/
Setting up ATR for CrowdStrike

Setting up ATR for CrowdStrike

Jan 09, 2026

When ATR detects that a CrowdStrike Falcon-hosted endpoint has been compromised, Barracuda XDR automatically responds by isolating the affected endpoint through the Falcon API. Restricting the host’s network access and triggering device isolation to contain threats in real time, terminating active sessions on the device to shut down common attacker footholds, and reducing time in situations where every second matters. 

For more information about Automated Threat Response (ATR), see Setting up ATR.

Requirements 

You must have: 

Setting up ATR Requirements in CrowdStrike Falcon 

  1. In CrowdStrike Falcon, modify the existing Barracuda API Client.

  2. Open API clients and keys.

  3. In the Hosts area, enable the following permissions checkboxes:

    • Read

    • Write

      CrowdStrikeSettingsSave.png

  4. Click Save.

Setting up ATR

To configure ATR in Barracuda XDR Dashboard 

  1. In the Barracuda XDR Dashboard, in the left navigation menu, click Administration  > Integrations

  2. On the CrowdStrike integration card, click Update.

    Crowdstrike Enabled.png


    NOTE You can search for the CrowdStrike integration card using the search box. 

  3. Select Enable Auto Remediation.

    CrowdstrikeEnabledCheck.png

  4. Click Save

 

Contact Us
Barracuda Campus
Barracuda Support