Integrate Amazon Security Lake with Email Protection

Set Up Amazon Security Lake

Amazon Security Lake must first be enabled in your AWS account. See Amazon Security Lake and Amazon Security Lake User Guide for help.

Add Barracuda Email Products as an External Data Source

Within your AWS account you must add Barracuda Networks as one or more External Data Sources.

You will need to provide the following information:

• Your (AWS Delegated Admin) AccountID 
• The name for the custom data source
• The event class that will be sent (SECURITY_FINDING)
• The region ID where you will set up this external source

Set Up Barracuda Email Products

Once you have added a Barracuda Email product as an external data source within your AWS account, provide Barracuda Networks with the following information:

• The ARN (Amazon Resource Name) for the assume-role Barracuda Networks will use to deliver data into your Amazon Security Lake S3 bucket
  • This will follow the naming convention AmazonSecurityLakeLogProviderRole-<accountID>-<data source name>
• The ARN for the Amazon Security Lake S3 bucket to which Barracuda Networks will be delivering data
• The prefix Barracuda Networks will be using to upload files to that S3 bucket
  

  {
     "arn":"arn:aws:iam::123456789012:role/AmazonSecurityLakeLogProviderRole-123456789012-barracuda",
     "s3":"aws-security-data-lake-us-east-1-123456789012",
     "prefix":"ext/barracuda"
}

If you require assistance setting up the Amazon Security Lake integration, contact Barracuda Networks Technical Support.

Integration Data Mapping

The following table maps Open Cybersecurity Schema Framework (OCSF) fields for log data coming from Barracuda Networks.