Barracuda XDR Release Notes - March 2026
This release contains the following:
New features
Resolved issues
New rules
Rules tuning and bug fixes
New features
Request SOC service from the XDR Dashboard
You can now contact the XDR SOC team for non-alert-based requests instead of sending emails. These requests automatically make a ticket so you can track them in an organized, automated way.
Using the new SOC Service Requests page, you can:
Make new SOC requests, which automatically makes a trackable ticket
Track the progress of existing tickets
Communicate with the SOC team about existing tickets
For more information, see https://documentation.campus.barracuda.com/wiki/spaces/SKOUT/pages/408387741.
Easily view and manage blocked files
The new Block List page displays files blocked by the SentinelOne agent, giving you the tools you need to easily view and manage blocked files. You can see all the blocked files, as well as sort the table by columns and perform searches. You can also unblock files on this page.
For more information, see https://documentation.campus.barracuda.com/wiki/spaces/SKOUT/pages/409043058.
Individual dataset selection in Microsoft 365 Defender
When integrating Microsoft 365 Defender, you can now select the following datasets individually:
Email
Endpoint
Cloud/Identity
You must select at least one of the datasets.
Timeline now displayed in alert tickets
Alert tickets on now display a timeline of related alerts on the Ticket Details page. These alerts may be the same detection rule or a different rule.
This timeline may help identify hosts or devices that are being targeted, letting you take extra measures to harden security where it’s needed.
For more information, see https://documentation.campus.barracuda.com/wiki/spaces/SKOUT/pages/6948036.
Alarm tickets don’t display a timeline.
New Default SentinelOne Group
A new default SentinelOne group, called Monitor + Remediation + VSS and Safe Boot Disabled, lets backup software run without interference from the SentinelOne agent.
Configure custom ports for syslog integrations
You can now configure custom ports of the following integrations:
Check Point
Cisco ASA
Cisco FTD
Cisco Meraki
Citrix WAF (Citrix NetScaler Application Delivery Controller ADC)
ESET Protect
F5 BIG IP
Fortinet
Juniper SRX
Palo Alto
SonicWall
Sophos UTM
Sophos XGS
Symantec (Broadcom Endpoint Security)
Tanium
Action History
Client Status
Discover
Endpoint Config
Reporting
Threat Response
TrendMicro Deep Security
Watchguard
Zscaler
Integration with Ubiquiti UniFi
You can now integrate your Ubiquiti UniFi Cloud Gateway with Barracuda Managed XDR.
For more information, see https://documentation.campus.barracuda.com/wiki/spaces/SKOUT/pages/230653984.
Integration with Microsoft GCC High
You can now integrate Microsoft GCC High with Barracuda Managed XDR.
Review the Environment Disclaimer on the page below before integrating Microsoft GCC High.
For more information, see https://documentation.campus.barracuda.com/wiki/spaces/SKOUT/pages/322568208.
Resolved issues
Issue number |
|
|---|---|
9689 | Improved the style of the check boxes on Integration pages. |
9703 | Resolved an issue that affected fetching data for MSP accounts. |
9709 | Resolved an issue that affected the UI when the Back button was clicked. |
9571 | Improved the UI of the Block List page when All is selected in Accounts. |
9427 | Resolve an issue where certain integrations were missing from the Network Security category. |
9576 | Resolved an issue where the Connectwise integration couldn’t create tickets when the summary exceeded 100 characters. |
9408 | Resolved an issue where the account dropdown was hidden intermittently. |
8186 | Extended the expiration of SSO sessions to 15 days and added an improved refresh strategy. |
9769 | Resolved an issue where the Export Devices button on the Exported Devices screen doesn’t create a PDF. |
New Rules
Palo Alto Suspicious SSL-VPN Login
Palo Alto Successful Login From Suspicious IP
Ubiquiti Admin Access from Potentially Malicious IP
Ubiquiti Admin Config Removed
Ubiquiti IPS/IDS Threat Detected
Ubiquiti Outgoing Traffic To Potentially Malicious IP Address
Ubiquiti VPN User Logged in From Potentially Malicious IP
AWS Cloudtrail Flow Logs Deleted
AWS Cloudtrail Put Event Selectors Modified
AWS Cloudtrail Trail Deleted
AWS CloudTrail Management Console Suspicious Root Login
Windows Potential DCSync Attack
Sonicwall Outgoing Threat URL Traffic Detected
SecureEdge Outgoing Threat URL Traffic Detected
Cisco Meraki Outgoing Threat URL Traffic Detected
Cloudgen Outgoing Threat URL Traffic Detected
Rules tuning and bug fixes
Tuned S1 STAR Custom rule “Suspicious Run Window Usage - Potential ClickFix Activity“ to include a wider array of ClickFix techniques
FortiGate C2 Network Threat Detection — Production Release (V2)
GLB.AU.CAS Microsoft Defender for Office 365 High Severity Incident Detected workflow in Tines has been updated to populate the actual User ID in the ticket instead of GUID.
To avoid discrepancies in fetching alert events, the GLB.AU.CAS Microsoft 365 Defender Brute Force Login Attempt Detected and GLB.AU.CAS Microsoft 365 Defender Mass File Deletion Detected workflows have been updated to query Elasticsearch using
event.ingestedinstead of@timestamp.Suricate External Permitted Malicious Traffic - Repeated
New exclusion capabilities:
Bytes to Server
Signature Name
Source Port
Destination Port
Expiration Time
Deactivated Azure User Reactivated
Added correlation to check if the Admin whom reactivated the user was the one to disable the user which will drop the event.