Slack Integration Guide ============================ .. note:: Incoming webhooks mentioned in the main text are only available to users with a valid Slack license. This guide provides information on Genian NAC and Slack integration. It includes the following information: `Purpose of Integration`_ `Slack Configuration for Integration`_ - Creating a Slack App (bot) - Confirming Slack App settings `Genian NAC Configuration for Integration`_ - Configuring search filters - Configuring Webhook transmission **Guide Overview** - This guide provides methods for configuring Genian NAC and Slack integration, along with usage examples. - It helps administrators quickly recognize and respond to events by sending event information, such as endpoint threat information and endpoint information changes, from Genian NAC to Slack. .. image:: /images/int_slack_3rd.png :width: 650px **Purpose of Integration** -------------------- Integrating Genian NAC with Slack provides the following advantages and effects to IT administrators and users: - Synergistic effect of Genian NAC and Slack, targeting all node information - Rapid notification of network threats - Provision of notification information for events of interest occurring on nodes **Slack Configuration for Integration** --------------------------------- **Creating and Configuring a Slack App (bot)** Log in with your Slack account at https://api.slack.com/apps, then create an App. Name your App and specify a Slack Workspace. - App Name is the name of the Bot that displays messages in Slack. - In Development Slack Workspace, select the Workspace to send messages to. (You can choose from Workspaces linked to your Slack account.) **Webhook Transmission Test** To confirm normal operation, copy the Sample Curl found during the App creation process and apply the command in the terminal. (Note that it differs between Windows and Linux) - When executing in Windows terminal, .. code-block:: bash curl -X POST -H 'Content-type:application/json' --data "{\"text\":\"Hello, World!\"}" + Webhook URL - When executing in Linux terminal, .. code-block:: bash curl -X POST -H 'Content-type:application/json' --data '{"text":"Hello, World!"}' + webhook URL **Genian NAC Configuration for Integration** -------------------------------------- **Configuring Search Filters** 1. Configuration is available from Genian NAC's menu: ‘Audit > Logs’. 2. Configure search filters for logs containing content to be transmitted. 3. Saving and transmitting search filter settings - Click ‘Save’ for the search filter, name the filter, add a description (optional), and select ‘Webhook’ as the transmission method. - Genian NAC can transmit messages in different ways per event. **Configuring Webhook** - After configuring the search filter, selecting the Webhook call option requires the following options. - Webhook transmission settings values: .. csv-table:: :header: "Setting Name", "Setting Value", "Notes" :widths: 20 40 40 "Method", "POST", "Select transmission method" "URL Setting", "Slack App URL information", "Refer to Features > incoming Webhooks on api.slack.com" "CHARSET", "UTF-8", " " "POST Data", "Set content to transmit", "Refer to example below" "Data Transfer Type", "Select from application/x-www-form-urlencoded, application/json", "Note that POST data values differ by transmission type" - When 'application/x-www-form-urlencoded' is selected, POST data .. code-block:: bash payload={"channel": "webhook_Alarm_Anthony(App Name)", "username": "mkkim(Slack Account)", "text": "New MAC detected.(Message content start) IP={_IP} MAC={_MAC} HOST={_HOSTNAME} USERNAME={_USERNAME}" } - When 'application/json' is selected, POST data .. code-block:: bash {"text":" New MAC detected | IP={_IP} MAC={_MAC}"} - For detailed configuration methods, please use the help provided by the appliance. **Testing Event Transmission** - Proceed with testing whether the content configured in the log filter is transmitted to Slack.