Querying Data Source Logs with Generative AI
Querying the logs of your data sources using generative AI can give you deep insights into your users, data, and trends.
Write your data source log search in plain language or run one of the preset queries.
Up to 90 days of log data is searchable.
Barracuda XDR adds data sources on a regular basis. To see if your data source is available, with your account selected, navigate to Intelligence > Log Search. Click the Select Data Source drop down to see the available data sources.
Available data sources
We add data sources on a regular basis. The following are currently available:
Name | Code |
|---|---|
Microsoft 365 | o365.audit |
Microsoft GCC High | gcc.o365.audit |
AWS Cloudtrail | aws.cloudtrail |
Google Workspace | google_workspace |
Barracuda Email Protection Essentials | essentials |
Barracuda Email Protection | barracudasentinel |
Barracuda Email Protection Forensics | forensics |
microsoft_windows | windows |
microsoft_windows | wmic |
Barracuda SecureEdge | barracuda.secure_edge |
Barracuda CloudGen | cloudgenfw |
Palo Alto | panw.panos |
WatchGuard | watchguard |
Cisco Meraki | cisco.meraki |
SonicWall | sonicwall.firewall |
Sophos XG | sophos.xg |
Barracuda web application firewall | barracuda.waas |
Cisco Adaptive Security Appliance (ASA) | cisco.asa |
Fortinet FortiGate | fortinet.firewall |
pfSense | pfsense |
Stormshield | stormshield_sns |
Ubiquiti UniFi | ubiquiti_unifi |
Zscaler | zscaler |
Plain language searching
You can write your data source log searches using natural language. Barracuda XDR uses generative AI to query the database.
For example, you could write either of the following:
Show me windows login events for user j.smith in the last 5 daysShow me windows failed login event counts by user, country and source ip between 9-1-25 and 9-10-25
You can write queries in other languages, however, only English is tested and supported.
You can write and edit queries in SQL. For more information, see https://documentation.campus.barracuda.com/wiki/spaces/SKOUT/pages/519045121.
Preset queries
We also provide some common queries that might be useful for you.
Best practices for searching
Narrow Your Date Range Limit your queries to a specific and recent date range for faster results. The system currently limits results to 5,000 records per search.
Feedback Use the feedback form at the bottom right to report issues or share suggestions.
Searching the database
Once you have written a natural language search or selected a query, click the Submit button.
The results are displayed at the bottom of the page.
To let us know what you think or make a suggestion, in the top right corner, click the Feedback 
Exporting the results
The results are displayed at the bottom of the screen. You can export the results to a .CSV file to view later or share with others.
To analyze data source logs
In the Barracuda XDR Dashboard, click Intelligence > Log Search.
If required, in the top right corner, select one of your accounts.
Select your Data Source.
NOTE Only data sources that can be searched are shown.Do one of the following:
Write your query in natural language.
Select a preset query.
Click the Submit button
.
The result of the query is displayed in the Results section.
To see the SQL of the AI query, click SQL 
For more information, see https://documentation.campus.barracuda.com/wiki/spaces/SKOUT/pages/519045121 .
To export the results of the query
Follow the To analyze data source logs procedure, above.
When the results are generated, at the top right of the Results section, click Export CSV
.
The CSV file downloads to your computer’s download folder.