Hunt Settings
Configure which sources are active, who gets alerted, and how long proposals live in the queue.
Per-organisation hunt settings live at /settings/hunts in the dashboard. The same fields are available via the API at PUT /v1/hunts/settings.
Sources
Toggle each source on or off. Disabling a source stops new proposals from that signal but doesn't affect hunts already in your queue.
| Source | Default | Notes |
|---|---|---|
| CISA KEV | On | Highest-confidence "test now" signal. Strongly recommend leaving on. |
| NVD | On | Wide net. Disable if you want to focus only on actively-exploited CVEs. |
| GHSA | On | Application-layer dependencies. Disable if your stack is mostly infrastructure rather than application code. |
Daily AI review pass
The llm_review source (learn more) runs once a day and proposes hunts based on a full review of your attack surface.
| Setting | Default | Effect |
|---|---|---|
| Daily AI review | On | Disable if you only want CTI- and finding-driven hunts. |
Alerts
Critical and high-severity proposals trigger immediate email alerts to your team. Lower-severity proposals are bundled into a daily digest.
| Setting | Default | Description |
|---|---|---|
| Enabled | On | Master switch. Off = no email alerts (proposals still queue silently). |
| Severity floor | Critical | Minimum severity that triggers an immediate alert. Set to High to also alert on high-severity proposals. |
| Crown-jewel only | On | Restrict alerts to hunts targeting crown-jewel assets. Turn off to alert on critical proposals across your full inventory. |
Alerts go to all org members with the appropriate notification preferences — see Notification Settings.
Auto-dismiss retention
Proposed hunts that sit untouched in the queue for too long are automatically archived to keep the action list focused.
| Setting | Default | Description |
|---|---|---|
| Auto-dismiss after (days) | 30 | Proposed hunts older than this are moved to Archived with reason auto_archived. Set to 0 to disable auto-archive. |
Auto-archived hunts stay in the audit trail and can be restored manually if needed.
API
Read your current settings:
curl https://api.codewall.ai/v1/hunts/settings \
-H "Authorization: Bearer YOUR_API_KEY"Update settings (partial updates supported — top-level keys are overlaid):
curl -X PUT https://api.codewall.ai/v1/hunts/settings \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"sources": { "kev": true, "nvd": true, "ghsa": false },
"alerts": { "severity_floor": "high" },
"auto_dismiss_after_days": 14
}'See the Hunts API reference for the full schema.