cognitix Threat Defender version 20181206.0 provides various new features and improvements of the threat intelligence and protection platform.

For further information on cognitix Threat Defender, visit or contact us at

New Features

  • The user tracking feature of Threat Defender was enhanced:
    • Users can now be used in policy rules and event tracking tables. This allows you to create behavior-based correlation policies for individual users spanning multiple devices.
    • The database for user tracking now provides details pages for all users tracked by Threat Defender.
    • The user database can now be backed up and exported/imported from one Threat Defender to another.
  • Printable reports
    Threat Defender now provides downloadable PDF reports that contain all available information about tracked assets and users as well as logged threat intelligence events. The current version of the reports serves as a technical preview. We are going to enhance them in the upcoming releases.


We further improved the asset tracking of Threat Defender:

  • It is now possible to blacklist MAC addresses so that they are not automatically tracked by Threat Defender.
  • User information tracked for an asset can now be manually deleted.
  • The asset details pages show more information.
  • The asset user interface was improved for easier navigation and handling.

Known Issues

  • When deleting the dynamically tracked user information of an asset, this does not delete the association between the respective user and the IP address. This means, when another user connects to the network using the same IP address, the user first using this IP address is wrongly reported in the user information of the asset.
  • While the automatic asset discovery function is enabled, Threat Defender automatically relearns any previously deleted assets.