/
Barracuda XDR Release Notes - March 2026

Barracuda XDR Release Notes - March 2026

This release contains the following:

  • New features

  • Resolved issues

  • New rules

  • Rules tuning and bug fixes

New features

Request SOC service from the XDR Dashboard

You can now contact the XDR SOC team for non-alert-based requests instead of sending emails. These requests automatically make a ticket so you can track them in an organized, automated way.

Using the new SOC Service Requests page, you can:

  • Make new SOC requests, which automatically makes a trackable ticket

  • Track the progress of existing tickets

  • Communicate with the SOC team about existing tickets

For more information, see Working with the SOC Service Requests Page.

Easily view and manage blocked files

The new Block List page displays files blocked by the SentinelOne agent, giving you the tools you need to easily view and manage blocked files. You can see all the blocked files, as well as sort the table by columns and perform searches. You can also unblock files on this page.

For more information, see Working with the Block List.

Individual dataset selection in Microsoft 365 Defender

When integrating Microsoft 365 Defender, you can now select the following datasets individually:

  • Email

  • Endpoint

  • Cloud/Identity

You must select at least one of the datasets.

Timeline now displayed in alert tickets

Alert tickets on now display a timeline of related alerts on the Ticket Details page. These alerts may be the same detection rule or a different rule.

This timeline may help identify hosts or devices that are being targeted, letting you take extra measures to harden security where it’s needed.

For more information, see Working with the View Ticket Page.

Alarm tickets don’t display a timeline.

New Default SentinelOne Group

A new default SentinelOne group, called Monitor + Remediation + VSS and Safe Boot Disabled, lets backup software run without interference from the SentinelOne agent.

Configure custom ports for syslog integrations

You can now configure custom ports of the following integrations:

  • Check Point

  • Cisco ASA

  • Cisco FTD

  • Cisco Meraki

  • Citrix WAF (Citrix NetScaler Application Delivery Controller ADC)

  • ESET Protect

  • F5 BIG IP

  • Fortinet

  • Juniper SRX

  • Palo Alto

  • SonicWall

  • Sophos UTM

  • Sophos XGS

  • Symantec (Broadcom Endpoint Security)

  • Tanium

  • Action History

  • Client Status

  • Discover

  • Endpoint Config

  • Reporting

  • Threat Response

  • TrendMicro Deep Security

  • Watchguard

  • Zscaler

Integration with Ubiquiti UniFi

You can now integrate your Ubiquiti UniFi Cloud Gateway with Barracuda Managed XDR.

UniFi card.png

For more information, see Integrating Ubiquiti UniFi Cloud Gateway.

Integration with Microsoft GCC High

You can now integrate Microsoft GCC High with Barracuda Managed XDR.

365 card.png

Review the Environment Disclaimer on the page below before integrating Microsoft GCC High.

For more information, see Integrating Microsoft GCC High.

Resolved issues

Issue number

 

Issue number

 

9689

Improved the style of the check boxes on Integration pages.

9703

Resolved an issue that affected fetching data for MSP accounts.

9709

Resolved an issue that affected the UI when the Back button was clicked.

9571

Improved the UI of the Block List page when All is selected in Accounts.

9427

Resolve an issue where certain integrations were missing from the Network Security category.

9576

Resolved an issue where the Connectwise integration couldn’t create tickets when the summary exceeded 100 characters.

9408

Resolved an issue where the account dropdown was hidden intermittently.

8186

Extended the expiration of SSO sessions to 15 days and added an improved refresh strategy.

9769

Resolved an issue where the Export Devices button on the Exported Devices screen doesn’t create a PDF.

New Rules

  • Palo Alto Suspicious SSL-VPN Login

  • Palo Alto Successful Login From Suspicious IP

  • Ubiquiti Admin Access from Potentially Malicious IP

  • Ubiquiti Admin Config Removed

  • Ubiquiti IPS/IDS Threat Detected

  • Ubiquiti Outgoing Traffic To Potentially Malicious IP Address

  • Ubiquiti VPN User Logged in From Potentially Malicious IP

  • AWS Cloudtrail Flow Logs Deleted

  • AWS Cloudtrail Put Event Selectors Modified

  • AWS Cloudtrail Trail Deleted

  • AWS CloudTrail Management Console Suspicious Root Login

  • Windows Potential DCSync Attack

  • Sonicwall Outgoing Threat URL Traffic Detected

  • SecureEdge Outgoing Threat URL Traffic Detected

  • Cisco Meraki Outgoing Threat URL Traffic Detected

  • Cloudgen Outgoing Threat URL Traffic Detected

Rules tuning and bug fixes

  • Tuned S1 STAR Custom rule “Suspicious Run Window Usage - Potential ClickFix Activity“ to include a wider array of ClickFix techniques

  • FortiGate C2 Network Threat Detection — Production Release (V2)

  • GLB.AU.CAS Microsoft Defender for Office 365 High Severity Incident Detected workflow in Tines has been updated to populate the actual User ID in the ticket instead of GUID.

  • To avoid discrepancies in fetching alert events, the GLB.AU.CAS Microsoft 365 Defender Brute Force Login Attempt Detected and GLB.AU.CAS Microsoft 365 Defender Mass File Deletion Detected workflows have been updated to query Elasticsearch using event.ingested instead of @timestamp.

  • Suricate External Permitted Malicious Traffic - Repeated 

    • New exclusion capabilities: 

      • Bytes to Server 

      • Signature Name 

      • Source Port 

      • Destination Port 

      • Expiration Time 

  • Deactivated Azure User Reactivated

    • Added correlation to check if the Admin whom reactivated the user was the one to disable the user which will drop the event. 

We value your feedback.
If you have questions, suggestions, or feedback on our documentation, contact the Campus Product Documentation team.
For general product inquiries or technical support, please contact the global Barracuda Support team.