cognitix Threat Defender version 20191129.0 provides various improvements of the threat intelligence and protection platform.

For further information on cognitix Threat Defender, visit www.genua.de/home/cognitix

 or contact us at support@cognitix.de.


New Feature

Free Configuration of Processing Interfaces

It is now possible to freely allocate the processing interfaces of cognitix Threat Defender to bridges and assign VLANs as required.


Improvements

  • Improved reporting:
    • The Analytics screens were restructured to further improve the user experience.
    • We added new charts that display the logged policy severities.
    • You can now easily switch the direction between source and destination when you analyze traffic based on IP addresses and assets.
  • Improved asset handling:
    • It is now possible to use asset tagging in policies. This means you can now dynamically assign tags to assets based on their behavior in the network.
    • To streamline your workflows, you can now carry out operations (merging assets into one, adding and removing tags) for multiple assets at once.
    • You can now exclude complete MAC prefixes from automatic asset discovery. This means that you can exclude prefixes used by virtualization solutions, for example.
    • You can edit the login and display names of assets and users separately, meaning that they may differ from each other.
  • We revised the overall menu structure of cognitix Threat Defender to allow for easier navigation in the user interface.
  • The audit logs generated by Threat Defender now log additional events, such as all system actions, enabling/disabling of IPS rules, etc. Furthermore, the audit log contains a new chart that displays all events logged in the previous 24 hours.
  • The flow state tracking was improved for:
    • current phase 
    • seen handshake 
    • flow timeouts
    • out-of-state packets    
  • Threat Defender now reports a warning when the flow table of a processing thread is almost full (see also Connection Handling). The first warning is issued at 90% capacity, the second warning at 95% capacity.


Solved Issues

  • We increased the allowed password length to 72 characters.
  • We solved an issue with aligning fragments to flows.


Changes

We solved counter-intuitive behavior of the logging and late logging rule actions so that handling rule severities is now more consistent