docs: document known issue for threathunting for multi-orgs

Solutions/Recorded Future/Playbooks/ThreatHunting/readme.md

@@ -7,6 +7,9 @@ Threat hunting is the proactive and iterative process of searching for and detec
 
 - <a href="https://support.recordedfuture.com/hc/en-us/articles/20849290045203-Automated-Threat-Hunting-with-Recorded-Future" target="_blank">More about Automated threat hunt</a> (requires Recorded Future login)
 
+> [!NOTE]
+> If your Recorded Future Enterprise is using [multi-org](https://support.recordedfuture.com/hc/articles/4402787600787-Multi-Org-for-Modules), then threat hunting currently does not work for sub-orgs. See [known issues](../readme.md#threat-hunting-for-multi-orgs) for more detail.
+
 # Playbooks
 
 ## RecordedFuture-ThreatMap-Importer

Solutions/Recorded Future/Playbooks/readme.md

@@ -285,6 +285,13 @@ When reporting issues or errors to Recorded Future on logic apps. Please include
 ![alt text](Images/LogicAppVersion.png)
 
 # Known Issues 
+## Threat hunting for multi-orgs
+If your Recorded Future Enterprise is configured as [multi-org](https://support.recordedfuture.com/hc/articles/4402787600787-Multi-Org-for-Modules), **it is not currently possible** to do threat hunting for any organisations except your primary organisation. If you try to use an API key connected to a sub-org that is not your primary organisation for threat hunting, you will receive the following error:
+
+```
+{"message":"User doesn't have access to the given organization","status_code":403}
+```
+
 ## Version 3.0
 Microsoft Sentinel playbook upgrade experience can result in the following error: ```Cannot read properties of null (reading 'parameters')```
 ![](Images/2023-09-13-19-16-24.png)