/
Barracuda XDR Release Notes — January 2026

Barracuda XDR Release Notes — January 2026

New features

Automated Threat Response (ATR) for CrowdStrike is now live

For CrowdStrike users, Barracuda Managed XDR can now automatically isolate an endpoint from the network when a threat is detected.

ATR support includes the following rules, upon which devices are isolated given a high confidence event:

  • CrowdStrike Attempted to Quarantine a Malicious File​

  • CrowdStrike Detection Summary Event

Users who can also manually isolate or un-isolate an endpoint via Host Name or Host ID.

This broadens the scope of XDR’s Endpoint ATR offerings beyond:

  • ATR for Managed Endpoint with SentinelOne

  • Monitored Endpoint with MS Defender for Endpoint

  • For more information, see Setting up ATR for CrowdStrike.

Managed Endpoint Security self-service exclusions for SentinelOne

Partners can now manually enter file path-based exclusions in the XDR Dashboard, to exclude by site or group.

image-20251218-183350.png
Integration detection rules available in the XDR Dashboard

We've added the new Detection List page, which displays all current XDR detection rules for XDR integrations. For each rule, this page displays the:

  • Rule name

  • Description

  • MITRE ATT&CK classification

  • Category

  • Data source

  • Detection observables

To view the detection list, in the Barracuda Managed XDR Dashboard Navigation menu, click Administration > Detection List.

New Rules

  • Palo Alto Potential Reverse Shell Traffic

  • Microsoft Office 365 Sparse Activity Account Anomalous Login

  • Windows Logs Detected Potential Data Exfiltration Activity

  • Windows Logs Detected Potential Data Exfiltration Activity (Legacy)

  • Microsoft Office 365 Potential Privilege Escalation Detected

  • Barracuda EGD Mass Phishing Campaign Detected

  • Suspicious Run Window Usage - Potential ClickFix Activity

Tuning and Bug Fixes

  • SentinelOne New Threat Not/Mitigated - Excluded werfault log files and dellSARemediation backups from creating tickets.

  • Windows System and Security Logs Cleared - Added the filter to the rule logic to avoid false positives.

  • GLB.AD.EPP Microsoft 365 Defender for Endpoint Malicious Threat Detected Not Remediated - Added a logic to avoid alerting to the customer when incident already resolved by the end user.

  • Sonicwall Config Change Detected from Public IP - Added additional filtering in rule logic to avoid rule failures.

  • Windows Password Change on Directory Service Restore Mode (DSRM) Account - Updated suppression for false positive reduction & rule failure prevention.

  • Google Workspace Application Added to Domain - Updated alert ID fields and suppression fields for alert tuning and rule failure prevention.

  • Windows System and Security Logs Cleared - Updates to number of observables so customers will benefit from auto exceptions for this rule.

  • ATR Action added to Ticket Summary content.

  • Kept Top 6 IPs info in the ticket body for the Internal network analysis alerts to avoid extremely large ticket body.

Retired Rules

  • Google Workspace Non-Encrypted File Downloaded by Internal User 

  • Duo Successful Logon from Suspicious Country 

Rules enhanced with SOAR

  • ATR capabilities added to over 20 rules across multiple firewalls such as FortiGate, Cloudgen, SonicWALL and Meraki.

  • 25+ rules automated with SOAR across Barracuda email, Sophos, Checkpoint and Guardduty.

 

Contact Us
Barracuda Campus
Barracuda Support