20210426.0.0
cognitix Threat Defender version 20210426.0.0 rolls out a number of new features and improvements. Find out what’s new below.
Upgrade Compatibility
The following previous versions are compatible with cognitix Threat Defender version 20210426.0.0:
To view the release notes of previous versions, see Previous Releases.
cognitix Threat Defender version 20210426.0.0 is compatible with genucenter 7.5.
New Features and Improvements
New Flag for Rule Hits
In the settings of rules under Policy > Rules you can now enable a scenario hit flag to log rule hits as incidents. They will be shown in the Incident Logs as type Scenario
.
Basic genucenter Connection
You can now connect cognitix Threat Defender to a genucenter central management system that aggregates status information provided by Threat Defender.
Updated DPI Engine
The DPI engine now supports the following protocol signatures:
Akatsuki
Bilibili
Call of Duty Mobile
DigiCert
G-Core Labs
Mercury Security
Omfon FINS
OnGuard
SLMP
WarGaming
Zerotier
See the Qosmos protobook for further information.
Installer Updates
The USB installer drive now contains the user documentation for your convenience.
IDS/IPS Improvements
cognitix Threat Defender now supports the Suricata V5 language. This is an intitial implementation that will be extendended in future releases. Note that some keywords have changed compared to Suricata V4 and rules using them need to be adapted. See the updated keyword documentation.
We added support of new rule class types.
Assets
We improved the automatic asset naming based on the MAC vendor.
Documentation
The user documentation now contains a German version as a tech preview. It is currently still work in progress, however. This means that not all figures are translated, for example. You can switch between English and German documentation by clicking the respective link at the top of the page.
System
We upgraded the operating system of cognitix Threat Defender to Centos 8.3.
User Interface
We improved several minor UX issues and fixed typos in the user interface.
Known Issues
During a recovery installation, the assets database is not properly restored. To restore it, you need to manually install a backup of the assets database when the installation is complete.
After login, cognitix Threat Defender may display an invalid login error message and the Apply button may be missing. After a few minutes, when all user interface components are completely loaded, the error message will disappear and the Apply button will be displayed correctly. We expect to fix this behavior in the next release.
The installation of this upgrade may take up to 15 minutes because it includes a complete system upgrade.
Upcoming Changes
The next release of cognitix Threat Defender (in June 2021) will introduce a new logging subsystem that unifies the various log channels and provides more flexibility and control to the administrator. Logging will become a separate module of cognitix Threat Defender that is independent of the policy engine.
The first implementation in the June release will introduce dedicated message types for IDS/IPS hits, which will be sent independently of policy hits. Due to these changes some modifications to existing log messages will be needed; we will try to keep them at a minimum, however. Nevertheless, you will need to review and in some cases adapt your external log system setup.
To make use of the new message types, you will need to add the IDS messages to your log channel.
In later releases we will add more messages types and give you more control over the log messages being generated, such as filter-based on source and destination.
Split Message Types |
Description |
Previously |
New |
---|---|---|---|
Log Messages |
|||
Policy Rule Log |
Match of policy rule with log flag |
|
|
Event Messages |
|||
Policy Hit |
Policy/scenario hit flag match |
|
|
IPS Hit |
IPS subsystem match |
|
|
Threat Intelligence Hit |
TI subsystem match |
|
|
Upgrade Instructions and Requirements
For information on the hardware requirements needed to install this release version, see System Requirements.
For instructions on how to install the new version, see Updating cognitix Threat Defender.