Report Channels

Threat Defender can forward logging data to external recipients. Navigate to Logging > Report Channels to set up reporting channels for the log messages.

You can send log messages using the syslog standard, JSONL, or IPFIX. See the appendix for further information on syslog Specification, JSON Lines Formatted Output, and IPFIX Specification. When you use IPFIX to transmit traffic flow information, note that cognitix Threat Defender uses standard reporting events as well as custom events.

The table displays the reporting channels configured in the system with an auto-generated, descriptive name, connection state, and the number of transmitted and dropped messages. The slider switch in the first column allows you to enable (on) or disable (off) the reporting channel. The icons in the last column allow you to edit or delete the respective reporting channel.

To set up a new reporting channel, click the Add button above the overview table.

Report Channel Settings

If you add or edit a reporting channel, the settings screen is displayed with the following elements:

Field

Description

on/off

The slider switch indicates whether the reporting channel is enabled or not.

Note

Optional: Add a short description of the channel.

Report Type

Select the type of report you want to export by clicking the respective button.

Message Type

Select what reports you want to include in the message.

Observation Domain Id

Only for IPFIX: Specify the observation domain ID used in the messages. It should be 0 when no specific observation domain ID is relevant for the entire IPFIX message.

Update Interval

Only for IPFIX: Set the IPFIX update interval.

Endpoint

Select the transport protocol you want to use by clicking the respective button.

IP Address

Specify the IP address you want to send the reports to.

Port

Specify the port that Threat Defender sends the messages to.

Reconnection Delay

Specify the intervals at which Threat Defender tries to re-establish the connection to the host.

The buttons at the bottom of the screen allow you to store your changes (SAVE) or to discard them (CANCEL).