IGLOO Corporation Spider TM Integration
This guide provides information on integrating Genian NAC with IGLOO Corporation's Spider TM.
Overview
This document explains the setup and testing procedures required to integrate Spider TM, an integrated security monitoring solution by IGLOO Corporation, with Genian NAC, a network access control system.
The integration utilizes Genian NAC's threat management policy to control network access and enables real-time transmission of blocked device data from Spider TM.
With this integration, Spider TM can block/unblock threat IP/MAC addresses in real time via Genian NAC to ensure secure and automated endpoint control.
Recommended Version
| Product | Version | Note |
|---|---|---|
| Genian NAC | 4.0 or later |
Integration Goals
Integrating Spider TM with Genian NAC provides:
Real-time Blocking of Threat IP / MAC
- Genian NAC receives IP/MAC via SNMP Trap from Spider TM and applies a threat detection policy for immediate blocking.
Real-time Unblocking of Threat IP / MAC
- Genian NAC unblocks IP/MAC received via SNMP Trap, lifting network restrictions instantly.
Prerequisites
Network Requirements
- Ensure UDP port 162 used for SNMP Traps is open between Spider TM and Genian NAC.
Genian NAC Configuration for Integration
This section describes the minimum configuration required to integrate with Spider TM. This is a one-time setup.
Step 1: Configure Threat Detection Policy
Navigate to: Policy > Node Policy > Threat Detection
Create a new policy as follows:
| Setting Item | Value | Note |
|---|---|---|
| Basic Settings > ID | SNMP Trap Threat Detection | Enter a name for the threat detection policy |
| Basic Settings > Description | Threat detection policy for Spider TM SNMP integration | Enter a description |
| Basic Settings > CWP Message | ||
| Event Definition > Event | SNMP Block Request |
SNMP OID Information
| Item | OID Value | Note |
|---|---|---|
| SNMP Trap OID | .1.3.6.1.4.1.29503.1.1.0.100 | OID for trap transmission |
| Block Target IP | .1.3.6.1.4.1.29503.10.0.1 | IP to be blocked |
| Block Target MAC | .1.3.6.1.4.1.29503.10.0.2 | MAC to be blocked |
| Block Target DEVID | .1.3.6.1.4.1.29503.10.0.8 | Device ID to be blocked |
| Block Reason | .1.3.6.1.4.1.29503.10.0.3 | Record reason for blocking |
| Unblock Target IP | .1.3.6.1.4.1.29503.10.0.4 | IP to be unblocked |
| Unblock Target MAC | .1.3.6.1.4.1.29503.10.0.5 | MAC to be unblocked |
| Unblock Target DEVID | .1.3.6.1.4.1.29503.10.0.9 | Device ID to be unblocked |
| Unblock Reason | .1.3.6.1.4.1.29503.10.0.6 | Record reason for unblocking |
Step 2: Assign Detection Policy to Node Policy
- Go to Policy > Node Policy
- Select the target policy
- Scroll down to the Threat Detection section
- Click Assign
- Choose the SNMP Trap Threat Detection policy
- Save the node policy
Step 3: Create Node Group for Threat Detection
- Go to Policy > Group > Node
- Create a new Node Group
| Setting Item | Value | Note |
|---|---|---|
| Basic Info > ID | SNMP Trap Threat Group | Enter node group name |
| Basic Info > Description | Node group detected as a threat via Spider TM SNMP | Enter node group description |
| Basic Info > CWP Message | Blocked due to Spider TM-detected threat | Write a custom block message |
| Group Condition > OR | ||
| Group Condition > Add | Node Info > Threat Detection > When specific threat is detected > Select SNMP Trap Threat Detection | Select the previously created threat detection policy |
- generation
Step 4: Configure Control Policy for Blocking
- Go to Policy > Control Policy > IP Management Policy
- In Node Group section, click Assign
- Select the node group SNMP Trap Threat Group
- Click Modify
- Apply the policy changes
Testing the Integration
When an SNMP Trap is received, you can confirm it in the Genian NAC Web Console under the Audit Logs menu, as shown below:
Block IP SNMP Trap Audit Log
SNMP Trap received. .1.3.6.1.2.1.1.3.0=0:0:00:00.00, .1.3.6.1.6.3.1.1.4.1.0=.1.3.6.1.4.1.29503.1.1.0.100, .1.3.6.1.4.1.29503.10.0.1=172.29.132.117
After receiving the SNMP Trap, check if it is detected using the configured threat detection policy:
Threat Detection Audit Log
New threat node detected. ANOMALY_DEF='TEST-SNMP trap block'
Check the Policy Status tab in the detailed view of the detected node to ensure that the blocking and unblocking actions have been applied correctly.