Handling Newly Discovered Assets

When the automatic discovery of assets (see Asset Setting) is enabled, cognitix Threat Defender assigns predefined tags to assets that connect to the network for the first time. Using these tags, you can set up rules that will be applied to these new assets.

The following example shows how to configure a simple rule that denies unknown (i.e. newly discovered) assets access to the internal resources until the admin explicitly grants it by removing the predefined AutoDiscovered tag.

1. Navigate to Inventory > Asset Setting to configure the tag that will be assigned to newly discovered assets.

2. Under Add this Tag to Auto Discovered Assets, the preset AutoDiscovered tag is already provided. You can enter your own tags that you want to assign to newly discovered assets, however.

3. Navigate to Policy > Rules.

4. Click Add Global Rule to create a new rule with the following settings:

   • Enter a descriptive Name for the rule and an optional Note.

   • In the Source & Destination section, set Destination Networks to Internal.

   • In the Conditions section, enable Assets by clicking the slider switch.

   • Under Source Tags, select the AutoDiscovered tag. With these settings, the rule matches all traffic that originates from assets with the AutoDiscovered tag and is targeted at internal network resources.

   • In the Actions section, enable Final Action by clicking the slider switch.

   • Select Drop Traffic and Stop Processing.

5. Click SAVE to store this rule.

6. Click the APPLY CHANGES button at the top of the menu bar to activate your configuration changes.