The Barracuda XDR September release includes the following features:
New Detections
We've introduced over 20 new detections for 5 different data sources. See the table below for details:
| Data Source | Detection |
|---|---|
| Barracuda CloudGen Firewall | Providing Traffic Direction info IPS Treat Info IPS Threat Category IPS Threat Signature Signature Severity |
| Microsoft 365 | Mail Items Accessed by External User Account Password Policy Changed Unusual Volume of Emails Sent Login from Unidentified Location Distributed Brute Force Login from Unidentified Location |
| Microsoft Azure | Suspicious WordPress theme invocation detected Connection to web page from anomalous IP address detected Possible Vulnerability to SQL Injection Suspicious client communication Suspected brute-force attack attempt |
| AWS GuardDuty | InitialAccess Detection Event Recon Detection Event DefenseEvasion Detection Event AWS Console Successful Risky Login |
| Microsoft Defender for Endpoints | New detection that looks for malware, privilege escalation and more |
New Degradation Notifications
To ensure continuous monitoring, you can now set the Managed Endpoint Security Device log degradation at the individual device level. This helps you individualize monitoring at the appropriate level for each device.
Navigation Update
We've made changes to enhance the usability of the XDR Dashboard to provide clearer direction on where to download items versus where to configure them.
New SentinelOne user setting:
When uninstalling the SentinelOne agent, users can select to snooze the agent instead of uninstalling it. This is intended to promote keeping the agent installed.
Changes to Partner ConnectWise and Autotask Comments
Partners' ConnectWise and Autotask comments are synced as Public comments in XDR's ticketing system, where previously they were synced as Private. This ensures partners can see the communications from their own colleagues when checking XDR emails or XDR Dashboard. This also ensures XDR Dashboard better reflects what is being shown to our partners who use ConnectWise and Autotask.
Cyber Warranty Status Now Available on Home Page
On the Home page, customers can now see if they are eligible for a warranty claim, if they subscribe to this service.