Announcing Hunt 2.3
More Pivots Everywhere
Announcing Hunt 2.3
More Pivots Everywhere
Announcing Hunt 2.3
More Pivots Everywhere
Published on
Published on
Published on
Jun 24, 2025
Jun 24, 2025
Jun 24, 2025
We’re back with another update focused on making threat hunting faster and more efficient.
Hunt 2.3 introduces smoother phishing investigation workflows, new analyst-driven context in AttackCapture™, smarter SQL guidance in HuntSQL™, and a series of UX improvements that help you move quicker and pivot with less friction.
Here's a quick snapshot of what's new:
| Feature | What's New? |
|---|---|
| UX Improvements | New AttackCapture™ search results page, Phishing Navigation with Overview, Actors, and Kits. |
| AttackCapture™ | Analyst Notes and New Editorial Observations. |
| HuntSQL™ | Inspirational SQL queries, SQL pop-out download, and Time cheat sheet. |
| Domain Enrichment | Now displays apex domains alongside extracted IPs. |
| Enterprise SSO | SAML 2.0 is now fully supported. |
AttackCapture™
Analyst Notes Directory: At the bottom of the main AttackCapture™ dashboard, we now include a global list of all directories with analyst-written notes, visible to every user.
Use it to prioritize investigations, pivot faster, and gain instant context without digging through raw files.
New Editorial Observation: As part of the new Analysts Notes, AttackCapture™ now includes an Editorial Observation for each host, giving you a quick summary of the exposed content without needing to dig through every file.
HuntSQL™
Inspirational SQL Queries: Provides users with helpful examples and usage hints for the SQL editor. When a user clicks on a specific table or use case, a relevant query is automatically populated into the editor to guide them.
SQL pop-out download: Users can now download a single SQL result record in a JSON or CSV file for offline processing.
New time zone cheat sheet: This new feature in HuntSQL™ helps you write time-based queries faster, with built-in examples for relative filters, absolute dates, date ranges, and timestamp aggregation, right in the query editor.
General Updates
Domain Enrichment: Now displays apex domains alongside extracted IPs, helping you quickly spot related infrastructure and streamline pivots during investigations.
Phishing Navigation: A dedicated section has been added for Phishing, including an Overview, Actors, and Kits, giving you quicker access to targeted phishing intelligence.
Enterprise SSO: SAML 2.0 is now fully supported. Organizations can integrate their existing SSO systems using our ACS endpoint. Contact us if you'd like to enable this for your team.
Bug Fixes
Search Results Pagination: Added pagination to the AttackCapture™ search results page
Hunt 2.3 brings practical upgrades across core areas of the platform, better pivots, more context, and smoother workflows. It's built around what threat hunters actually need, based on what we've seen in real investigations. More improvements are on the way.
We’re back with another update focused on making threat hunting faster and more efficient.
Hunt 2.3 introduces smoother phishing investigation workflows, new analyst-driven context in AttackCapture™, smarter SQL guidance in HuntSQL™, and a series of UX improvements that help you move quicker and pivot with less friction.
Here's a quick snapshot of what's new:
| Feature | What's New? |
|---|---|
| UX Improvements | New AttackCapture™ search results page, Phishing Navigation with Overview, Actors, and Kits. |
| AttackCapture™ | Analyst Notes and New Editorial Observations. |
| HuntSQL™ | Inspirational SQL queries, SQL pop-out download, and Time cheat sheet. |
| Domain Enrichment | Now displays apex domains alongside extracted IPs. |
| Enterprise SSO | SAML 2.0 is now fully supported. |
AttackCapture™
Analyst Notes Directory: At the bottom of the main AttackCapture™ dashboard, we now include a global list of all directories with analyst-written notes, visible to every user.
Use it to prioritize investigations, pivot faster, and gain instant context without digging through raw files.
New Editorial Observation: As part of the new Analysts Notes, AttackCapture™ now includes an Editorial Observation for each host, giving you a quick summary of the exposed content without needing to dig through every file.
HuntSQL™
Inspirational SQL Queries: Provides users with helpful examples and usage hints for the SQL editor. When a user clicks on a specific table or use case, a relevant query is automatically populated into the editor to guide them.
SQL pop-out download: Users can now download a single SQL result record in a JSON or CSV file for offline processing.
New time zone cheat sheet: This new feature in HuntSQL™ helps you write time-based queries faster, with built-in examples for relative filters, absolute dates, date ranges, and timestamp aggregation, right in the query editor.
General Updates
Domain Enrichment: Now displays apex domains alongside extracted IPs, helping you quickly spot related infrastructure and streamline pivots during investigations.
Phishing Navigation: A dedicated section has been added for Phishing, including an Overview, Actors, and Kits, giving you quicker access to targeted phishing intelligence.
Enterprise SSO: SAML 2.0 is now fully supported. Organizations can integrate their existing SSO systems using our ACS endpoint. Contact us if you'd like to enable this for your team.
Bug Fixes
Search Results Pagination: Added pagination to the AttackCapture™ search results page
Hunt 2.3 brings practical upgrades across core areas of the platform, better pivots, more context, and smoother workflows. It's built around what threat hunters actually need, based on what we've seen in real investigations. More improvements are on the way.
Related Posts:
Explore Hunt 2.2: Auto-unpack zips in AttackCapture™, smarter SQL with WHOIS and Nmap, and full IP history consolidation, track abused hosting with Host Radar, and more.
Explore Hunt 2.2: Auto-unpack zips in AttackCapture™, smarter SQL with WHOIS and Nmap, and full IP history consolidation, track abused hosting with Host Radar, and more.
Our latest release delivers deeper threat analysis with improved threat actor, C2, malware data, and new integrations for robust cyber intelligence.
Our latest release delivers deeper threat analysis with improved threat actor, C2, malware data, and new integrations for robust cyber intelligence.
Discover the new Hunt.io updates: deep text assisted analysis, IOC feed improvements, improved threat actor data, and faster advanced search. Learn more.
Discover the new Hunt.io updates: deep text assisted analysis, IOC feed improvements, improved threat actor data, and faster advanced search. Learn more.
Explore Hunt 2.2: Auto-unpack zips in AttackCapture™, smarter SQL with WHOIS and Nmap, and full IP history consolidation, track abused hosting with Host Radar, and more.
Our latest release delivers deeper threat analysis with improved threat actor, C2, malware data, and new integrations for robust cyber intelligence.
Discover the new Hunt.io updates: deep text assisted analysis, IOC feed improvements, improved threat actor data, and faster advanced search. Learn more.
Get biweekly intelligence to hunt adversaries before they strike.
Products
Hunt Intelligence, Inc.
Get biweekly intelligence to hunt adversaries before they strike.
Products
Hunt Intelligence, Inc.
Get biweekly intelligence to hunt adversaries before they strike.
Products
Hunt Intelligence, Inc.