Get live insights into your network traffic with our new MAC table reporting.

Find out below what’s new in cognitix Threat Defender version 20200619.0. For instructions on how to update your Threat Defender installation to the newest version, see Updating Threat Defender

For further information on cognitix Threat Defender, visit

If you have any questions or suggestions, contact us at

Upgrading to version 20200619.0 from version 20200130.0 or older may cause problems with rule evaluation due to the change of the DPI engine in our previous release. If you upgrade from version 20200130.0 or older, follow the instructions below to ensure a smooth migration.

Upgrading to cognitix Threat Defender version 20200619.0

When upgrading from Threat Defender version 20200130.0 or older, policy rules that use protocol/application classification cannot be migrated automatically due to the new DPI engine. Therefore, proceed as follows:

  1. When you install the update, correlation scenarios and/or rules that use Classification conditions will be automatically disabled. You will be notified which scenarios and/or rules have been disabled.
  2. After completing   the installation of the update, navigate to Policy > Rules. In the overview table, you can see all scenarios and rules configured on the system.     

  3. Check the setup and the Classification conditions of the affected scenarios and rules.
    Note that the names of protocols/applications will vary slightly with the new DPI engine., e.g. lower-case instead of upper-case spelling. Therefore, you need to manually select the required protocols/applications.     The auto-complete function will help you find the protocol you’re looking for.

  4. Save the rule and/or scenario and enable it again.

Make sure to check all correlation scenarios and policy rules that use DPI before you reintegrate Threat Defender into your network. Otherwise, network security may be at risk.

If you have any questions or problems, do not hesitate to contact us at

New Feature

New MAC Table Report

You can now see a live view of the MAC table content of Threat Defender. This report shows you what devices communicates via which bridge and can be a valuable source of information for troubleshooting.


  • Upgraded DPI Engine
    We updated the ixEngine to its newest version 5.6 to provide additional DPI data. Therefore, cognitix Threat Defender can now identify additional protocols, such as S7Comm+.

  • New IPS Rule Knowledge Base
    We restructured the underlying IPS rules knowledge base to query IPS rule data directly from the core of Threat Defender. This way, we can provide additional IPS rule data as well as more accurate information mapping.

  • New Corporate Design
    As you may have noticed, the GUI of cognitix Threat Defender and the documentation now gives you a first taste our new, modern corporate design. In future releases, we will continue to successively implement this new design.    

  • New Documentation Framework
    The Threat Defender user documentation uses a new underlying framework and provides a new breadcrumb trail at the top of the page to help you navigate the docs more easily.

  • Basic Flowbit Support for Suricata IDS Rules
    We implemented the basic support of Suricata‘s flowbits feature that allows for rule correlation in the IPS engine (see the Suricata documentation).

  • The health report shows more detailed information.

  • We refactored the core to improve its performance.

  • Time schedules for rules are now also enforced for long-lasting flows, i.e. flows that are only allowed within a specified time period will now be terminated as soon as this period ends.

Solved Issues

  • We fixed an issue with metadata extraction from the DPI engine that could lead to core segmentation faults.

  • Manually changing the hostname now also changes the DHCP request hostname.

  • We fixed a problem that could lead to DPI crashes when the telegram protocol was selected for rule classification.

Known Issue

  • Frequently applying the configuration of cognitix Threat Defender may cause the /tmp directory to overflow (but only if the Apply button is clicked ca. 60 times). If this happens, reboot Threat Defender via Settings > System Actions. We will fix this issue in the upcoming release.