It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Email Protection

Note

If you purchased one of the following products, refer to Barracuda Total Email Protection.

  • Total Email Protection 
  • Total Email Security 
  • Essentials Complete 
  • Essentials Compliance 
  • Essentials Security

Integrate Amazon Security Lake with Email Protection

  • Last updated on

Set Up Amazon Security Lake

Amazon Security Lake must first be enabled in your AWS account. See Amazon Security Lake and Amazon Security Lake User Guide for help.

Add Barracuda Email Products as an External Data Source

Within your AWS account you must add Barracuda Networks as one or more External Data Sources.

You will need to provide the following information:

  • Your (AWS Delegated Admin) AccountID 
  • The name for the custom data source
  • The event class that will be sent (SECURITY_FINDING)
  • The region ID where you will set up this external source

Set Up Barracuda Email Products

Once you have added a Barracuda Email product as an external data source within your AWS account, provide Barracuda Networks with the following information:

  • The ARN (Amazon Resource Name) for the assume-role Barracuda Networks will use to deliver data into your Amazon Security Lake S3 bucket
    • This will follow the naming convention AmazonSecurityLakeLogProviderRole-<accountID>-<data source name>
  • The ARN for the Amazon Security Lake S3 bucket to which Barracuda Networks will be delivering data
  • The prefix Barracuda Networks will be using to upload files to that S3 bucket

    {
         "arn":"arn:aws:iam::123456789012:role/AmazonSecurityLakeLogProviderRole-123456789012-barracuda",
         "s3":"aws-security-data-lake-us-east-1-123456789012",
         "prefix":"ext/barracuda"
    }

Contact Barracuda Networks Technical Support

If you require assistance setting up the Amazon Security Lake integration, contact Barracuda Networks Technical Support.

Integration Data Mapping

The following table maps Open Cybersecurity Schema Framework (OCSF) fields for log data coming from Barracuda Networks.

Barracuda Networks Syslog Field
OCSF Field
Notes
 activity_idAlways a value of 1, which means "A security finding is generated."
 category_uidAlways a value of 2, which means "Findings"
 class_uidAlways a value of 2001, which means "Security Finding"
timestamptimeThe time of the event
 finding.uidGlobally unique identifier

Email Gateway Defense: action - reason - reason_extra

Impersonation Protection: category

finding.titleDifferent title values based on product source


metadata.versionThe version of the event class


metadata.product.vendor_nameThe name of the vendor (Barracuda Networks)


metadata.product.nameThe name of the Barracuda Networks product that made the security finding
 severity_idAlways a value of 0
 state_idAlways a value of 0
 type_uidAlways a value of 200101
Last updated on