.. _integration-esm: IGLOO Corporation Spider TM Integration ======================================== This guide provides information on integrating **Genian NAC** with **IGLOO Corporation's Spider TM**. Overview ----------- This document explains the setup and testing procedures required to integrate **Spider TM**, an integrated security monitoring solution by IGLOO Corporation, with **Genian NAC**, a network access control system. The integration utilizes Genian NAC's threat management policy to control network access and enables real-time transmission of blocked device data from Spider TM. With this integration, Spider TM can **block/unblock threat IP/MAC addresses in real time** via Genian NAC to ensure secure and automated endpoint control. Recommended Version .. csv-table:: :header: "Product", "Version", "Note" :widths: 30, 30, 40 Genian NAC, 4.0 or later, Integration Goals -------------------- Integrating Spider TM with Genian NAC provides: **Real-time Blocking of Threat IP / MAC** - Genian NAC receives IP/MAC via SNMP Trap from Spider TM and applies a threat detection policy for immediate blocking. **Real-time Unblocking of Threat IP / MAC** - Genian NAC unblocks IP/MAC received via SNMP Trap, lifting network restrictions instantly. Prerequisites ----------------- **Network Requirements** - Ensure UDP port **162** used for SNMP Traps is open between Spider TM and Genian NAC. Genian NAC Configuration for Integration ------------------------------------------- This section describes the minimum configuration required to integrate with Spider TM. This is a **one-time setup**. Step 1: Configure Threat Detection Policy Navigate to: **Policy > Node Policy > Threat Detection** Create a new policy as follows: .. csv-table:: :header: "Setting Item", "Value", "Note" :widths: 30, 30, 40 "General > ID", "SNMP Trap Threat Detection", "Enter a name for the threat detection policy" "General > Description", "Threat detection policy for Spider TM SNMP integration", "Enter a description" "General > CWP Message", "", "" "Event Definition > Event", "SNMP Block Request", "" **SNMP OID Information** .. csv-table:: :header: "Item", "OID Value", "Note" :widths: 30, 30, 40 SNMP Trap OID, .1.3.6.1.4.1.29503.1.1.0.100, OID for trap transmission Block Target IP, .1.3.6.1.4.1.29503.10.0.1, IP to be blocked Block Target MAC, .1.3.6.1.4.1.29503.10.0.2, MAC to be blocked Block Target DEVID, .1.3.6.1.4.1.29503.10.0.8, Device ID to be blocked Block Reason, .1.3.6.1.4.1.29503.10.0.3, Record reason for blocking Unblock Target IP, .1.3.6.1.4.1.29503.10.0.4, IP to be unblocked Unblock Target MAC, .1.3.6.1.4.1.29503.10.0.5, MAC to be unblocked Unblock Target DEVID, .1.3.6.1.4.1.29503.10.0.9, Device ID to be unblocked Unblock Reason, .1.3.6.1.4.1.29503.10.0.6, Record reason for unblocking Step 2: Assign Detection Policy to Node Policy 1. Go to `Policy > Node Policy` 2. Select the target policy 3. Scroll down to the **Threat Detection** section 4. Click `Assign` 5. Choose the **SNMP Trap Threat Detection** policy 6. Save the node policy Step 3: Create Node Group for Threat Detection 1. Go to `Policy > Group > Node` 2. Create a new Node Group .. csv-table:: :header: "Setting Item", "Value", "Note" :widths: 30, 30, 40 "Basic Info > ID", "SNMP Trap Threat Group", "Enter node group name" "Basic Info > Description", "Node group detected as a threat via Spider TM SNMP", "Enter node group description" "Basic Info > CWP Message", "Blocked due to Spider TM-detected threat", "Write a custom block message" "Group Condition > OR", "", "" "Group Condition > Add", "Node Info > Threat Detection > When specific threat is detected > Select SNMP Trap Threat Detection", "Select the previously created threat detection policy" 3. generation Step 4: Configure Enforcement Policy for Blocking 1. Go to `Policy > Enforcement Policy > IP Management Policy` 2. In Node Group section, click `Assign` 3. Select the node group `SNMP Trap Threat Group` 4. Click `Update` 5. Apply the policy changes Testing the Integration --------------------------- When an SNMP Trap is received, you can confirm it in the Genian NAC Web Console under the Audit Logs menu, as shown below: .. code:: bash Block IP SNMP Trap Audit Log SNMP Trap received. .1.3.6.1.2.1.1.3.0=0:0:00:00.00, .1.3.6.1.6.3.1.1.4.1.0=.1.3.6.1.4.1.29503.1.1.0.100, .1.3.6.1.4.1.29503.10.0.1=172.29.132.117 After receiving the SNMP Trap, check if it is detected using the configured threat detection policy: .. code:: bash Threat Detection Audit Log New threat node detected. ANOMALY_DEF='TEST-SNMP trap block' Check the Policy Status tab in the detailed view of the detected node to ensure that the blocking and unblocking actions have been applied correctly.