Setting up ATR

In Barracuda XDR, Automated Threat Response (ATR) is automated threat remediation for alerts reported by:

• Barracuda CloudGen Control Center

• Barracuda CloudGen Standalone

• Cisco Meraki

• Cisco Umbrella

• FortiGate

• Google Workspace

• Microsoft Defender for Endpoint

• Microsoft 365 Cloud

• Palo Alto

• Sophos

• SonicWall

• SecureEdge

Automated threat remediation saves time and money and frees human efforts to focus on other tasks.

The following is the ATR process:

Open

1. An event occurs that triggers an alarm in Barracuda XDR.

2. The alert is sent to the Barracuda XDR ATR.

3. ATR determines whether the alert is malicious.

4. If the alert is identified as malicious, the IP Address is automatically added to the firewall or network security solution block list.

5. The alert is closed.

6. If the alert is not identified as malicious, the IP Address is not blocked and the alert is closed.

To set up ATR, do one of the following:

• https://documentation.campus.barracuda.com/wiki/spaces/SKOUT/pages/6947923

• https://documentation.campus.barracuda.com/wiki/spaces/SKOUT/pages/6946976

• https://documentation.campus.barracuda.com/wiki/spaces/SKOUT/pages/6947927

• https://documentation.campus.barracuda.com/wiki/spaces/SKOUT/pages/283541693

• https://documentation.campus.barracuda.com/wiki/spaces/SKOUT/pages/6947913

• https://documentation.campus.barracuda.com/wiki/spaces/SKOUT/pages/6949005

• https://documentation.campus.barracuda.com/wiki/spaces/SKOUT/pages/6948688

• https://documentation.campus.barracuda.com/wiki/spaces/SKOUT/pages/6949069

• https://documentation.campus.barracuda.com/wiki/spaces/SKOUT/pages/6947878

• Setting up ATR for SecureEdgePreview

• Setting up ATR for Sophos XG and XGS FirewallPreview

• Setting up ATR for SonicWall FirewallPreview

• Editing XDR ATR settings for a firewallPreview