It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

Login Sign Up Contact & Support

United States – English (GMT-5)

Email Protection

Total Email Protection

Email Gateway Defense (Email Security)

Impersonation Protection (Sentinel)

Cloud Archiving Service

Security Awareness Training (PhishLine)

Email Security Gateway

Domain Fraud Protection

Incident Response

Message Archiver

WAF-as-a-Service

Web Application Firewall

Cloud Security Guardian

Load Balancer ADC

Vulnerability Manager

Vulnerability Remediation Service

WAF Control Center

Active DDoS Prevention

Reporting Server

CloudGen Firewall

CloudGen Access

Network Access Client

Firewall Insights

Web Security Gateway

Web Security Agent

Firewall Policy Manager

Cloud-to-Cloud Backup

RMM (Managed Workplace)

Managed Security Awareness Training (Managed Phishline)

Intronis Backup (ECHOplatform)

MSP Knowledge Base

Site Security Scanner

MSP – Partner Enablement

NextGen Firewall X

Server Backup (Yosemite)

Campus Help Center / Reference

Network Security

Support Services

Barracuda XDR

Overview Documentation Materials

Email Protection

Total Email Protection

Email Gateway Defense (Email Security)

Impersonation Protection (Sentinel)

Cloud Archiving Service

Security Awareness Training (PhishLine)

Email Security Gateway

Domain Fraud Protection

Incident Response

Message Archiver

WAF-as-a-Service

Web Application Firewall

Cloud Security Guardian

Load Balancer ADC

Vulnerability Manager

Vulnerability Remediation Service

WAF Control Center

Active DDoS Prevention

Reporting Server

CloudGen Firewall

CloudGen Access

Network Access Client

Firewall Insights

Web Security Gateway

Web Security Agent

Firewall Policy Manager

Cloud-to-Cloud Backup

RMM (Managed Workplace)

Managed Security Awareness Training (Managed Phishline)

Intronis Backup (ECHOplatform)

MSP Knowledge Base

Site Security Scanner

MSP – Partner Enablement

NextGen Firewall X

Server Backup (Yosemite)

Campus Help Center / Reference

Network Security

Support Services

Login Sign Up Contact & Support

United States – English (GMT-5)

Integrating Azure

Last updated on 2024-03-13 12:21:19

Barracuda XDR retrieves Audit Logs, Sign In Logs, and Activity Logs from Microsoft Azure. These items are read from the Azure Event Hub.

Videolink:

https://campus.barracuda.com/

This video has no sound.

Requirements

An Azure Premium P1 or P2 license is required.

Integrating Microsoft Azure requires you follow these procedures, below:

Part 1: Setting Up Azure Event Hub
- To create Event Hub Namespaces
Part 2: Configuring Storage Accounts
- To initialize Storage Accounts
- To set up Event Hub Entities
- To set up an Event Hub Shared Access Policy
Part 3: Updating Diagnostic Settings
- To update diagnostic settings for the sign in log
- To update diagnostic settings for for the audit log and activity log
- To set up Microsoft Defender for Cloud
Part 4: Barracuda XDR Dashboard Setup for Azure

Part 1: Setting Up Azure Event Hub

To create Event Hub Namespaces

Navigate to the Azure Event Hub.
Create three event hub namespaces dedicated to each of the following:
1. Audit Logs
2. Sign In Logs
3. Activity Logs
  The Event Hub Namespace Name must:
  - Contain at least eight characters.
  - Not contain special characters.
  In Pricing Tier, select Basic.
  In Networking, select Public Access.
  We recommend the following naming convention:
  - xdr-azure-activity-logs
  - xdr-azure-audit-logs
  - xdr-azure-sign-in-logs
Click Review and Create.
The deployment may take a while.

Part 2: Configuring Storage Accounts

Configuring storage accounts requires the following procedures, below:

To initialize Storage Accounts
To set up Event Hub Entities
To set up an Event Hub Shared Access Policy

To initialize storage accounts

Navigate to Storage Accounts.
- Audit Logs
- Sign In Logs
- Activity Logs
  We recommend the following naming convention:
  - xdr-azure-activity-logs
  - xdr-azure-audit-logs
  - xdr-azure-sign-in-logs
Click Review and Create.

