Barracuda XDR Release Notes - February 2026
The February 2026 release of Barracuda Managed XDR includes new features for transparency, including:
This release also gives you additional tools to respond to threats automatically, including:
This release also includes:
Full list of detection rules is now available in the XDR Dashboard
To give customers and partners insight into the threats and behaviors Barracuda Managed XDR monitors, a full list of the over 550 detection rules is now displayed in the XDR Dashboard. This list gives you full visibility into the detection rules the SOC uses to protect you across the complete attack surface, regardless of whether a specific integration is enabled.
Each rule includes the corresponding MITRE ATT&CK technique and a detailed description of what the rule is designed to detect. New rules are added every month to protect you even better.
To view the rules, in the XDR Dashboard, navigate to Administration > Detection List.
View hidden devices on the Unprotected Devices page
You can now view which devices that have been manually hidden from the Unprotected Devices table and Unprotected Devices report.
To view hidden devices on the Unprotected Devices page
In XDR Dashboard, click Infrastucture > Unprotected Devices.
Click Show hidden devices.
Microsoft 365 Defender for Email divided into Cloud and Endpoint
Previously, Microsoft 365 Defender for Email generated alerts for both Cloud and Endpoint. These alerts and have been separated in order to display the relevant data type.
There are now separate integration cards for Microsoft 365 Defender and Microsoft 365 Defender for Endpoint.
Users who have already integrated Microsoft 365 Defender for Email don’t need to re-integrate.
Cisco ASA Automatic Threat Response Now Live
Barracuda Managed XDR now supports Automated Threat Response (ATR) for Cisco ASA firewalls.
When high‑confidence threats are detected, Barracuda can now automatically block known‑malicious IPs and domains directly on Cisco ASA, helping stop threats at the network perimeter without manual intervention.
This adds automated, real‑time response on top of existing firewall controls, reducing response time and operational effort while strengthening overall security outcomes.
To enable Cisco ASA ATR, see Setting up Cisco Adaptive Security Appliance (ASA) Collector.
Microsoft 365 ATR upgrade to include revoking active sessions of blocked users
This upgrade to Automatic Threat Response for Microsoft 365 includes revoking the active sessions of blocked/disabled users.
This upgrade requires configuration. For more information on configuring revoking the active sessions of blocked/disabled users, see Setting up ATR for Microsoft 365 Cloud.
Bug fixes
Bug number | Description |
|---|---|
8952 | Improved the error message for the expired/invalid API Token for SecureEdge ATR. |
9169 | Resolved an issue where some alert summaries were rejected due to items appearing in an unexpected order. |
9170 | Resolved an issue where some alerts were missing the alert type and tactic id fields. |
9289 | Resolved an issue where the XDR AI summary displayed non-English content. |
9321 | Resolved an issue where the And and Or operator buttons did not appear when multiple filters were added on the Email Security, Endpoint Security, and Threat Advisories pages. |
9231 | Resolved an issue where the fields in the Create Exclusion dialog box would not be empty when the dialog box popped up. |
9343 | Resolved an issue where some reports were missing site ids. |
Release Notes - Rules
New Rules
New simulation rules for customers to trigger alerts for our Firewall data sources:
Cisco ASA - Cisco ASA Network Security Threat Simulation
Cisco Meraki - Meraki Network Security Threat Simulation
SonicWall - SonicWall Network Security Threat Simulation
Palo Alto - Palo Alto Network Security Threat Simulation
GLB.AU.CAS DUO Logon from Anomalous Location
Detects a successful Duo authentication from a location that is not typical for the user, suggesting potential account compromise or unusual access that requires attention.
ATR Added to Rule (ASA)
Cisco ASA Threat IP Communication Detected on Critical Protocol
New Rules
New simulation rules for customers to trigger alerts for our Firewall data sources:
Cisco ASA - Cisco ASA Network Security Threat Simulation
Cisco Meraki - Meraki Network Security Threat Simulation
SonicWall - SonicWall Network Security Threat Simulation
Palo Alto - Palo Alto Network Security Threat Simulation
GLB.AU.CAS DUO Logon from Anomalous Location
Detects a successful Duo authentication from a location that is not typical for the user, suggesting potential account compromise or unusual access that requires attention.
Rule tuning and bug fixes
Google Workspace Unusual Login
Improved detection capabilities based on geo-location and IP infrastructure data.
Improved its recognition of geo-location consistency for user logins, eliminating unnecessary alerts for those with frequently similar IPs.
We will now better distinguish low, medium, and high alerts to assist in prioritizing alert review.
Office 365 Anomalous Login & Impossible Travel
Both detections have been updated to improve user baseline correlations based on GUIDs sent by Microsoft and cross-correlating them with the accurate user email.
Managed Vulnerability Security New Critical Severity Vulnerability Detected
Added a failsafe to check the first_found date on incoming alerts to stop alerting on customers which had been integrated before the rule was set up.
Added a lookback to see if the customer recently onboarded
o365 ATR Improvements
User suspension requests will be re-sent in cases where the ticket has not been acknowledged by the customer and is in a “pending” state. Temporarily handling issues caused by on-prem source of authority.