It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Campus Barracuda Campus
Barracuda XDR
Overview Documentation Materials

Barracuda Campus is getting an upgrade!

We are excited to announce that Barracuda Campus will migrate to a new platform around mid-January 2026. Please see the announcement on the Campus Dashboard to find out more.

Barracuda XDR Release Notes — December 2025

  • Last updated on

New features

Wildcard Search

When searching throughout the XDR Dashboard, you can now use wildcard characters.

Use

To find

?

Single characters
For example, sm?th finds "smith" and "smyth"

*

Multiple characters
For example, *west finds "Southwest" and "Northwest"

Resolved issues

Resolved issues

Resolved an issue where Zendisk tickets were duplicated on the Dashboard.

Resolved an issue where users were not able to initiate a Full Disk Scan from the Dashboard.

Resolved an issue where certain users couldn’t use the Crowdstrike test.

Resolved an issue where the graph sizes in custom reports weren’t consistent.

New rules

  • Sonicwall

    • Sonicwall Outgoing Traffic To Potentially Malicious IP Address

    • Sonicwall Successful Login From Suspicious IP

  • Cloudgen

    • Cloudgen Management Access from Suspicious IP Address

    • Cloudgen IPS Large Scanning Activity Detected

Rule tuning and rule bug fixes

  • Office 365 Anomalous Login & Impossible Travel Release Notes

    • Recently, we released an upgraded version of our machine learning model, designed to improve the detection of Anomalous Login and Impossible Travel activities in Office 365. Guided by invaluable feedback, we have proactively implemented substantial enhancements to our detection capabilities.

      • Our model has improved its recognition of geo-location and device consistency for user logins, eliminating unnecessary alerts for those with frequently changing IPs.

      • We now better distinguish low, medium, and high alerts to assist in prioritizing alert review.

      • Reduced overall alert volume and refactored customer alert content.

  • Updated the ATR workflow to run the block action before the unblock action when clicking the Test button in the Dashboard, since it can emit block and unblock events simultaneously. This is achieved by generating an SHA-256 hash from simple_name, module, instance, ip_to_block/ip_to_unblock, and domain_to_block/domain_to_unblock, and grouping events by this hash within 10 seconds.

  • The alert for the Palo Alto Grayware Traffic Allowed detection rule now includes the potentially malicious URL in the alert body. The domain is extracted from the URL, enriched, and the alert is generated only if either the domain enrichment or IP enrichment indicates malicious activity.

  • Duo - Correlated the login on the device_access EP Key against historical logs to determine if the current login is using a known device.

  • Windows Suspicious Scheduled Task Creation - Implemented 10-minute deduplication on the scheduled task name to decrease mass ticket spam when a task is created on many hosts at once.