Assets are distinct devices in the network that cognitix Threat Defender defines by their IP and MAC addresses.

Each asset is identified by its unique ID, a human readable name and a list of MAC addresses and/or IP addresses. In addition, Threat Defender tracks related, passively aggregated values for every MAC address:

  • assigned user ID

  • assigned tags

  • a gateway indicator

  • creation timestamp

  • last update timestamp

  • every IP address seen for this MAC

  • MAC address vendor

Furthermore, the following Last Seen information is updated every time an asset connects to the network:

  • timestamp

  • VLAN tag

  • IPv4 address

  • IPv6 address

  • hostname requested via DHCP

  • hostname offered via DHCP

  • bridge name

  • interface name

  • user ID

  • time to live value (based on IPv4 TTL field or IPv6 hop limit field)

Assets can be used in network objects to segment the network. They can also be used in policies and event tracking tables to create policies for individual assets or groups of assets.


Asset tracking requires an active license. The maximum number of tracked assets depends on the selected license.

Additional References: