cognitix Threat Defender version 20190613.0 provides various improvements of the threat intelligence and protection platform.

For further information on cognitix Threat Defender, visit or contact us at

New Features

  • GDPR mode for user-related data

    Threat Defender provides three GDPR settings that allow you to select how much user-related information you wish to collect. This way you can make sure you remain GDPR-compliant while analyzing the network traffic.    
  • Flow late log option

    With the late log option Threat Defender only logs rule hits when the flow has stopped. This way, you can analyze the entire flow.     



  • We implemented various improvements to the core to enhance performance by up to 25% and slimline processes as well as clean up the code base.

  • The logging feature was improved:      

    • It is now possible to configure update intervals for IPFIX.

    • Log messages now contain asset names.        

    • Syslog messages now include the severity of logged events.

    • The notification channels now report many more events.

  • We revised the analytics feature:

    • There are new layer 4 analytics charts with drill down functionality.       

    • The analytics tables contain a greater number of data sets.

    • We improved the navigation in the analytics screens:             

      • Threat Defender now supports the middle mouse button to open links in new tab.

      • The back button is supported.            

      • You can directly access assets details views or edit assets from the analytics screens.

      • A button bar simplifies the time window navigation.

  • We updated the underlying operating system to CentOS 7.6.1810.

Discontinued Features

  • Threat Defender no longer supports SSL proxy setup.    
  • The DLP feature was removed. 
  • We temporarily removed the auto installer for bug fixing purposes. It is currently only possible to install Threat Defender in manual installation mode.

Known Issues                                      

  • The HTTP redirect function is currently not working properly. We are going to remove it in one of the next releases because it does not fit the fields of application of Threat Defender. Rules using HTTP redirect are still matching but without redirecting users to another URL.
  • While the automatic asset discovery function is enabled, Threat Defender automatically relearns any previously deleted assets.