The following sections contain general information about the graphical user interface of cognitix Threat Defender.

We recommend using Google Chrome to access the user interface.

GUI overview

The user interface consists of two main areas: the menu bar on the left side of the screen and the content area.

The Menu Bar

The menu bar contains the following elements from top to bottom:

  • The APPLY/APPLY CHANGESbutton at the top of the menu bar allows you to activate the current configuration. If you change the Threat Defender configuration, the changes have to be applied before they take effect.
    •  - This button indicates pending changes. When it is clicked, the button disappears to indicate that the configuration is being applied.
    •  - This button is displayed when the configuration does not contain pending changes.
  • The menu bar grants access to the available menus on the first navigation level. See the following chapters for further information on the individual menus.
  • Click Documentation to open the Threat Defender documentation in a new browser tab.
  • Click Support to access our support portal.
  • Under About, you find details about your hardware and software.
  • Click Sign out to log off from Threat Defender.
  • In expanded view, the menu bar shows the icons and the titles of the corresponding menus and elements. To increase the space of the content area, click Collapse Menu to only display the icons. 

The Content Area

The content area takes up the main part of the screen. The information displayed here depends on the selected menu item.
At the top of the content area, you see the second navigation level of the selected menu item.

For further information, see the description of the individual menu items in the following sections.

Overview of the Menu Structure


After successfully logging in, you reach the Analytics dashboards. Here, you can find out what's going on in your network and start to dive into the depth of the network traffic.

We provide three dashboards for network analysis and one for general system information:

  • Threat Intelligence (information on threat intelligence incidents, policy rules and actions, IPS events, etc.)
  • Network Intelligence (information on interfaces, protocols and applications, flow direction, etc.)
  • User Intelligence (information on source and destination assets, users, URLs, etc.)
  • System dashboard (information on the system hardware)

For more detailed information, see Analytics / Reporting.


Here, you can find all the required information and settings to create rules and policies to manage your network traffic.

Note: Double-clicking on a rule leads you to the detailed rule settings - either independent rule settings for global rules or rule settings within an Advanced Correlation scenario.


Here, you can manage your network assets and users and access the assets and users logs:

  • Assets
  • Asset MAC Addresses
  • Asset IP Addresses
  • Asset Logs
  • Asset Setting
  • Users
  • User API Logs
  • USER API Setting
  • Backup/Restore (of the assets and users databases)


Here, you can check the status (up/down, link speed, group, and number of errors) of all interfaces used by Threat Defender for analysis (Processing Interfaces) and for the configuration (Management Interface).

The processing interfaces can be used as:

  • Bridge (default)
  • VirtualWire
  • SPAN (to receive mirrored traffic - this port only receives packets from a device mirroring that traffic (switch))
  • Port Extender (to connect a switch as port extender)


Under Logging, you have access to the local logs and audit logs including a search function. You can also set up logging channels:

  • Local Logs
  • Audit Logs
  • Audit Log Channels (via e-mail, webhook, desktop notification) 
  • Report Channels (via sylog, JSONL, IPFIX)


The Settings chapter is very important for configuring cognitix Threat Defender:

  • General (configure the hostname, GDPR settings, time settings)
  • Proxy
  • System Users
  • Updates (see what software version is currently running and install any available updates)
  • Update Schedules (schedule automatic updates)
  • License
  • Configurations (create and install backup files of the system configuration)
  • System Actions (reboot or shut down Threat Defender, reset the reporting data and databases)


This section assists you with troubleshooting Threat Defender:

  • Troubleshooting (manually create downloadable troubleshoot reports)
  • Flow Table Reporting
  • System Health

By the way...

If you require additional information, the Threat Defender user documentation.