Smarter hunts. Stronger attack surface visibility. Smoother collaboration.

We’re excited to announce Threatnote Version 2.2, bringing powerful new capabilities across Attack Surface Management, Threat Hunting, Dark Web investigations, reporting workflows, and multi-tenant collaboration.

This release strengthens how teams move from intelligence to action. Faster, cleaner, and with better context.

Scour the Dark Web with Threat Hunts

In addition to existing internal tools used for threat hunting, like your SIEM or EDR solution, we’ve expanded our Threat Hunting capability to now search the dark web for information related to your investigations.

• Build queries right from your hunt hypothesis or use a custom query to launch hunts across selected dark web sources
• Within seconds, have all the dark web content summarized and referenced in a write-up that you can then use in reporting
• This capability exists in the current threat hunting module, as well as integrated into existing threat hunting workflows

In addition to these new features with our threat hunts and dark web data source, we've fixed some bugs when querying certain data sources, namely the HuggingFace dataset, which has been improved so it can be queried more reliably.

UI Enhancements for Modules

Our UI has been improved slightly to better call out information from each module in a more easy manner. We’ve added some colors to each section so now when looking at your dashboard or investigations, you can easily identify where each piece of content is coming from. We feel these slight tweaks will make your overall experience much more pleasant when trying to navigate through the platform.

Attack Surface Management: Drift, Exposures & Verified Vulns

Threatnote 2.2 significantly enhances ASM visibility and control:

Configuration Drift
• Establish score baselines after initial scan
• View drift details at the host level
• Track changes through the timeline and compare views

Exposure Handling
• Improved misconfiguration and exposure tracking
• Host, URL, and port-level context where available

Verified Vulnerabilities
• Clearer verified status indicators
• Filter to show only verified vulnerabilities
• Vulnerability context now included in summary reporting

Plus improved sorting, filtering, and updated layouts across ASM for faster analysis.

Threat Hunting Enhancements

• Refined Dark Web search experience with better highlighting and search behavior
• Smart hunt reliability improvements
• Create new reports directly from hunts while preserving context
• Improvements to the STIX relationship visualizer on hunt detail pages

Threatnote hunts are now more stable, more visual, and more tightly integrated into the reporting lifecycle.

Tag Explorer 2.0

Tag management is now significantly more powerful:

• Tag counts reflect unique objects
• Larger tag details modal
• Paginated object views (25 per page) with direct links
• Built-in STIX relationship graph visualization for each tag
• Improved pagination and navigation for large tag sets

This makes tags not just labels, but now pivot points for investigation.

Workspaces & Notifications (Built for MSSPs and Multi-Tenant Teams)

• Improved reliability for workspace message sending and display
• More consistent Slack and Microsoft Teams notification delivery
• Configurable 1-hour workspace notification windows
• Email sending period controls
• Org and role visibility in workspace dropdowns

Saved articles are now scoped at the organization level so teams share the same curated intelligence.

Reports & Intelligence Improvements

• Fixed multi-tag editing behavior
• Improved report sharing reliability across tenants
• Report views now default to the published version for clarity

Intelligence workflows are smoother and more predictable across the board.

Third-Party Risk & Vendor Improvements

• Dedicated vendor vulnerability page
• Filtering to focus on true product/vendor-named vulnerabilities
• UI and framework alignment updates for TPRM workflows

Improved Search Results

Our native search functionality has been improved to support searching across all STIX objects in the platform and returns results based on searched fields. Quickly identify reports, hunts, news articles, or anything else that is in the platform using our search bar at the top of the platform.

Threatnote 2.2 delivers a more stable, more integrated platform experience, especially for teams operating across multiple tenants and intelligence workflows.

Thank You

We appreciate your partnership and feedback. Many of these enhancements came directly from customer input, and so we thank you for that.

If you’d like a walkthrough of 2.2 features or help enabling new capabilities, reach out to your account team or contact support.