It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda XDR

Setting up the XDR Collector for Windows

  • Last updated on

This setup is for the XDR Collector only. If you are using a physical or virtual sensor, please contact the XDR Enablement team for assistance.

The XDR Collector runs as a service in your environment. While the minimum specifications are listed below, the required resources depend on the number of active integrations and the amount of data being processed.

Network Monitoring vs Server Monitoring

When setting up Network Monitoring, always set up the XDR Collector on a dedicated host server. Don't use an existing server because the amount of data produced by Windows event logs can impact critical infrastructure.

You can install the XDR Collector on an existing server if you are monitoring only Windows event logs from that server.

If you're collecting logs from one or more data sources, install the XDR Collector on a dedicated host.

The table below shows the difference between the XDR Collector installed on a dedicated host and installed on an existing server.


Dedicated HostExisting Server
Can collect

Logs from all data sources on the network

Windows event logs from the Windows Server only
Supports collecting logs from multiple sourcesYesNo
Requires a private static IP addressYes

No

The steps for installing the XDR Collector on a dedicated host or an existing server are the same, except that a dedicated host requires a private static IP address and an existing server doesn't.

Minimum Requirements

To set up the XDR Collector, the minimum requirements are the following:

Minimum requirements
CPU2vCPU
Disk Size10GB SSD
Memory1GB
When monitoring Barracuda IDS/Suricata, the host must have 2 Network Interface Cards. One to monitor span traffic and one for host traffic. For more information, see Setting up the Barracuda XDR Elastic Collector for Barracuda IDS for Windows .

Operating System

  • Windows Server 2016 and higher
  • Windows 10 and higher

Windows Server 2022  is recommended.

IP Address requirements

A private static IP address is required, except when installing on a standalone instance.

Required Endpoint/Port Communication

The XDR Collector must be able to communicate to the following endpoints/ports:

Logstash

a96190b49bd294a5fbb3725ff20aab78-c7f64fe7557a87d2.elb.us-east-1.amazonaws.com:5044

Management Server

b5e9a5096e0a4f7782cc444c8edbbd5e.fleet.us-east-1.aws.found.io:443

Update Server

artifacts.elastic.co:443

Setting Up the XDR Collector

If you have already installed the XDR Collector on a dedicated host, you don't need to reinstall it, even if you enable multiple integrations.

To set up the XDR Collector, you must do the following procedures:
  • To configure a private static IP address (Not required when installing on a standalone instance)
  • To install the XDR Collector
To configure a private static IP address

A private static IP address is required when installing on a dedicated host. If you're setting up a standalone instance to only monitor Windows events, a private static IP address is not required.

See the documentation for your specific version of Windows.

To install the XDR Collector

The install command is unique for each account and should only be run on systems within that account's network.

  1. In Barracuda XDR Dashboard, click Infrastructure Collectors.
  2. In the Policies table, next to On-Prem, click Action Install.
  3. Click Windows.
    WindowsInstallXDRCollector1.png
  4. Copy the install command at the bottom of the dialog box.
    WindowsInstallXDRCollector2.png
  5. On the appropriate system, run Powershell as an administrator, paste the install command, and run it.

    It may take up to 30 minutes for the install to complete.