The cognitix Threat Defender version 20180615.0 provides various new features and improvements of the threat intelligence and protection platform.
- Enhanced threat intelligence feature
- Threat Defender now provides dedicated threat intelligence dashboards that display the current threat situation in the network and the devices at risk in a clear and structured manner.
- Incident logs are displayed in a time chart and as a table.
- It is possible to browse the threat intelligence database and look up all data sets and references it contains.
- All threat intelligence information is presented with extensive filter options.
- Improved threat intelligence integration in policy engine
The policy engine of Threat Defender contains new conditions to create rules using various threat intelligence tags.
- Logging based on threat severity
It is now possible to create rules that log threat intelligence incidents based on their level of severity. Threat Defender provides a predefined correlation scenario for this purpose that users can adapt to their system as required.
- Threat Defender is now protected against vulnerability CVE-2018-1111.
- Classification by groups of applications/protocols: The Threat Defender policy engine now provides the classification of traffic by groups of applications and protocols. Multiple applications and protocols can be selected at once when designing policy rules. A complete list of the available groups and their content can be found in the Threat Defender user documentation.
- The reporting feature of Threat Defender now contains information on the source country of traffic flows.
- The Threat Defender user interface has been reworked to ease navigation.
- When creating objects inline, unsaved input in relevant input fields is no longer reset to the last saved state.