Barracuda

Review configuration options for Barracuda firewalls in RocketCyber

Configuration Options

User quarantined alert

This alerts the user when a file is quarantined by the firewall

ATP alert (malicious)

Barracuda's Advanced Threat Prevention (ATP) system classifies this traffic as malicious

DNS sinkhole detection

A DNS sinkhole is a server that gives incorrect name resolution.  For example, it could resolve www.google.com to a server owned or controlled by the malicious actor.  

Antivirus

Checks files going to your computer for known viruses

ATP (file block)

Runs machine learning predictors on files hitting the firewall to predict malicious files

Log Format

The expected format for Barracuda logs is pipe-separated.  For example

<14>May 8 15:04:19 F77 F77/box_Firewall_Activity: Info F77 ARP: <cumulative>|ALLIP(0)|p2|192.168.77.177|0|00:00:00:00:00:00|192.168.70.77|0||||3030|0.0.0.0|0.0.0.0|0|5|0|0|0|0||||||