The Barracuda CloudGen Firewall allows administrators to stream relevant security events to the Barracuda XDR platform to detect and provide an incident response to malicious events. A 24x7 SOC team streamlines responses to incidence, which reduces the damage of the attack.
For more information on the Barracuda XDR solution, please refer to: https://barracudamsp.com/product-details/extended-detection-and-response-xdr/
Enable Streaming to Barracuda XDR Platform for Standalone Firewalls
Go to CONFIGURATION > Configuration Tree > Box > Infrastructure Services > Syslog Streaming.
In the left menu, click Reporting.
Expand the Configuration Mode menu and select Switch to Advanced.
Click Lock.
Enable the service and select Generic Logstash.
Select the checkbox for Verify Server Certificate.
In the Hostname field, enter the endpoint FQDN:
cloudgenfw.ingest.skoutsecure.com:5044
Set Use Remote Management Tunnel to No.
Click Send Changes and Activate.
Enable Streaming to Barracuda XDR Platform for Managed Firewalls
Go to CONFIGURATION > Configuration Tree > Range > Cluster > Boxes > Box > Infrastructure Services > Syslog Streaming.
In the left menu, click Reporting.
Expand the Configuration Mode menu and select Switch to Advanced.
Click Lock.
Enable the service and select Generic Logstash.
Select the checkbox for Verify Server Certificate.
In the Hostname field, enter the endpoint FQDN:
cloudgenfw.ingest.skoutsecure.com:5044
Set Use Remote Management Tunnel to No.
Click Send Changes and Activate.
(Optional) Link the Syslog Streaming Node to a Repository
Make sure that repositories are enabled. For more information, see Repositories.
Within the Configuration Tree, right click on the Syslog Streaming node that has been configured, and select Copy to Repository.
Select the repository and enter appropriate object name.
Right-click the created repository object and select Multiple Object Action.
Select all firewalls in your Control Center you want to activate the integration for.
Select Link to Repository as the Action on selected Nodes, and click Go.
Click OK.
On the top-right of the window, click Activate.