Elastic has introduced the LOOKUP JOIN function in its Elasticsearch Query Language (ES|QL), enabling efficient data joining within search workflows, which is particularly beneficial for threat hunting, alert triage, and incident response in security operations. This new function allows security analysts to integrate external data seamlessly into their queries without the need for preprocessing or managing enrichment jobs, thereby enhancing the context and speed of investigations. The LOOKUP JOIN function facilitates the correlation of data across multiple sources, helping analysts prioritize alerts by comparing them with threat intelligence feeds and enabling incident responders to connect fragmented information in real time. By incorporating ES|QL's LOOKUP JOINs, Elastic aims to streamline data analysis processes, allowing for more effective detection and response to security threats while maintaining an intuitive and flexible search environment.