Set up the Syslog
Sign in to Barracuda Incident Response.
On menu in the top left, click Settings.
Click the Syslog Options tab.
Toggle Enabled to on.
In IP Address/Hostname, enter
barracuda-forensics.skout-build.com
.In Port, enter 6514.
Click Save.
While still in the Incident Response app, in your browser's location bar, take note of the UUID Portion of the URL. For example:
If the url is
https://forensics.barracudanetworks.com/report/xxxx-1234-5678-abcd-zzzz/dashboard
, then the UUID isxxxx-1234-5678-abcd-zzzz
.
Barracuda XDR Dashboard
In Barracuda XDR dashboard, click Administration > Integrations.
Click the Barracuda Incident Response card.
Do the following:
In Tenant ID, enter the UUID.
Check the Enabled box.
Click Save.
Set Up the API (Optional)
The second step is setting up the API, so that you can create incidents directly from Barracuda XDR Dashboard. This step is optional and not used by the SOC.
Create a Client ID and Client Secret. Log in to the Barracuda Token Service at https://login.bts.barracudanetworks.com/register. If you are not currently logged into Barracuda Cloud Control (BCC), you must log in using your BCC user credentials before you are redirected to the Barracuda Token Service.
Click Add Application in the top right.
On the Add Application page, in the Application Details section, fill in the Application name. In the Application Scope section, select following the account level checkboxes:
Email Gateway Defense
Incident Response
Click Add Application to register your application.
On the Application Details page, you can copy your Client ID and Client Secret to the clipboard and enter these values into the appropriate fields on Administration > Integrations > Barracuda Incident Response. The Client Secret is only available to copy for 15 minutes. However, you can reset it at any time.