What’s new in this version?¶
cognitix Threat Defender version 20201008.2.0.0 rolls out a number of new features and improvements. Find out what’s new below.
The following versions are compatible with cognitix Threat Defender version 20201008.2.0.0:
To view the release notes of previous versions, see Previous Releases.
New Features and Improvements¶
GDPR Data Export
Under Inventory > Data Export, cognitix Threat Defender now provides data exports that contain all data collected on selected users or assets in compliance with the right of access as stipulated by the GDPR.
Under Settings > Monitoring, you can set up SNMP connection information to provide cognitix Threat Defender statistical data to a central monitoring system.
It is now possible to upload .txt and .csv files with user-defined IPS rule sets to the IDS/IPS system of cognitix Threat Defender. You can toggle between the standard IPS rule set provided by cognitix Threat Defender and custom rule sets.
The keywords used in IPS rules are documented in IPS Rule Definitions.
cognitix Threat Defender now supports optional Suricata thresholding keywords.
The IDS engine supports additional HTTP and TLS keywords.
The external logs (via syslog, JSONL, or IPFIX) now contain IPS rule descriptions in addition to rule IDs.
cognitix Threat Defender now provides upgrade and recovery installations that keep the existing configuration when cognitix Threat Defender is re-installed.
The installer now displays the cognitix Threat Defender software version to be installed. On genua hardware, it also displays the hardware version used.
cognitix Threat Defender now supports MMC storage mediums.
cognitix Threat Defender displays more details on IDS hits.
syslog messages now provide timestamps with millisecond accuracy.
The asset MAC/IP identifier handling was improved.
Important Fixed Issues¶
The assets database is now correctly restored when a configuration backup file is restored.
We fixed a possible SSH misclassification issue.
We improved the mid-flow direction guessing for established TCP connections.
After installing an update, it may be necessary to manually reload the browser page to confirm the certificate warning of the browser.
SNMPv2c communities are always set to “public”.