Connect your Barracuda appliance
Barracuda Web Application Firewall (WAF) connector allows you to easily connect your Barracuda logs with your Azure Sentinel, to view dashboards, create custom alerts, and improve investigation. This gives you more insight into your organization’s network and improves your security operation capabilities. Azure Sentinel takes advantage of the native integration between Barracuda and Microsoft Monitoring Agent to provide seamless integration.
Data will be stored in the geographic location of the workspace on which you are running Azure Sentinel.
Configure and connect Barracuda WAF
Barracuda Web Application Firewall can integrate and export logs directly to Azure Sentinel via Microsoft Monitoring Agent.
- Go to Barracuda WAF configuration flow, and follow the instructions to set up the connection, using these parameters:
- Workspace ID: copy the value of your workspace ID from the Azure Sentinel Barracuda connector page.
- Primary key: copy the value of your primary key from the Azure Sentinel Barracuda connector page.
- In the Azure Sentinel portal, go to the workspace on which you deployed Azure Sentinel and select the ellipsis (...) at the end of the row and select Advanced settings.
- Select Data and then Syslog.
- Make sure the facility you set in Barracuda exists and set the severity and click Save.
- To use the relevant schema in Log Analytics for the Barracuda events, search for CommonSecurityLog and barracuda_CL.
It may take upwards of 20 minutes until your logs start to appear in Log Analytics.
In this document, you learned how to connect Barracuda appliances to Azure Sentinel. To learn more about Azure Sentinel, see the following articles:
- Learn how to get visibility into your data, and potential threats.
- Get started detecting threats with Azure Sentinel.