Threat Defender can forward logging data to external recipients. Navigate to Logging > Report Channels to set up reporting channels for the log messages.
You can send log messages using the syslog standard, JSONL, or IPFIX. When you use IPFIX to transmit traffic flow information, note that cognitix Threat Defender uses standard reporting events as well as custom events. See the Appendix for further information on the IPFIX specification.
The table displays the reporting channels configured in the system with an auto-generated, descriptive name, connection state, and the number of transmitted and dropped messages. The slider switch in the first column allows you to enable () or disable () the reporting channel. The buttons in the last column allow you to edit or delete the respective reporting channel.
To set up a new reporting channel, click the ADD button above the overview table.
1. Report Channel Settings
If you add or edit a reporting channel, the settings screen is displayed with the following elements:
|/||The slider switch indicates whether the reporting channel is enabled or not.|
|Note||Optional: Add a short description of the channel.|
|Report Type||Select the type of report you want to export by clicking the respective button.|
|Message Type||Select what reports you want to include in the message.|
|Observation Domain Id||Only for IPFIX: Specify the observation domain ID used in the messages. It should be
|Update Interval||Only for IPFIX: Set the IPFIX update interval.|
|Endpoint||Select the transport protocol you want to use by clicking the respective button.|
|IP Address||Specify the IP address you want to send the reports to.|
|Port||Specify the port that Threat Defender sends the messages to.|
|Reconnection Delay||Specify the intervals at which Threat Defender tries to re-establish the connection to the host.|
The buttons at the bottom of the screen allow you to store your changes (SAVE) or to discard them (CANCEL).