New capability allows analysts to build bespoke hunting and analysis content, work with any enterprise data source and benefit from the best ideas in the community

AUSTIN, Texas, Aug. 28, 2025 /PRNewswire/ -- Command Zero, the industry's first autonomous and AI-assisted cyber investigation platform, today announced Custom Questions, a feature that enables security teams to codify expert investigative knowledge while unlocking support for unlimited custom data sources. These questions can be shared across the community via a dedicated GitHub repository.

Custom Questions empowers Command Zero users to create custom queries against centralized data repositories such as Microsoft Sentinel, Microsoft Defender XDR Advanced Hunting data sources, Splunk, other SIEMs and data lakes. This feature delivers the ability to define custom schemas for lead extraction and incorporate organization-specific investigative methodologies.

Questions are the logical building blocks for autonomous and AI-assisted flows on Command Zero. The ability to build custom questions addresses a critical challenge: the inability to systematically capture and scale expert analyst knowledge while maintaining comprehensive visibility across diverse enterprise data sources.

"Custom Questions represents a fundamental shift in how organizations can leverage their collective intelligence for cyber investigations," said Alfred Huger, co-founder and CPO at Command Zero. "By enabling teams to encode their best analysts' knowledge into repeatable, automated investigative sequences and unlocking unlimited data source integrations, we're solving two notable bottlenecks in security operations simultaneously."

Custom Questions supports both hunting questions for broad threat discovery and lead-based questions for pointed investigations. These questions become part of the knowledge base powering Command Zero's automated investigation workflows, faceting capabilities, and rules engine. The feature includes expert mode for advanced users who need granular control over time ranges and query logic.

Dean De Beer, co-founder and CTO at Command Zero, emphasized the technical significance: "The architecture we've built for Custom Questions doesn't just add query flexibility – it fundamentally changes our federated data model. This unlocks our ability to integrate with any data source that can accept structured queries, whether that's cloud platforms, identity systems, network infrastructure, or proprietary security tools."

Early adopter AHEAD has already seen transformative results implementing Custom Questions in their enterprise security operations.

"Custom Questions enables our team to codify their expert knowledge and add custom data sources into Command Zero. The platform is how our team streamlines threat hunts and investigations across our complex enterprise stack. Combining the encoded knowledge base, our team's individual expertise, automation and AI helped shrink our mean time to understand and respond to mere minutes," said Grant Sewell, CISO at AHEAD.

The Custom Questions feature is available immediately to all Command Zero customers. Command Zero users can share custom questions with the community using the GitHub repository, supporting collective knowledge sharing. Additional data source integrations will be rolled out in subsequent releases.

Custom Questions includes MITRE ATT&CK framework mapping, schema validation, and seamless integration with Command Zero's existing investigation workflows and automated reporting capabilities. Questions can be used in autonomous investigations, AI-assisted investigations and the platform's faceting system for enhanced threat hunting operations.

About Command Zero

Command Zero is the industry's first autonomous and AI-assisted cyber investigation platform, built to transform security operations in complex enterprise environments. The platform reduces the need for technology-specific expertise for tier-2, tier-3 analysts, incident responders and threat hunters. Command Zero enables all users to perform at the highest level by ensuring consistent, repeatable, auditable investigations with automated reporting.

Command Zero is headquartered in Austin, TX with presence in Calgary Alberta, Canada.

Learn more at https://www.cmdzero.io/ and follow the Command Zero LinkedIn page.

Contact

Erdem Menges || VP of Product Marketing || press@cmdzero.io

View original content to download multimedia:https://www.prnewswire.com/news-releases/command-zero-launches-custom-questions-enabling-organizations-to-codify-expert-knowledge-integrate-unlimited-custom-data-sources-and-share-best-practices-302541195.html

SOURCE Command Zero