We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

Account Takeover Alerts

  • Last updated on

Barracuda Sentinel alerts the administrator when it detects an account takeover. When viewing the alerts, you can take the following actions, which are described below:

  • Review details
  • Create an incident
  • Report false positive
  • Dismiss

For information about incidents, refer to Handling an Account Takeover.

Alert Frequency

An alert is sent as soon as a user account is determined to be compromised. To prevent inundating the system with alerts, only one alert is sent per day for the same compromised user account. If you take steps to secure this user account so it is no longer compromised, additional alerts will not be sent. As long as the user account remains compromised, Barracuda Sentinel will continue to send a maximum of one alert per day.

Viewing Alerts

The Alerts table keeps a record of alerts created for your account. Alerts that have been addressed display with a line striking through the alert.

To view alerts:

  1. Log into the Barracuda Sentinel dashboard at https://sentinel.barracudanetworks.com/signin.
  2. Click the menu button at the top left of the dashboard and select Account Takeover. Then select the Alerts tab.
  3. Take one or more actions described in the sections below.
Reviewing Details

To review details, click REVIEW. Available information displays on the three tabs: Emails Sent, Sign Ins, and Inbox Rules. In the example below, you can see there are zero emails sent, five sign ins, and no inbox rules.

ATOalert.png

From here, you can view details of the emails sent.

Create an Incident

If you determine that an account has been compromised, you can create an incident right from the alert. Click Create Incident. Follow the instructions in Handling an Account Takeover.

Note that if you create an incident from an alert, the incident might be based on an inbox rule or suspicious sign in. In these cases, you know which of your accounts was compromised, but you might not have a suspicious email. When you are working with the wizard, you can specify that you do not have a sample of a malicious email.

Report False Positive

If Barracuda Sentinel detected suspicious activity, but you are certain the activity was legitimate, click Report False Positive.

For more information on reporting false positives from other locations, refer to False Positives.

Sign Ins Tab Information

On the Sign Ins tab, you can see the date, IP, user agent, location, and issues of suspicious sign ins. Click View Related Sign Ins to view legitimate sign ins in addition to the suspicious sign ins.

Note that this data is stored for 30 days, so if an alert is more than 30 days old, it is not possible to show all sign ins.

In this view, highlighted rows show events that triggered an Account Takeover alert.

Last updated on