We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

Creating an Incident within Barracuda Forensics & Incident Response

  • Last updated on

Use the Barracuda Forensics & Incident Response wizard to identify a new incident:

  1. Log into Barracuda Forensics & Incident Response.
  2. In the Incidents screen, click New Incident.

  3. In the New Incident page, enter criteria in any or all of the fields: Email Subject, Sender Email, Date and click Search Messages.
    Some or all of the search criteria fields are completed automatically if you are creating an incident from certain locations including user-reported emails or message log emails.
  4. The Review recipients page displays all matching results for the entered criteria.

    To view a copy of an email in question, click the View Message (mailPreview.png) icon. Click Back to return to the Review recipients page.

  5. If your search returned too many emails, click Refine Search to better target the suspicious mails. Return to Step 3, described above. Otherwise, proceed to Step 6.
  6. Click Review Users at Risk. The Users at Risk page presents you with recipients that clicked on a link in an email in the incident. As an added security measure, you can copy the list and send an email to the affected users with instructions on changing their passwords. Click Review Remediation Options to proceed.
  7. On the Incident Remediation page, select one or more actions, then click Remediate. Note that these actions might take several minutes to complete.
    • User Options – These actions directly affect the users.
      • Delete selected emails permanently from affected users' inboxes. This action requires Barracuda Sentinel.
      • Send a warning email alert to the affected users. Click Edit Email Alert to customize the message.
    • Policy Options – These actions affect policies for future emails.
      • Quarantine or block all future inbound emails – Adds a global policy in your Barracuda Email Security Service account under Sender Policies. You can choose to do this in two different ways:
        • by sender sets the policy for the unique sender(s) of this email
        • by domain sets the policy for all unique sending domain(s) of this email
    • Incident Tracking – Select if you want to send a summary of the incident to yourself.
  8. Review the suggested additional actions, then click Close.

Last updated on