Barracuda WAF Integration Guide
integrations network barracuda
You must add an export log server to your Barracuda Web Application Firewall to export logs to the Taegis™ XDR Collector.
The information below provides the necessary actions and steps to configure a Sysolg export log server on your Barracuda WAF.
Connectivity Requirements ⫘
Source | Destination | Port/Protocol |
---|---|---|
Barracuda WAF | XDR Collector (mgmt IP) | TCP/601 |
Data Provided from Integration ⫘
Auth | CloudAudit | DNS | HTTP | Management | Netflow | NIDS | Process | Thirdparty | |
---|---|---|---|---|---|---|---|---|---|
Barracuda WAF | D |
Y = Normalized | D = Out-of-the-Box Detections | V = Vendor-Specific Detections
Note
XDR detectors are not guaranteed to be triggered, even if a data source's logs are normalized to a schema associated with a given detector. However, you can create Custom Alert Rules to generate alerts based on normalized data from a data source.
Configuration Instructions ⫘
To configure Barracuda WAF logging, follow the Steps to Add a Syslog Server section of the Barracuda WAF documentation. Consider the following requirements when completing the configuration steps:
- IP Address — This is the IP address of the XDR Collector.
- Port — 601
- Connection Type — Be sure to change the connection type from default UDP to TCP.
- Network Firewall Logs Format — Select Default - The default network firewall logs format defined by the Barracuda Web Application Firewall.
Important
Currently only the default log format is supported.