Threat Defender maps the IP and MAC addresses of network devices. This information is used to track network assets, allowing you to identify dedicated devices in the network. Threat Defender enriches each asset with metadata such as last seen IP address, hostnames etc. Each asset has a unique UUID generated by Threat Defender and a name that you can edit. Threat Defender logs asset information in a dedicated asset log and uses assets in reporting under Analytics. Assets can also be used in policies, dynamic network objects and event tracking tables to segment the network based on assets and to create policies for individual assets or groups of assets.


Asset tracking requires an active license. The maximum number of tracked assets depends on the selected license.

Threat Defender maps users to assets and logs login and logout events of users. Users can only be tracked if they are allocated to an asset. If the user API is enabled, Threat Defender automatically maps users and assets. Otherwise, the allocation has to be done manually.

In the assets_icon Inventory menu, you can display overviews of the network assets and users as well as the asset and user information collected by Threat Defender. Here, you can also view asset and user logs, edit the tracking settings for assets and users, and create and restore backups of the assets and users databases.