The Barracuda SecureEdge Manager allows administrators to stream logs to the Extended Detection and Response (XDR) services. Barracuda XDR streaming is disabled by default, but you can enable or disable it for an entire workspace. You can integrate to the Barracuda XDR service via SecureEdge Manager and stream logs for security threats. You can stream the following logs: Firewall, VPN, Connectivity, Threat, and SD-WAN (connectivity). For instructions on how to set up the Barracuda XDR, see Integrating Barracuda SecureEdge Firewall. For more information on the XDR service, see Barracuda XDR.
Requirements
You must have a valid Barracuda XDR subscription.
Configure Barracuda XDR
Go to https://se.barracudanetworks.com and log in with your existing Barracuda Cloud Control account.
In the left menu, click the Tenants/Workspaces icon and select the workspace you want to configure Barracuda XDR for.
Go to Integration.
Expand the Barracuda XDR menu on the left and select Log Streaming.
The Log Streaming page opens. Specify values for the following:
Log Streaming – Click to enable/disable. By default, Log Streaming is disabled.
When Log Streaming is enabled, specify the following:Sites – Select the Site from the drop-down list, or type to search. You can select either all Sites or a specific Site.
Edge Service – Select the Edge Service from the drop-down list, or type to search. You can select either all Edge Services or a specific Edge Service.
XDR Hostname – Enter
secure-edge.ingest.skoutsecure.comPort – Enter
5044
Click Save.
After the configuration is complete, you can see that the selected Sites or Edge Services in your workspace start streaming their logs to Barracuda XDR services in order to monitor and analyze for security threats.
Edit the Barracuda XDR Configuration
Go to https://se.barracudanetworks.com and log in with your existing Barracuda Cloud Control account.
In the left menu, click the Tenants/Workspaces icon and select the workspace you want to edit the Barracuda XDR configuration for.
Go to Integration and select Barracuda XDR > Log Streaming. The Log Streaming page opens.
To change the Barracuda XDR configuration, edit the following settings:
Sites log streams to Barracuda XDR
Edge services log streams to Barracuda XDR
Barracuda XDR server and port settings
Modify Sites Stream to Barracuda XDR
Go to the Log Streaming page. To remove the specific Site or multiple Sites, click X. You can see that previously selected Sites are removed.
To reconfigure Sites, select the Site you wish to add from the drop-down list, or type to search.
Click Save.
After the configuration is complete, you can see that only the selected Sites stream logs to Barracuda XDR.
Modify Edge Services Stream to Barracuda XDR
Go to the Log Streaming page. To remove the specific Edge Service or multiple Edge Services, click X.
To reconfigure the Edge Services, select the Edge Services you wish to add from the drop-down list, or type to search.
Click Save.
After the configuration is complete, you can see that only the selected Edge Services stream logs to Barracuda XDR.
Modify the Barracuda XDR Server and Port Settings
Go to the Log Streaming configuration page. Edit the value for the field names such as Hostname and Port.
Enter a valid hostname and port.
Click Save.
After the new configuration is complete, you can see that the selected Sites or Edge Services in your workspace stream logs to the new Barracuda XDR server.
Disable Barracuda XDR for a Workspace
Go to https://se.barracudanetworks.com and log in with your existing Barracuda Cloud Control account.
In the left menu, click the Tenants/Workspaces icon and select the workspace you want to disable streaming for.
Go to Integration and select Barracuda XDR > Log Streaming. The Log Streaming page opens.
Click to disable Log Streaming
Click Save.
After the configuration is complete, you can see that the connected Sites or Edge Services in a selected workspace stop streaming their logs to Barracuda XDR.