REQUEST A DEMO
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
What’s new in Threatnote 2.3
This release broadens threat coverage, tightens core workflows, and continues to harden the platform end-to-end.
New capabilities
• Threat coverage & TTPs — Stronger prioritization of techniques to remediate; clearer TTP presentation in the UI and reports.
• Vulnerabilities — STIX export for vulnerability records; vulnerability context where relevant in reporting.
• News & alerts — Broader ability to add feeds; improved news stream behavior; expanded “select all” support in alert workflows.
• Breach reporting — Report generation (with related API and documentation updates).
• Attack surface (ASM) — Clearer vulnerability views; richer scanner integration surfaces and workflows.
• CTID / coverage mapping — Large expansion of coverage bundles and sync support for analytics and correlation.
Fixes
• Resolved issues with report editing where Intelligence Requirements (IRs) were not displaying correctly
• Fixed inconsistencies in IR summaries and report dropdown selections
• Improved reliability of IR, RFI, and alert-related workflows
• Addressed global hotkey navigation issues
• Fixed navigation inconsistencies within the TTP library
• Resolved vulnerability loading and display issues across modules
• Fixed edge cases affecting ASM vulnerabilities and news feed visibility
Improvements
• Tasking — Tasking prompts filtered toward active IRs when appropriate.
• STIX & IOC workflows — Clearer STIX bundle output; IOC integration UI polish.
• Reliability & docs — Heavier-request handling in development; updated API and module documentation; ongoing integration documentation refresh.
Thank you for the continued feedback. If you’d like a short walkthrough of 2.3, reach out to your Morado team or support.
Past releases
Threatnote 2.2Click to jump to the archived notes. Content is unchanged from the previous publish.
Smarter hunts. Stronger attack surface visibility. Smoother collaboration.
We’re excited to announce Threatnote Version 2.2, bringing powerful new capabilities across Attack Surface Management, Threat Hunting, Dark Web investigations, reporting workflows, and multi-tenant collaboration.
This release strengthens how teams move from intelligence to action. Faster, cleaner, and with better context.
Scour the Dark Web with Threat Hunts
In addition to existing internal tools used for threat hunting, like your SIEM or EDR solution, we’ve expanded our Threat Hunting capability to now search the dark web for information related to your investigations.
• Build queries right from your hunt hypothesis or use a custom query to launch hunts across selected dark web sources
• Within seconds, have all the dark web content summarized and referenced in a write-up that you can then use in reporting
• This capability exists in the current threat hunting module, as well as integrated into existing threat hunting workflows
In addition to these new features with our threat hunts and dark web data source, we fixed some bugs when querying certain data sources, including the HuggingFace dataset, which is now more reliable.
Investigations
Investigations are shared cases that let your team collect and organize intelligence from across Threatnote in one place—so analysis stays connected from first signal to final report.
• Open the Investigations drawer (right side) to choose the active investigation, create a new one, or go to the full page.
• Add items from any screen with “Add to investigation”: IOCs, reports, dark web results, credentials, and more.
• Intel Operations → Investigations lists all investigations; open one for the timeline, notes, attachments, and Workbench links where relevant.
• Add notes, links, and files as you go in the drawer or the investigation page.
• Use “Create report from investigation” when you’re ready to publish.
UI Enhancements for Modules
Clearer color cues in dashboards and investigations to help you see where information is coming from at a glance.
Attack Surface Management: Drift, Exposures & Verified Vulns
Configuration Drift — baselines, host-level details, and timeline/compare views.
Exposure Handling — improved misconfiguration and exposure tracking with better host/URL/port context.
Verified Vulnerabilities — clearer status, verification filters, and stronger vulnerability context in summary reporting, plus better sorting, filtering, and layout across ASM.
Threat Hunting Enhancements — better dark web search, hunt reliability, new reports from hunts, and a stronger relationship visualizer.
Tag Explorer 2.0 — unique object counts, larger modals, pagination, and a relationship graph view to pivot from tags into investigations.
Workspaces & notifications — more reliable messaging; improved Slack/Teams delivery; org-scoped saved articles; configurable windows and sending controls; clearer org/role visibility in dropdowns.
Reports & intelligence — more reliable tag editing; more reliable report sharing; published report defaults in views.
Third-party & vendor — a dedicated vendor vulnerability view and better filtering to focus on product/vendor-tied issues, with UI and workflow updates for TPRM.
Improved search — find STIX-backed items quickly using the top search experience.
Thank you — many of these items came from customer input. If you would like a walkthrough of 2.2, reach out to your account team or support.