improved Threat Hunting Experience & SSO Availability
Announcing Hunt 2.3: Improved Threat Hunting Experience & SSO Availability
Published on
Jun 25, 2025
We’re back with another update focused on making threat hunting faster and more efficient.
Hunt 2.3 introduces smoother phishing investigation workflows, new analyst-driven context in AttackCapture™, smarter SQL guidance in HuntSQL™, and a series of UX improvements that help you move quicker and pivot with less friction.
Here's a quick snapshot of what's new:
| Feature | What's New? |
|---|---|
| UX Improvements | Many details tweaked in the UI throughout the product. |
| AttackCapture™ | It's much easier to understand what the attacker is doing with the re-launch of Analyst Notes. No more hunting for a needle in a haystack, we highlight attacks of interest. |
| HuntSQL™ | Now Easier! Inspirational SQL queries, SQL easy record download, and Time cheat sheet launch. |
| Bulk Domain Enrichment | Domains are now enriched with C2s, Open Directories and IOCs - hundreds at a time. |
| Enterprise SSO | SAML 2.0 is now fully supported. |
AttackCapture™
Analyst Notes Directory: At the bottom of the main AttackCapture™ dashboard, we now include a global list of all directories with analyst-written notes, visible to every user. Use it to prioritize investigations, pivot faster, and gain instant context without digging through raw files.
New Editorial Observation: As part of the new Analysts Notes, AttackCapture™ now includes an Editorial Observation for each host, giving you a quick summary of the exposed content without needing to dig through every file.
HuntSQL™
Inspirational SQL Queries: Provides users with helpful examples and usage hints for the SQL editor. When a user clicks on a specific table or use case, a relevant query is automatically populated into the editor to guide them.
SQL Pop-out Download: Users can now download a single SQL result record in a JSON or CSV file for offline processing.
Time Zone Cheat Sheet: This new feature in HuntSQL™ helps you write time-based queries faster, with built-in examples for relative filters, absolute dates, date ranges, and timestamp aggregation, right in the query editor.
General Updates
Domain Enrichment: Now displays apex domains alongside extracted IPs, helping you quickly spot related infrastructure and streamline pivots during investigations.
Phishing Navigation: A dedicated section has been added for Phishing, including an Overview, Actors, and Kits, giving you quicker access to targeted phishing intelligence.
Enterprise SSO: SAML 2.0 is now fully supported. Organizations can integrate their existing SSO systems using our ACS endpoint. Contact us if you'd like to enable this for your team.
Bug Fixes
Added pagination to the AttackCapture™ search results page
Fixed IOCs that provided links that weren’t defanged throughout the domain searching
Fixed a bug in AttackCapture™ details which put the wrong date to "2025-03-10" in some cases
Fixed a bug on AttackCapture™ Listin on 16" monitors that had horizontal scrolling
Fixed a bug on Code Search Examples to make examples clickable, as well as added several more examples
Hunt 2.3 brings practical upgrades across core areas of the platform, better pivots, more context, and smoother workflows. It's built around what threat hunters actually need, based on what we've seen in real investigations. More improvements are on the way.
We’re back with another update focused on making threat hunting faster and more efficient.
Hunt 2.3 introduces smoother phishing investigation workflows, new analyst-driven context in AttackCapture™, smarter SQL guidance in HuntSQL™, and a series of UX improvements that help you move quicker and pivot with less friction.
Here's a quick snapshot of what's new:
| Feature | What's New? |
|---|---|
| UX Improvements | Many details tweaked in the UI throughout the product. |
| AttackCapture™ | It's much easier to understand what the attacker is doing with the re-launch of Analyst Notes. No more hunting for a needle in a haystack, we highlight attacks of interest. |
| HuntSQL™ | Now Easier! Inspirational SQL queries, SQL easy record download, and Time cheat sheet launch. |
| Bulk Domain Enrichment | Domains are now enriched with C2s, Open Directories and IOCs - hundreds at a time. |
| Enterprise SSO | SAML 2.0 is now fully supported. |
AttackCapture™
Analyst Notes Directory: At the bottom of the main AttackCapture™ dashboard, we now include a global list of all directories with analyst-written notes, visible to every user. Use it to prioritize investigations, pivot faster, and gain instant context without digging through raw files.
