We recommend using Google Chrome to access the user interface.

GUI overview

The user interface of cognitix Threat Defender consists of two main areas: the menu bar on the left side of the screen and the content area.

At the top of the menu bar, you can see the APPLY/APPLY CHANGES button. If you change the Threat Defender configuration, the changes have to be applied before they take effect:

  •  - This button indicates pending changes. When it is clicked, the button disappears to indicate that the configuration is being applied.
  •  - This button is displayed when the configuration does not contain pending changes.

The menu bar also grants access to the available menus on the first navigation level (see the sections below for further information on the individual menus).

The content area takes up the main part of the screen. The information displayed here depends on the selected menu item.
At the top of the content area, you see the second and third navigation levels of the selected menu item, if applicable.

For further information on the user interface of cognitix Threat Defender, refer to the documentation.

Overview of the Menu Structure


After successfully logging in, you arrive at the Analytics dashboards. Here, you can find out what's going on in your network and start to dive into the depth of the network traffic.

We provide three dashboards for network analysis:

  • Network (information on protocols and applications, source and destination IPs and countries, interfaces, etc.)
  • Assets (information on users and assets communicating in the network)
  • Policy (information on rule hits, performed policy actions and logged severities)

For more detailed information, see Analytics / Reporting.


Here, you can find all the required information and settings to create rules and policies to manage your network traffic.

Note: Double-clicking on a rule in the overview table under Policy > Rules takes you to the detailed rule settings - either independent rule settings for global rules or rule settings within an Advanced Correlation scenario.


Here, you can manage your network assets and users and access the assets and users logs:

  • Assets
  • Asset MAC Addresses
  • Asset IP Addresses
  • Asset Logs
  • Asset Setting
  • Users
  • User API Logs
  • User API Setting
  • Backup/Restore (of the assets and users databases)


Here, you can see charts of the threat intelligence incidents logged in your network, view the incident logs and search the threat intelligence database of Threat Defender.

  • Overview (information on threat intelligence incidents by severity, involved countries, assets, users, IPS events, etc.)
  • Incident Logs
  • Intelligence Database


Here, you can view the available processing interfaces of Threat Defender and organize them in bridges.

  • Overview (information on bridges and interfaces)
  • Manage Processing Interfaces


Under Logging, you have access to the audit logs and local logs including a search function. You can also set up logging channels:

  • Audit Logs
  • Audit Log Channels (via e-mail, webhook, desktop notification) 
  • Report Channels (via sylog, JSONL, IPFIX)
  • Local Logs


The Settings menu is very important for configuring cognitix Threat Defender:

  • General (hostname, GDPR and time settings, proxy setup, management interface configuration)
  • System Users
  • Updates (see what software version is currently running and install any available updates)
  • Update Schedules (schedule automatic updates)
  • License
  • Configurations (create and install backup files of the system configuration)
  • System Actions (reboot or shut down Threat Defender, reset the reporting data and databases)


This section assists you with troubleshooting Threat Defender:

  • Overview (hardware information)
  • System Health
  • Troubleshooting (manually create downloadable troubleshoot reports)
  • Flow Table Reporting

By the way...

If you require additional information, see the Threat Defender user documentation.