본문으로 건너뛰기
KYRA MDR KYRA MDR Docs

Genians NAC Integration

Overview

This integration collects device discovery, compliance status, authentication events, and network anomaly logs from Genian NAC. Genians holds over 60% of the Korean NAC market and provides excellent API documentation.

Supported product: Genian NAC 5.x

Prerequisites

  • A KYRA MDR Collector installed and running (Installation Guide)
  • Genian NAC Policy Center admin access
  • API key for REST API access (recommended)

Configuration

Genian NAC provides a well-documented REST API for querying device inventory, compliance status, and events.

  1. Log in to the Genian NAC Policy Center
  2. Navigate to Settings > API Key Management
  3. Generate an API key and provide it to KYRA MDR during setup
GET /mc2/rest/nodes?apiKey=<KEY>&page=1&pageSize=100

Option 2: Syslog

  1. Navigate to Policy Center > 설정 > 외부연동 > Syslog
  2. Add the KYRA Collector IP and port 514
  3. Select the log types to forward

Sample log format (CEF-like):

<14>Jan 15 10:30:00 genian-nac CEF:0|Genians|NAC|5.0|100|Node Detected|5|src=192.168.1.50 mac=00:11:22:33:44:55

Collected Log Types

Log TypeSecurity UsePriority
Device discoveryNew/unknown device detection on networkCritical
Device profilingOS and device type identificationHigh
Compliance statusPatch level, AV status verificationHigh
802.1X authenticationNetwork access control eventsHigh
Policy violationsNon-compliant device detectionCritical
IP conflict / MAC changeNetwork anomaly detectionHigh
Quarantine eventsDevice isolation trackingHigh
ARP spoofing detectionNetwork attack detectionCritical

Troubleshooting

API Connection Issues

  1. Verify the API key is valid and has not expired
  2. Ensure the collector can reach the Genian NAC Policy Center over HTTPS
  3. Check that the API user has sufficient permissions

No Syslog Logs

  1. Verify syslog server settings in the Policy Center
  2. Ensure port 514 is open between the NAC and the collector

For additional help, contact kyra@seekerslab.com.