Barracuda Firewall
Version: Barracuda Firewall X100 and later.
The Barracuda Firewall provides all next-generation application control and user identity functions in an easy-to-use. It outperforms traditional firewalls and UTMs by integrating a powerful next-generation firewall appliance with scalable cloud content security.
While the appliance is optimized for bandwidth-sensitive tasks like packet forwarding and routing, Layer 7 application control, Intrusion Prevention (IPS), DNS/DHCP services, and VPN connectivity, the cloud component handles processor-intensive tasks like virus scanning, content filtering, and reporting.
Syslog can be configured to send to Netsurion Open XDR manager, alerts and reports can be configured into Netsurion Open XDR.
Netsurion Data Source Integration for Barracuda Firewall allows you to monitor following:-
- Monitoring Firewall messages which are scanned, sent or received.
- Monitoring attacks such as command injection, Directory traversal, form tampering, obfuscation attack, SQL injection etc.
- Monitoring firewall traffic.
- Monitoring application platform exploit and authentication hijacking.
The following are the key Data Source Integration available in Netsurion Open XDR.
Alerts
| Type | Name | Description |
|---|---|---|
| Security | Barracuda – Obfuscation attack | This alert is generated when request contained the character that is not valid in the character set and invalid URL encoded sequence. |
| Security | Barracuda – Cookie poisoning attack | This alert is generated when cookie tampered,expired,mismatched header,mismatched IP and unrecognised cookie. |
| Security | Barracuda – Authentication hijacking | This alert is generated when identity theft pattern, which matched an attack pattern configured as a “data theft element” and the “data theft protection” status in the URL policy is “On”. |
| Security | Barracuda – Error message interception | This alert is generated when response page contains the HTTP error status code, which is suppressed by the configuration in web site cloaking. |
Reports
| Type | Name | Description |
|---|---|---|
| Security | Barracuda – Firewall scan messages | This category based report provides information related to messages whose scanning and processing may have stopped or it may have been sent to the outbound processing for delivery. |
| Security | Barracuda – Authentication hijacking | This category based report provides information related to identity theft pattern, which matched an attack pattern configured as a “data theft element” and the “data theft protection” status in the URL Policy is “On”. |
| Security | Barracuda – Buffer overflow attack | This category based report provides information related to parameter,request line,cookie,URL,query,header count,cookie count and cookie name length exceeded. |
| Security | Barracuda – Form tampering attack | This category based report provides information related to parameters in the request exceeds the limit of parameters allowed by the default URL protection. |
| Security | Barracuda – Traffic denied | This category based report provides information related to traffic blocked by the transparent proxy most likely because of the proxy detected virus or spyware. |
Documentation
The configuration details are consistent with Netsurion Open XDR 7.x and later, and Barracuda Firewall.
Download Integration Guide and How-to Guide for configuration instructions and more information.