Welcome to the Barracuda XDR’s monthly release notes! At Barracuda Managed XDR, we're committed to protecting customers from complex threats. To achieve this, we continuously introduce new features and enhance our detection, automation, threat intelligence, and automated response capabilities to combat evolving threats. In June 2025, we introduced a variety of new features, fixes, important updates, and enhancements.
What’s new this month
The launch of Managed Vulnerability Security
Email Distribution List
O365 ATR account set-up notification
Add tooltip to test button for Barracuda Incident Response Integration
Change Total Alarms to Total Tickets
Dashboard Alerts: Improve Alert Formatting
Temporary Removal of “Requires Patching” Feature
Rename Account: Sorting by Display Name
ATR/SOAR changes
New rule automations
Updates to rules
Clarification on setting up ATR/SOAR for SonicWall
New features
The launch of Managed Vulnerability Security
Managed Vulnerability Security is proactive vulnerability scanning that is fully managed by Barracuda. Now you can uncover the vulnerabilities in your organization before cybercriminals do. For more information, see Managed Vulnerability Security.
The email distribution list
The email distribution list is a list of contacts who should receive email alerts. These users are sent an email when an alert of the assigned level is detected, as opposed to the users on the escalation call list, who are contacted quickly in the event of an emergency. For more information, see Working with Email Distribution Contacts.
Microsoft 365 ATR account set-up notification
To ensure SOAR/ATR works properly, users now see an error if all required permissions aren’t fulfilled. Users without the required permissions are now automatically blocked.
Clarification on the test button for Barracuda Incident Response Integration
The Test button for Barracuda Incident Response is disabled when the Client ID field is empty.
Change of total alarms to total tickets on the Home page and Security Overview
For clarity, the Total alarms category has been changed to Total tickets on the Home page and Security Overview.
Removal of the Requires Patching field on the Endpoint Devices page
The Requires Patching column has been removed from the Endpoint Devices page, due to recent API updates from SentinelOne.
Accounts sorted by displayed account name
Many account selection menus are now sorted by the account name displayed instead of the account id. For example, the following menus are now sorted by displayed account name:
The Organization field on the User Management page
The Account field on the Allow List page
ATR/SOAR changes
New rule automations
The GLB.ID.NET Meraki IDS High Priority Alert Not Blocked rule has been automated with ATR/SOAR. This rule detects a high priority alert that was not blocked.
The Threat IP Communication Detected on Critical Protocol rule has been automated with ATR/SOAR. This rule detects a suspicious communication using a network protocol such as TCP, UDP, or ICMP, and applies to:
Barracuda CloudGen
SonicWall
Barracuda SecureEdge
Updates to rules
The following Suspicious SSL VPN Logon rules have been updated so that the current event will not trigger them:
SonicWall Suspicious SSL VPN Logon
Cisco ASA Suspicious SSL VPN Logon
Sophos Suspicious SSL VPN Logon
FortiGate Suspicious SSL VPN Logon
Clarification on setting up ATR/SOAR for SonicWall
A clarification has been added to the Setting up SOAR for SonicWall page, indicating that the address group must be IPv4, not IPv6.