New Editorial Observation: As part of the new Analysts Notes, AttackCapture™ now includes an Editorial Observation for each host, giving you a quick summary of the exposed content without needing to dig through every file.
HuntSQL™
Inspirational SQL Queries: Provides users with helpful examples and usage hints for the SQL editor. When a user clicks on a specific table or use case, a relevant query is automatically populated into the editor to guide them.
SQL Pop-out Download: Users can now download a single SQL result record in a JSON or CSV file for offline processing.
Time Zone Cheat Sheet: This new feature in HuntSQL™ helps you write time-based queries faster, with built-in examples for relative filters, absolute dates, date ranges, and timestamp aggregation, right in the query editor.
General Updates
Domain Enrichment: Now displays apex domains alongside extracted IPs, helping you quickly spot related infrastructure and streamline pivots during investigations.
Phishing Navigation: A dedicated section has been added for Phishing, including an Overview, Actors, and Kits, giving you quicker access to targeted phishing intelligence.
Enterprise SSO: SAML 2.0 is now fully supported. Organizations can integrate their existing SSO systems using our ACS endpoint. Contact us if you'd like to enable this for your team.
Bug Fixes
Added pagination to the AttackCapture™ search results page
Fixed IOCs that provided links that weren’t defanged throughout the domain searching
Fixed a bug in AttackCapture™ details which put the wrong date to "2025-03-10" in some cases
Fixed a bug on AttackCapture™ Listin on 16" monitors that had horizontal scrolling
Fixed a bug on Code Search Examples to make examples clickable, as well as added several more examples
Hunt 2.3 brings practical upgrades across core areas of the platform, better pivots, more context, and smoother workflows. It's built around what threat hunters actually need, based on what we've seen in real investigations. More improvements are on the way.
Related Post
Product News
Jun 12, 2025
•
5
min read
Explore Hunt 2.2: Auto-unpack zips in AttackCapture™, smarter SQL with WHOIS and Nmap, and full IP history consolidation, track abused hosting with Host Radar, and more.
Read Article
Product News
Product News
Jun 12, 2025
•
5
min read
Explore Hunt 2.2: Auto-unpack zips in AttackCapture™, smarter SQL with WHOIS and Nmap, and full IP history consolidation, track abused hosting with Host Radar, and more.
Read Article
Product News
Product News
Mar 6, 2025
•
6
min read
Our latest release delivers deeper threat analysis with improved threat actor, C2, malware data, and new integrations for robust cyber intelligence.
Read Article
Product News
Product News
Mar 6, 2025
•
6
min read
Our latest release delivers deeper threat analysis with improved threat actor, C2, malware data, and new integrations for robust cyber intelligence.
Read Article
Product News
Product News
May 21, 2025
•
7
min read
Discover the new Hunt.io updates: deep text assisted analysis, IOC feed improvements, improved threat actor data, and faster advanced search. Learn more.
Read Article
Product News
Product News
May 21, 2025
•
7
min read
Discover the new Hunt.io updates: deep text assisted analysis, IOC feed improvements, improved threat actor data, and faster advanced search. Learn more.
Read Article
Product News
Find the threat
before it finds you
Hunt adversary infrastructure in real time. Surface C2 servers, enrich IOCs,
and map attacker activity at scale with our unified threat hunting platform.
Find the threat
before it finds you
Hunt adversary infrastructure in real time. Surface C2 servers, enrich IOCs,
and map attacker activity at scale with our unified threat hunting platform.
Find the threat
before it finds you
Hunt adversary infrastructure in real time. Surface C2 servers, enrich IOCs,
and map attacker activity at scale with our unified threat hunting platform.
Resources
©2025 Hunt Intelligence, Inc.