Handling Newly Discovered Assets

When the automatic discovery of assets (see Asset Setting) is enabled, cognitix Threat Defender assigns pre-defined tags to assets that connect to the network for the first time. Using these tags, you can set up rules that will be applied to these new assets.

In the following example, we will configure a simple rule that denies unknown (i.e. newly discovered) assets access to the internal resources until the admin explicitly grants it by removing the pre-defined AutoDiscovered tag.

  1. Navigate to Inventory > Asset Setting to configure the tag that will be assigned to newly discovered assets.

  2. Under Add this tag to auto discovered assets, the the preset AutoDiscovered tag is already provided. You can enter your own tags that you want to assign to newly discovered assets, however.

  3. Navigate to Policy > Rules.

  4. Click Add Global Rule to create a new rule with the following settings:

    • Enter a descriptive Name for the rule and an optional Note.

    • In the Source & Destination section, set Destination Networks to Internal.

    • In the Conditions section, enable Assets by clicking the slider switch.

    • Under Source Tags, select the AutoDiscovered tag. With these settings, the rule matches all traffic that originates from assets with the AutoDiscovered tag and is targeted at internal network resources.

    • In the Actions section, enable Final Action by clicking the slider switch.

    • Select Drop Traffic and Stop Processing.

  5. Click SAVE to store this rule.

  6. Click the APPLY CHANGES button in the header to activate your configuration changes.