XDR has recently made a change to the quantity of logs that we ingest using IDS. We will no longer be ingesting purely informational logs. We will also no longer be ingesting logs that do not carry a high or severe threat signature. This change represents a roughly 95% drop in the amount of IDS logs being ingested by Barracuda XDR.
This change does not reduce the security posture of XDR customers or XDR’s ability to detect and report on critical security threats. In fact, it helps reduce noise by cutting down on false positives to free up both customer and SOC time.
The potential impact is that Total Events/Events Timeline in the XDR Dashboard could potentially show a noticeable drop in activity. This is normal, to be expected, and doesn't represent anything being broken or not working properly. It's the natural byproduct of XDR no longer ingesting the majority of IDS data we had been ingesting previously. After a set time based on dashboard date range filters, the Events Timeline should have a “new normal” level of activity.