Connect your Barracuda appliance

Barracuda Web Application Firewall (WAF) connector allows you to easily connect your Barracuda logs with your Azure Sentinel, to view dashboards, create custom alerts, and improve investigation. This gives you more insight into your organization’s network and improves your security operation capabilities. Azure Sentinel takes advantage of the native integration between Barracuda and Log Analytics agent to provide seamless integration.


Data will be stored in the geographic location of the workspace on which you are running Azure Sentinel.

Configure and connect Barracuda WAF

Barracuda Web Application Firewall can integrate and export logs directly to Azure Sentinel via Log Analytics agent.

  1. Go to Barracuda WAF configuration flow, and follow the instructions to set up the connection, using these parameters:
    • Workspace ID: copy the value of your workspace ID from the Azure Sentinel Barracuda connector page.
    • Primary key: copy the value of your primary key from the Azure Sentinel Barracuda connector page.
  2. To use the relevant schema in Log Analytics for the Barracuda events, search for CommonSecurityLog and barracuda_CL.

Validate connectivity

It may take upwards of 20 minutes until your logs start to appear in Log Analytics.

Next steps

In this document, you learned how to connect Barracuda appliances to Azure Sentinel. To learn more about Azure Sentinel, see the following articles: