Genians
Genians Pack.#
This Integration is part of theSupported versions
Supported Cortex XSOAR versions: 5.5.0 and later.
Use the Genian NAC integration to block IP addresses using the assign tag.
Genian NAC network sensing technology powered by Device Platform Intelligence (DPI) discovers and presents all detected devices’ business contextual and risk-related information along with their technical information without disturbing existing network infrastructure. The resulting intelligence enhances visibility and allows operators to detect and respond to any non-compliant or compromised devices in real time.
With the result of comprehensive network visibility, Genian NAC can ensure compliance from all connected devices by leveraging Virtual In-Line Packet Inspection which operates at Layer 2. This technology has complete control over endpoint device traffic over TCP and UDP by eliminating the need for complex configurations and network changes.
#
Genians Genian NAC Module RequirementsBefore you can use this integration in Cortex XSOAR, you need to enable certain modules in your Genian NAC environment.
#
Genian NAC Web Console- This is the network address of the Genian NAC Enterprise or standalone Appliance. (The host on which the the Genian NAC is hosted.) For example, if the Genian NAC is hosted at the IP address 192.168.100.100, then you enter https://192.168.10.100:8443/mc2
#
Enforcement Mode- Go to System > System > Click IP of Sensor > Click Sensor Tab > Click Sensor on the right
- Go to Sensor Operation > Sensor Mode and change the Sensor Mode to 'host'
- Change Sensor Operationg Mode to 'Enforcement'
- Monitoring: (Default) Monitoring mode. No blocking.
- Enforcement: Blocking mode
#
Specifying the Tag to be assigned to the node under control.- Go to Preferences > Properties > Tag
- Create new Tag or use existing Tag (e.g. THREAT)
#
Create Enforcement PolicyReference the Enforcement Policy section in the Genian NAC Docs
#
Configuration Parameters#
Server IP- Input Genian NAC IP Address (e.g. 192.168.100.100)
#
API Key- You can generate an API Key in the Genian NAC Web Console.
- Go to Management > User > Administrator tab > API Key to generate a key and save it.
- Input API Key (e.g. 912fae69-b454-4608-bf4b-fa142353b463)
#
Tag Name- Input Tag Name for IP Block (e.g. THREAT, GUEST)
#
Configure Genian NAC in Cortex#
CommandsYou can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
- Post IP address to a tag: genians-assign-ip-tag
- Delete IP address from a tag: genians-unassign-ip-tag
#
Post IP address to a tagAssigns a tag to the Node specified.
#
Base Commandgenians-assign-ip-tag
#
InputArgument Name | Description | Required |
---|---|---|
ip | IP Address (e.g. 192.168.100.87) | Required |
#
Context OutputPath | Type | Description |
---|---|---|
genians.tag.nodeId | string | nodeid of IP |
genians.tag.Name | string | Tag name |
#
Raw Output#
Delete IP address from a tagRemoves the tag(s) from the Node specified.
#
Base Commandgenians-unassign-ip-tag
#
InputArgument Name | Description | Required |
---|---|---|
ip | IP Address (e.g. 192.168.100.87) | Required |
#
Context OutputPath | Type | Description |
---|---|---|
genians.tag.nodeId | string | nodeid of IP |
genians.tag.Name | string | Tag name |
#
Raw Output[]