20201218.0.0

cognitix Threat Defender version 20201218.0.0 rolls out a number of new features and improvements. Find out what’s new below.

Upgrade Compatibility

The following versions are compatible with cognitix Threat Defender version 20201218.0.0:

New Features and Improvements

GDPR Data Export

Under Inventory > Data Export, cognitix Threat Defender now provides data exports that contain all data collected on selected users or assets in compliance with the right of access as stipulated by the GDPR.

SNMP Compatibility

Under Settings > Monitoring, you can set up SNMP connection information to provide cognitix Threat Defender statistical data to a central monitoring system.

IDS/IPS Improvements

  • It is now possible to upload .txt and .csv files with user-defined IPS rule sets to the IDS/IPS system of cognitix Threat Defender. You can toggle between the standard IPS rule set provided by cognitix Threat Defender and custom rule sets.

  • The keywords used in IPS rules are documented in IPS Rule Definitions.

  • cognitix Threat Defender now supports optional Suricata thresholding keywords.

  • The IDS engine supports additional HTTP and TLS keywords.

  • The external logs (via syslog, JSONL, or IPFIX) now contain IPS rule descriptions in addition to rule IDs.

Installer Improvements

  • cognitix Threat Defender now provides upgrade and recovery installations that keep the existing configuration when cognitix Threat Defender is re-installed.

  • The installer now displays the cognitix Threat Defender software version to be installed. On genua hardware, it also displays the hardware version used.

  • cognitix Threat Defender now supports MMC storage mediums.

Logging Improvements

  • cognitix Threat Defender displays more details on IDS hits.

  • syslog messages now provide timestamps with millisecond accuracy.

UI Improvement

The asset MAC/IP identifier handling was improved.

Important Fixed Issues

  • The assets database is now correctly restored when a configuration backup file is restored.

  • We fixed a possible SSH misclassification issue.

  • We improved the mid-flow direction guessing for established TCP connections.

Known Issues

  • After installing an update, it may be necessary to manually reload the browser page to confirm the certificate warning of the browser.

  • SNMPv2c communities are always set to “public”.

Upgrade Instructions and Requirements

For information on the hardware requirements needed to install this release version, see System Requirements.

For instructions on how to install the new version, see Updating cognitix Threat Defender.