cognitix Threat Defender version 20190131.0 provides various improvements of the threat intelligence and protection platform.

For further information on cognitix Threat Defender, visit or contact us at


  • We added new PDF reports:
    • You can now create reports on the entire assets and users databases as well as on individual assets and users.
    • We also provide nine different reports on the threat intelligence incidents log as well as full and summary reports for individual incidents.
    • We improved the layout of the downloadable PDF reports to be usable for printing.
  • We extended the logging capabilities of Threat Defender to increase compatibility with 3rd party monitoring software. Logging of events and traffic is available in syslog, JSONL and IPFIX formats both via TCP and UDP connections. Furthermore, the connection state of logging connections is now visible.
  • The handling of behavior-based correlation was also enhanced:
    • The content of event tracking tables can now be stored indefinitely so that they can be used in correlation scenarios where you do not want to remove their content automatically after timeout.
    • The content of event tracking tables and dynamic network objects are now persistent during graceful shutdowns to keep the state of learned behavior.
    • During the inspection of event tracking tables, the UUIDs of assets and users are now resolved to display their real names. This expedites the analysis and provides for easier insights into the network behavior.
  • We added intuitive one-click filters to the threat intelligence feature that help you easily search the incident logs.
  • We implemented various internal optimizations:
    • The stability of the processing core is improved even further. We have not seen a crash in production in the last 18 months and we want to keep it that way.
    • Network object matching was optimized to be faster and more reliable.

Solved Issues

  • When deleting the dynamically tracked user information of an asset, this does now correctly delete the association between the respective user and the IP address. This means, when another user connects to the network using the same IP address, the new user with this IP address is correctly reported in the user information of the asset.

Known Issues                                      

  •  While the automatic asset discovery function is enabled, Threat Defender automatically relearns any previously deleted assets.