It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

Integration with Other Barracuda Products

  • Last updated on

Barracuda Forensics & Incident Response integrates seamlessly with other Barracuda products, including:

  • Barracuda Essentials/Email Security Service
  • Barracuda Content Shield
  • Barracuda Sentinel

The integration of these products requires no additional setup; the products are already aware of each other.

Note that these other Barracuda products enhance the functionality of Barracuda Forensics & Incident Response, but are not required.

Shared Account
To fully enable integration, you must use a common account for Barracuda Forensics & Incident Response and your other Barracuda product. When you initially sign up for Barracuda Forensics & Incident Response, be sure to select the same account that you are using for your other Barracuda product. If your user is associated with more than one Barracuda account, these accounts are displayed in a menu on the upper right corner of the Barracuda Forensics & Incident Response screen where you can choose the correct account.

Barracuda Essentials/Barracuda Email Security Service

There are multiple points of integration with Barracuda Email Security Service, part of Barracuda Essentials. For more information, refer to Barracuda Email Security Service - Overview.

Important. To take advantage of these integration points, you must make the configurations in Barracuda Email Security Service, at the end of this section.

Reporting Suspicious Emails

There are two methods by which users and administrators can send suspicious messages to Barracuda Forensics & Incident Response:

  • In the Barracuda Email Security Service Message Log, you can mark an email as spam.
  • In the Outlook plugin, you can report an email as suspicious.

This information is displayed in the User-Reported Emails page and is described in User-Reported Emails.

Reporting a Message as Incorrectly Delivered or Suspicious

In the Message Log

Administrators reviewing message logs within Barracuda Email Security Service might notice that there is suspicious email. Messages marked as Incorrectly Delivered are reported both to Barracuda Central and to Barracuda Forensics & Incident Response where they can be investigated.

To report email as incorrectly delivered, select a message in the Message Log and click Report as Incorrectly Delivered above the message preview.

spam3.png

For more information, refer to Understanding the Message Log in the Barracuda Email Security Service documentation.

Using the Reporting Button in the Outlook Plugin

Within the Outlook Add-In from Barracuda Essentials, users can report suspicious emails, as shown below. This allows end users to be active participants in reporting phishing and spearphishing emails. These reports go to Barracuda Central and Barracuda Forensics & Incident Response. Administrators of Barracuda Forensics & Incident Response can investigate these end-user reported emails, create incidents, and take corrective action.

submitSuspicious.png

For more information, refer to Barracuda Essentials for Email Security Outlook Add-In.

Finding Similar Suspicious Messages

If you find a questionable email in the Barracuda Email Security Service message log, you can move seamlessly from Barracuda Email Security Service to Barracuda Forensics & Incident Response to investigate it.

To find messages similar to the questionable email:

  1. Log into Barracuda Email Security Service as an administrator.
  2. In the Message Log, find the questionable email and click it to view its details.
  3. Click Search for similar messages. The Barracuda Forensics & Incident Response wizard opens in a new browser tab.
  4. Continue with the wizard, as described in Creating an Incident. Note that the fields in the wizard are pre-populated with the information from the email in the message log.

For more information, refer to Understanding the Message Log in the Barracuda Email Security Service documentation.

Creating Sender Policies

As a remediation action, you can choose to quarantine or block future emails from one or more specific senders or from an entire domain. This action creates a policy in Barracuda Email Security Service, marked as originating from Barracuda Forensics & Incident Response.

This remediation action is described as part of the wizard instructions in Creating an Incident.

Users at Risk / Link Protection

The Link Protection feature in Barracuda Email Security Service (part of Barracuda Essentials) is required for the functionality of the Users at Risk feature.

Ensure that the Link Protection feature is turned ON for the appropriate accounts and domains.

 

Configuring Barracuda Email Security Service for Integration

The following settings are required if you are using Barracuda Forensics & Incident Response with Barracuda Email Security Service to take advantage of the functionality described above.

Verified Domains

Verifying domains is essential for mail to flow through Barracuda Email Security Service and, in turn, for Barracuda Forensics & Incident Response to work with the emails. As described in Understanding the Domains Page , each of the domains where you want to filter email must be verified by the Barracuda Email Security Service for proof of ownership; the Barracuda Email Security Service does not process email for a domain until the verification process is complete. See  Understanding the Domains Page  and the  deployment process  for your specific platform for more details.

Link Protection Feature

The Link Protection feature in Barracuda Email Security Service (part of Barracuda Essentials) is required for the functionality of the Users at Risk  feature.

Ensure that the Link Protection feature is turned ON for the appropriate accounts and domains.

If Link Protection is turned OFF when a suspicious email is received, users that are potentially affected by that incident might not be listed as Users at Risk and might not receive the proper remediation and attention.

Link Protection must be turned ON when emails are received to provide complete results for Users at Risk for a specific incident. Turning Link Protect ON after a suspicious email has already been received will not change the Users at Risk results for an incident involving that email.


Barracuda Content Shield

Blocking Web Traffic

As a remediation action, you can choose to block traffic from an entire domain. This action automatically creates a policy in Barracuda Content Shield, marked as originating from Barracuda Forensics & Incident Response.

This remediation action is described as part of the wizard instructions in Creating an Incident.

For information on how to configure Barracuda Content Shield for Barracuda Forensics & Incident Response, refer to Barracuda Content Shield Evaluation Guide with Barracuda Forensics & Incident Response, part of the Barracuda Content Shield documentation

After you configure Barracuda Content Shield, it will also shield your organization from emails sent from entire domains or categories of domains, resulting in your having to create fewer incidents. For more information, see Barracuda Forensics & Incident Response and DNS Filtering With Barracuda Content Shield.

Barracuda Sentinel

Barracuda Sentinel calls Barracuda Forensics & Incident Response for the following activity:

Searching for Similar Issues

When viewing the details of an Attack, you can click Search for Similar Issues to find issues similar to the attack you are currently viewing.

Last updated on