It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Campus Barracuda Campus
Barracuda SecureEdge
Overview Documentation Training Certification Materials

How to Deploy a Workbook via Microsoft Sentinel

  • Last updated on

To add a Log Analytics workspace to Microsoft Sentinel in Microsoft Azure, you must first connect your Barracuda SecureEdge with a Log Analytics workspace. Microsoft Sentinel allows you to create custom workbooks across your data. Workbooks are used for querying data from multiple sources in Azure and visualising data for reporting and analysis. The template used will deploy a workbook into a new or existing Log Analytics workspace and provide basic information on VPN Status, Device Availability, Device Performance, Device Bandwidth, and WAN Latency.

Barracuda SecureEdge Workbook

The Barracuda SecureEdge workbook is available in the Barracuda Networks GitHub account: 

https://github.com/barracudanetworks/secureedge/tree/main/azure-workbook

Before You Begin

Step 1. Add Log Analytics Workspace to Microsoft Sentinel

  1. Log into the Azure portal: https://portal.azure.com
  2. In the left menu, click All services and search for Microsoft Sentinel.
  3. Click Create.
    ms-sentinel.png
  4. Select the newly created Log Analytics workspace. For example, in this case: Campus-LogAnalytics-workspace. 
    add-ms-sentinel-ws.png
  5. Click Add.

Step 2. Deploy a Workbook 

  1. Log into the Azure portal: https://portal.azure.com
  2. In the left menu, click All services, search for the Log Analytics workspace you created, and pin it to your dashboard.
  3. In the Campus-LogAnalytic-workspace menu, select Workbooks. Create an Empty workbook.
    LAW-Workbook.png
  4. Click the Advanced Editor icon and delete the existing content of Gallery Template
    AdvancedEditor.png
  5. Open the SecureEdge workbook. For example, in this case: SecureEdgeWorkbook.json.
  6. Click Raw to copy the content of a workbook and paste it in your workbook's Gallery Template.
    GallertyTemplate.png
  7. Click Apply. You can see that a new workbook has been created. Wait briefly to fetch the log data.
  8. To save this workbook, select Done Editing in Advanced Editor, and then click Save
  9. The Save As page opens. Enter the name of workbook.
    myworkbook.png
  10. Click Apply.

You can now see the log data streaming to a Log Analytics workspace. On the SecureEdge workbook, the Overview page opens. Select the Site device and Time frame from the drop-down list.

The Overview page provides following details:

  • SecureEdge Device Availability 
    Overview.png

  • SecureEdge Site Performance Summary
    SE-SitePerformance.png

Accessing Information on the Gateways Page

The Gateways tab provides the information on gateway throughput. You can see a graphical representation of the egress and ingress traffic. In addition, it displays information on connected sites and connected remote clients.

At the top of the workbook, click Gateways. Select Gateways and specify the Time frame from the drop-down list. Note: To get the complete result for gateways, you must wait several hours. 

Gateways.png

Accessing Information on the Sites Page

The Sites tab provides information on the load over a range of time, the latest WAN bandwidth measurements, and new connections. In addition, it displays information on the firmware version and the VPN tunnels currently up. In the Load over time illustration, you can see a graphical representation of the load during a specified time range. The Latest WAN Bandwidth measurement illustration provides a bar graph.

At the top of the workbook, click Sites. Select Sites and specify the Time frame from the drop-down list. The Sites page provides following details:

  • Load over time.
    Site-Load over time.png

  • Latest WAN Bandwidth measurement and New Connections.

    BW-NewConnection.png

  • Site Device and Site CPU Temperature.
    SE-SiteTemp.png

  • Firmware Version and VPN Tunnels UP.

    Firmware-version.pngVPN-Tunnel-UP.png

Accessing Information on the SD-WAN Page

The SD-WAN tab provides the aggregated data on latency, download bandwidth utilisation, and upstream bandwidth utilisation. Each of these elements provides an illustration of the data within a specified time range.

At the top of the workbook, click SD-WAN. Select Sites and specify the Time frame and Transport from the drop-down list. The SD-WAN page provides following details:

  • Latency
    SDWAN.png

  • Download Bandwidth Utilisation
    Download-BW-Utilization.png

  • Upstream Bandwidth Utilisation
    Upstram-BW-Utilization.png