It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Campus Barracuda Campus
Barracuda XDR
Overview Documentation Materials

Barracuda XDR Release Notes — October 2024

  • Last updated on

New features

New option for device degradation thresholds

The log degradation setting dictates how long XDR can go without receiving a log from an endpoint device without sending an alarm. We’ve added a new 1 week option.

image-20241029-185257.png
Report on Unprotected Devices

You can now add an Unprotected Device component to your reports. This component reports on devices that SentinelOne can detect but is not protecting.

image (7).png

New Microsoft Office 365 Anomalous Login & Impossible Travel Detection

A proprietary machine learning model now enhances the detection of anomalous Office 365 logins by analyzing 30 distinct features associated with potential user compromise events. These features were derived from real-world case investigations.

  • Improved Alert Accuracy: Dynamic severity adjustments and advanced filtering reduce false positives, providing more precise alerts compared to previous versions.

  • Optimized Alert Volume: Enhanced rules help minimize alert fatigue and prioritize critical incidents.

New LB.EA.Windows MS-SQL Server Brute Force Attempt Windows Detection

A new rule monitors event code 18456 for signs of brute force attacks.

  • Detection Frequency: Analyzes login attempts every 10 minutes, reviewing activity from the preceding 5 minutes.

  • Alert Trigger: Alerts are generated when 200 or more failed login attempts are detected, grouped by username and organization, targeting one or more hosts.

Improvements

  • Automatic Increased Alert Severity for Multiple Alerts Ticket severity is now automatically increased if 15 alerts have occurred in the last 24 hours. If 15 low-severity alerts occur, ticket severity is raised to medium. If 15 medium alerts occur, ticket severity is raised to high. The severity of alerts depends on factors like similar IP, user, and hostname.

  • Easier Ticket Response We have added a link and instructions for customers to mark alerts as true positive, false positive, or acknowledged alert in the XDR Dashboard instead of replying to the ticket.

  • Easier to Read Emails We have increased the font size on emails viewed on mobile based on customer feedback.

  • More Information on Microsoft Defender Rules Added three new fields (Bundled Files, Dropped Files, URLs Contacted) to improve information on downloaded files in these three rules:

    • GLB.AD.EPP Microsoft Defender for Endpoint Malicious Threat Detected Not Remediated

    • GLB.AD.EPP Microsoft Defender for Endpoint EICAR File Detected

    • GLB.AD.EPP Microsoft Defender for Endpoint Ransomware Associated File Detected

  • Network Analysis Workflow Elastic Agent We have added NAW (Network Analysis Workflow) support for the Elastic agent.