Integration Guide For Slack

This document describes how to integrate Genian ZTNA with Slack using webhook. This integration provides the ability to send notifications for any Genian ZTNA log files to the Slack Workspace and channel of your choice. In this example, we will create a Slack Notification for newly detected MAC addresses.

The main steps of this integration are as follows:

  • Configure a Slack app to accept inbound Posts
  • Test that the Slack app properly
  • Configure a Genian ZTNA log filter to send Posts to Slack

Slack App Configuration

The steps below demonstrate how to configure Slack to accept webhook Posts from Genian ZTNA.

  1. Navigate to api.slack.com/apps, and select Create an App
  2. Name your App and select a workspace to apply it to.
  3. Select Incoming Webhooks, and set Activate Incoming Webhooks to On
  4. Select Add New Webhook to Workspace and select one or multiple channels to post your message to. Save the channel URL as it will be input into Genian ZTNA later.
  5. Use the curl utility in a command line to test sending a webhook to a channel.
  6. Copy the sample Curl request from this page, and paste it into a command terminal. Ensure that the webhook URL in the sample request matches that of the channel you wish to test, as shown at in the channel list at the bottom of the page, and that the curl function is supported by your terminal.
  7. After entering, if the message posts successful to your channel, Slack has been properly configured to receive webhook posts.

Configuring Log Export to Slack

../_images/slack_integration.png

These steps will select logs from Genian ZTNA, and export them to the Slack webhook app, including those imported from external systems. To see how to import logs from external systems see: Receiving Events

  1. Navigate to the Log tab, then select the Add filters option. Narrow your search to select which events to send to Slack. For our example we will search for "New MAC Detected" in the description, and click Search. Other filter variables may also be used to narrow your search. Ensure that your search returns only the desired results. Click Save

  2. Next, assign a name and a description to your filter, then select Webhook from the bottom of the screen.

    • Set Method to POST
    • Set URL to the channel URL shown in the previous section of this guide.
    • Set Character Set as UTF-8
    • In the POST DATA section, select which log fields to send to Slack. For help with the syntax, click the question mark icon labelled Help for Macro
    • For this example we will show a way to post the newly detected MAC Address and the corresponding IP Address to the channel of your choice, as shown by the {_IP} & {_MAC} macros.
    • The title_link content will create a hyperlink from the message title to the newly detected MAC address on your Policy Server. Be sure to input your Policy Server IP or FQDN in the indicated area.
    {
  "attachments":[
          {
          "fallback":"New Device Detected!",
          "color":"#7FBE26",
          "title":"New Device Detected!",
          "title_link":"POLICY SERVER ADDRESS/mc2/faces/frontpage.xhtml?forceForwardUrl=1&folder=monitor&framePage=frame.xhtml&selectedTree=BBA&selectedPage=nodeMgmt.xhtml?nid=All&mac={_MAC}&macequal=true&isselect=true",
          "text":"*MAC:* {_MAC}\n*IP:* {_IP}",

          }
]
}
    • For Content-Type set to Application/json