After successfully logging in to the cognitix Threat Defender, you see the Analytics dashboard.

Four dashboards quickly provide an overview of what’s going on in the network. The dashboards cover Threat Intelligence, Network Intelligence, User Intelligence and a System Dashboard overview.

Main Features

  • More than 600 reporting combinations, graphs and matrixes are available.

  • From any dashboard, you can drill down deeper into the traffic details.
  • When you position the mouse over a chart, it pauses and gives you time to analyze the chart.
  • Almost all available charts are clickable and take you one level deeper into the analysis.
  • Most of the analysis results are deep links, i.e. you can store a link in your browser or share the link.
  • If a protocol can be subdivided into applications (e.g. YouTube SSL, Facebook SSL, etc.), the results are shown in a more detailed view.

Threat Intelligence

Navigate to Analytics > Threat Intelligence to see information related to threat intelligence incidents logged by the system. This dashboard displays the number of logged threat intelligence incidents by severity and by the countries, assets, users, internal IP addresses, and policy rules involved in the logged incidents. The number of times Threat Defender performed the drop and the reject traffic action of a policy on the network traffic as well as the IPS and MISP events detected by Threat Defender are also displayed.

From here, you can begin a deeper analysis of any suspicious traffic.

Network Intelligence

Navigate to Analytics > Network Intelligence to see information related to the behavior of the network. This dashboard displays the total traffic distribution by protocols and applications, source and destination IP addresses and countries, as well as interfaces.

From here, you can drill down into deeper reporting levels to further analyze the network traffic. For example, you can check which source or destination IP consumes the most bandwidth.

User Intelligence

Navigate to Analytics > User Intelligence to see information related to asset and user behavior in the network. This dashboard displays the total traffic distribution by source and destination assets and which assets talk to each other. They also show the traffic distribution by users, users who generate the most traffic, users who triggered threat intelligence incidents, and the traffic distribution by URLs.

From here, you can drill down into deeper reporting levels to begin a more detailed analysis of asset and user behavior in the network.


The System Dashboard shows all interesting hardware values (CPU usage, memory usage, number of flow table entries, core temperatures, disk usage, disk input/output) if they can be analyzed by the operating system.

Analysis Tailored to Your Needs

cognitix Threat Defender provides more than 600 reporting combinations, graphs and matrixes for your analyses. This includes the following available options, among others:

Time Resolutions

  • Minute (1 second resolution)
  • Hour (1 minute resolution)
  • Day (15 minutes resolution)
  • Week (3 hour resolution)
  • Month (6 hour resolution)

Time Charts

  • Line chart
  • Area chart
  • Bar chart
  • Column chart
  • Stacked column chart

Quantity Charts

  • Pie chart
  • Bubble chart
  • Word cloud
  • Donut chart
  • Sankey chart
  • Chord chart

Traffic Resolution for Interfaces

  • Bits per interface/second
  • Bits per interface Rx/second
  • Bits per interface Tx/second
  • Packets per interface/second
  • Packets per interface Rx/second
  • Packets per interface Tx/second


  • If you use a private IP range, the "Destination Country" is shown as as "Unknown Or Invalid Territory".
  • The "Destination Country" is based on "GeoIP" values and depends on more values than simple WhoIs data.
    For more details, see IP address location.