It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Campus Barracuda Campus
Barracuda SecureEdge
Overview Documentation Training Certification Materials

How to Configure Barracuda XDR Automated Threat Response (ATR) in SecureEdge

  • Last updated on

You can configure Automated Threat Response (ATR) via the SecureEdge Manager. When malicious intent is detected by external services in the Barracuda XDR platform, Barracuda XDR sends ATR requests to SecureEdge. An ATR request is a request to block access to the network for a given IP address or address range for users, URLs, and both public and private IPs in the network. In SecureEdge, these block requests translate to network ACL rules. By enabling and configuring ATR, malicious traffic can be blocked automatically, thereby reducing the time a threat remains active.

Requirements

  • You must have a valid Barracuda XDR subscription and an appropriate account in Barracuda XDR.

  • You must have access to Barracuda SecureEdge.

  • Barracuda XDR must be integrated in SecureEdge. For more information, see How to Configure Barracuda XDR in SecureEdge.

If you disable ATR integration in SecureEdge, you must reconfigure it from scratch. Similarly, if you deregister your Barracuda XDR account, you must register it again from scratch.

Step 1. Configure ATR in SecureEdge

  1. Go to https://se.barracudanetworks.com and log in with your existing Barracuda Cloud Control account.

  2. In the left menu, click the Tenants/Workspaces icon and select the workspace you want to configure ATR for.

  3. Go to Integration.

  4. Expand the Barracuda XDR menu on the left and select ATR Configuration.

    atr-confg.png

  5. The ATR Configuration page opens. Specify values for the following:

    • Automated Threat Response – Click to enable/disable. By default, Automated Threat Response is disabled.

      • When Automated Threat Response is enabled, you can see the values for following parameters:

        • XDR Account – Displays the account name you have configured in the XDR system.

        • Authentication Token – You must copy the displayed authentication token. Note: You required this value in Step 2. After the XDR account is registered, the authentication token is no longer visible on the ATR Configuration page of SecureEdge.

      • When Automated Threat Response is disabled, you cannot configure Barracuda XDR ATR integration.

        atr-config-01.png

  6. Click Save.

  7. Copy the authentication token now, which you will need in the next step to complete the integration. 

Step 2. Configure ATR within Barracuda XDR

To complete the Barracuda XDR ATR integration, you must enter a valid authentication token in the XDR platform.

After you provide the authentication token and complete the configuration, you can verify the status of your ATR configuration in SecureEdge for a selected workspace. The ATR status is shown as Connected on the ATR Configuration page in SecureEdge. All Block rules generated by ATR are audited appropriately in SecureEdge. For example, ATR integration is configured and enabled for a workspace, and XDR has created block rules in that workspace. You can see these rule entries have been made on the Logs And Reporting >Audit Log page.