Slack Integration Guide

Note

Incoming webhooks mentioned in the main text are only available to users with a valid Slack license.

This guide provides information on Genian NAC and Slack integration. It includes the following information:

Purpose of Integration

Slack Configuration for Integration
  • Creating a Slack App (bot)
  • Confirming Slack App settings
`Genian NAC Configuration for Integration`_
  • Configuring search filters
  • Configuring Webhook transmission

Guide Overview

  • This guide provides methods for configuring Genian NAC and Slack integration, along with usage examples.
  • It helps administrators quickly recognize and respond to events by sending event information, such as endpoint threat information and endpoint information changes, from Genian NAC to Slack.
../_images/int_slack_3rd.png

Purpose of Integration

Integrating Genian NAC with Slack provides the following advantages and effects to IT administrators and users:

  • Synergistic effect of Genian NAC and Slack, targeting all node information
  • Rapid notification of network threats
  • Provision of notification information for events of interest occurring on nodes

Slack Configuration for Integration

Creating and Configuring a Slack App (bot)

Log in with your Slack account at https://api.slack.com/apps, then create an App.

Name your App and specify a Slack Workspace.

  • App Name is the name of the Bot that displays messages in Slack.
  • In Development Slack Workspace, select the Workspace to send messages to. (You can choose from Workspaces linked to your Slack account.)

Webhook Transmission Test To confirm normal operation, copy the Sample Curl found during the App creation process and apply the command in the terminal. (Note that it differs between Windows and Linux)

  • When executing in Windows terminal,

    curl -X POST -H 'Content-type:application/json' --data "{\"text\":\"Hello, World!\"}" + Webhook URL

  • When executing in Linux terminal,

    curl -X POST -H 'Content-type:application/json' --data '{"text":"Hello, World!"}' + webhook URL

Genian NAC Configuration for Integration --------------------------------------

Configuring Search Filters 1. Configuration is available from Genian NAC's menu: ‘Audit > Logs’. 2. Configure search filters for logs containing content to be transmitted. 3. Saving and transmitting search filter settings

  • Click ‘Save’ for the search filter, name the filter, add a description (optional), and select ‘Webhook’ as the transmission method.
  • Genian NAC can transmit messages in different ways per event.

Configuring Webhook - After configuring the search filter, selecting the Webhook call option requires the following options.

  • Webhook transmission settings values:

    Setting Name Setting Value Notes
    Method POST Select transmission method
    URL Setting Slack App URL information Refer to Features > incoming Webhooks on api.slack.com
    CHARSET UTF-8  
    POST Data Set content to transmit Refer to example below
    Data Transfer Type Select from application/x-www-form-urlencoded, application/json Note that POST data values differ by transmission type

  • When 'application/x-www-form-urlencoded' is selected, POST data

    payload={"channel": "webhook_Alarm_Anthony(App Name)",
"username": "mkkim(Slack Account)",
"text": "New MAC detected.(Message content start) IP={_IP} MAC={_MAC} HOST={_HOSTNAME} USERNAME={_USERNAME}"
}

  • When 'application/json' is selected, POST data

    {"text":" New MAC detected | IP={_IP} MAC={_MAC}"}

  • For detailed configuration methods, please use the help provided by the appliance.

Testing Event Transmission - Proceed with testing whether the content configured in the log filter is transmitted to Slack.