Setting up ATR for SecureEdge
What ATR does
ATR determines whether an alert is malicious.
If the alert is identified as malicious, the IP Address is automatically added to the firewall or network security solution block list, depending on how malicious ATR determines it to be.
For more information about Automated Threat Response (ATR), see https://documentation.campus.barracuda.com/wiki/spaces/SKOUT/pages/6947848.
Setting up ATR
The documentation below outlines the requirements for the Barracuda XDR Automated Threat Response (ATR) for Barracuda SecureEdge.
For additional information, see How to Configure Barracuda XDR Automated Threat Response (ATR) in SecureEdge.
Requirements
You must have:
Access to the Barracuda XDR Dashboard set up and functioning properly
Access to Barracuda SecureEdge set up and functioning properly
Also, Barracuda SecureEdge must be integrated in Barracuda XDR. For more information, see https://documentation.campus.barracuda.com/wiki/spaces/SKOUT/pages/6947630.
You only need to set up ATR for a single device, even when there are multiple firewall devices in the same workspace. The registration token is applied to SecureEdge rather than individual firewalls and ATR blocks are set up for “All Sites.”
To configure Barracuda SecureEdge
In Barracuda SecureEdge, click Integration > Barracuda XDR > ATR Configuration.
Slide Automated Threat Response to Enabled.
Click Save.
Copy the Authentication Token.
To configure ATR for SecureEdge
In Barracuda XDR Dashboard, click ATR Settings > Firewalls.
In the Firewall table, click the Barracuda SecureEdge row.
Click Edit Config.
In the Edit Config dialog box, paste the Authentication Token you copied in the previous procedure into the Authentication Token.
Click Save.
If you need to edit the configuration at any time, follow the Editing XDR ATR Settings for a Firewall procedure.
Contact Us
Barracuda Campus
Barracuda Support