The cognitix Threat Defender version 20180814.0 provides various new features and improvements of the threat intelligence and protection platform.
- Asset tracking
- Threat Defender now tracks network assets. It automatically maps the IP and MAC addresses of network devices to track them. Assets can be edited.
- Threat Defender enriches each tracked asset with metadata such as operating system type, last seen IP address, hostname etc.
- Asset information is displayed in asset logs.
- Assets are used in the analytics and reporting feature of Threat Defender.
- User mapping
- Threat Defender now dynamically maps IP addresses to usernames.
- This information can be used in the reporting system to analyze user behavior.
- Users can be added manually or automatically via the configurable user API.
- The reporting system of Threat Defender was improved to provide increased situational awareness of what is happening in the network. The reporting dashboards were restructured to be clearer and provide more information.
- The threat intelligence database of Threat Defender now contains IPS/IDS hits. The internal database provides extensive information on IPS rules. IPS/IDS hits are logged in the threat intelligence reports.
- The Threat Defender GUI now provides a shutdown button to power off the device if no configuration changes are pending.
- MAC address vendor names are displayed for easier identification.
- The asset settings screen may be reloaded during editing. All unsaved changes are then discarded.
- The threat intelligence incident logs cannot be filtered by clicking a section in the chart. Instead, they can currently only be filtered manually by entering a value into the filter field.