This functionality is available only with Barracuda Email Protection Premium and Premium Plus plans. To upgrade to one of these plans, contact your Barracuda Networks Sales Representative.
The Automatic Remediation and Incident Response RESTful API (beta) provides remote administration and configuration of Incident Response. This article gives a brief description of the API and the API endpoints, with links to details about each endpoint.
Prerequisites
You must have the following items before you can access the API:
- A Barracuda Cloud Control (BCC) account user credentials. If you do not already have a Barracuda Cloud Control account, see Create a Barracuda Cloud Control Account.
- A Client ID and Client Secret from a registered application in the Barracuda Token Service at https://login.bts.barracudanetworks.com/register.
For instructions, see Registering your Application in the Barracuda Token Service. - An access token to make API requests. To create an access token, refer to the instructions in Obtaining an Access Token.
Be sure to specify one or more correct scope values for your Access Token:
- GET methods require an Access Token with scope
forensics:account:read - POST methods require an Access Token with scope
forensics:account:write
- GET methods require an Access Token with scope
Barracuda Incident Response API
| API Endpoint | Method | Function |
|---|---|---|
| Get Accounts | GET | Retrieves a list of accounts for Barracuda Incident Response. |
| Get Tenants | GET | Retrieves a list of Microsoft 365 tenants connected to a Barracuda Incident Response account. |
| Create Incident | POST | Creates an incident for a Microsoft 365 tenant. |
| Get Incident | GET | Retrieves a single incident using the incident ID. |
| Get Incidents | GET | Retrieves a list of created incidents for a Microsoft 365 tenant. |
| Get User-Reported Emails | GET | Retrieves a list of user-reported emails for a Microsoft 365 tenant. |
You will often use the following endpoints first, as the information they retrieve is needed in other endpoints:
Tool for Interacting with the API
cURL
cURL is a command line tool for transferring data from or to a remote server via URLs. cURL is pre-installed on many UNIX/Linux platforms and newer Windows platforms. Type curl -V in your favorite shell to see if the tool is installed.
Examples in the endpoint references use cURL commands to send HTTP requests to access, create, and manipulate resources.
Paging
Endpoints that require paging (Get Incidents and Get User-Reported Emails) include the necessary parameters.