Release Notes - December 2025 - #1

New
  • Updated on Dec 10, 2025
  • Published on May 16, 2024
Prev Next

Product

Detector page - Alert threshold setting UX

Improvements to how the alert threshold and global alert threshold are displayed, making the alert threshold column display the effective alert threshold after calculating the Hunter's default vs the customer’s specific setting vs the global alert threshold

Data Source page - Pivot to Search (Rollout in progress)

You can now pivot directly from a data flow to the Search page. This automatically runs a query for 100 records from the datalake, allowing you to immediately review the data structure and refine the query as needed. (Note: These are currently 100 arbitrary records, not the most recently inserted ones.)

Security Content

AXON Threat Hunting Report - Gainsight

Team AXON initiated a Rapid Response campaign following the disclosure of a significant security incident involving Gainsight, a popular CRM application that integrates with the Salesforce platform.

This incident bears similarities to a previous breach involving SalesLoft, where attackers compromised the infrastructure and stole OAuth credentials that facilitated unauthorized access to Salesforce instances.

More details and findings (if they exist) can be found on Hunters platform under “Axon Reports”. 


Deprecated Detectors

As mentioned in the previous release notes, the following detector has been deprecated on Nov 27, 2025:

Execution of WHOAMI as Local System

As part of an ongoing quality monitoring, this detector was found to be very noisy and inaccurate.

Many applications behave that way, which makes this logic irrelevant.


Enrichments

Azure Sign-In Info from Correlation ID

Finds data and creates an Azure Sign-In Mega Entity for leads without sufficient information, based on azure_correlation_id.

This provides extra important context for the analysts, allowing for more accurate verdicts.


M365 File Download App Usage Statistics

Displays usage statistics for a specific application used for files download, enabling more context for leads concerning M365 file exfiltration.

Statistics displayed are both global usage data and specific for the relevant user that triggered the lead.



Integrations

Microsoft Message Trace - Deprecation & Required Update

Microsoft has announced that the legacy Message Trace tools and APIs, commonly used to export email-delivery logs from Exchange Online, will be retired soon.

The API endpoints will be turned off on March 18, 2026.

Microsoft is also planning a new Graph API endpoint for Message Trace, expected to enter public preview in late 2025. Which we already support - https://docs.hunters.ai/docs/microsoft-graph, and will update once Microsoft releases their update.

What this means for you

To ensure continued ingestion of your Microsoft email logs, you will need to migrate to Microsoft’s Graph API endpoint.

How Hunters can help

Our team is monitoring Microsoft’s rollout closely and will update our customers on any changes expected.

Please reach out to us with any questions or doubts.

New Integrations Releases:

  1. Delinea-audit-logs (Suite Cloud) - S3 integration

  2. FortiDLP-logs - API integration

  3. Genesys-audit-logs - API integration

  4. FastTrack - 3 endpoints (log types) - API integration

  5. Vectra RUX Detection events -  API integration

  6. Sekoia Advanced Feed -  API integration

  7. PAN firewall URL-filtering integration -  S3 integration