The deployment may take a while.

To set up Event Hub Entities

In Microsoft Azure, navigate to Event Hubs.
In Event Hubs, select the check box of an Event Hub Namespace that you created in the previous procedure.
Click Create Event Hub.
We recommend the following naming convention:
- xdr-azure-activity-logs
- xdr-azure-audit-logs
- xdr-azure-sign-in-logs
Repeat steps 2-3 for the rest of the namespaces.
Click Review and Create.
The deployment may take a while.

To set up an Event Hub Shared Access Policy

In Event Hubs, on the right, click the link Event Hub Namespace that you created in the previous procedure.
Do not click Shared Access Policies under Settings.
Click Shared Access Policies.
Click Add.
In Add SAS Policy, in Policy Name, type the name of the namespace.
Select the Manage checkbox.
Repeat steps 1-5 for the rest of the namespaces.

Part 2: Updating Diagnostic Settings

To update diagnostic settings for the sign in log

Navigate to Azure Active Directory.
In the Monitoring section, click Sign-in logs.
Click Export Data Settings.
Click Add diagnostic setting.
Do the following:
- In Diagnostic setting name, type the name of your sign in log.
- Select the following checkboxes:
  - SignInLogs
  - NonInterctiveUserSignInLogs
  - ServicePrincipleSignInLogs
  - ManagedIddentitySignInLogs
  - Stream to an event hub
- Select the correct Subscription and Event hub namespace (Ex: xdr-azure-sign-in-logs).
Click Save.

To update diagnostic settings for for the audit log and activity log

Navigate to Azure Active Directory.
In the Monitoring section, click Audit logs.
Click Export Data Settings.
Click Add diagnostic setting.
Do the following:
- In Diagnostic setting name, type the name of your audit log namespace.
- Select the following checkboxes:
  - AuditLogs
  - Stream to an event hub
- Select the correct Subscription and Event hub namespace (Ex: xdr-azure-audit-logs).
Click Save.
Repeat steps 1-6 for the activity log.

To set up Microsoft Defender for Cloud

Navigate to Microsoft Defender for Cloud.
Under Management, click Environment settings.
Select your subscription.
If you're setting up for the first time, set Severs and Storage to On, then click Save.

Enabling Microsoft Defender for Servers while another EDR is active can lead to performance issues.
Under the Settings section, click Continuous Exports.
Do the following:
Select the Security recommendations checkbox, and select All recommendations.
In Security Alerts, select Low, Medium, High, Informational.
Turn Streaming Updates on.
Turn Snapshots off.
In Export configuration, select your subscription.
In Export Target, do the following:
- In Subscription, select your subscription
- In Event Hub namespace, select the name of your activity log.
- In Event Hub name, select the name of your activity log.
- In Event hub policy name, select the name of your activity log.
Click Save.

Part 3: Barracuda XDR Dashboard Setup for Microsoft Azure

To set up Barracuda XDR Dashboard Setup for Microsoft Azure

In Azure, click Event Hubs, then click one of the activity logs.
Click Event Hubs, then lick the link of the log.
Click Shared access policies.
In the right side, copy the Connection string-primary key.
Open another browser tab and start Barracuda XDR Dashboard.
In Barracuda XDR Dashboard, click Setup > Integrations.
On the Microsoft Azure card, click Setup.
Select the Enabled checkbox.
In the Activity Log section, do the following:
In Event Hub, type the name of the Activity Log.
In Connection String, paste the Connection string-primary key.
In Azure, click Home, Storage Accounts.
Click the link of the Activity Log.
Copy the name of the Storage Account.
In Barracuda XDR Dashboard, in Storage Account, paste the name of the Storage Account.
In Azure , click Access Keys.
In the key1 section, copy the Key.
In Barracuda XDR Dashboard, in Storage Account Key, paste the key.
Repeat steps 1-19 for the rest of the logs.
Click Save.

Previous Article Next Article