/
Barracuda XDR Release Notes — April 2026

Barracuda XDR Release Notes — April 2026

The April release of Barracuda XDR includes

New Dashboard features

The following are the new features of the Barracuda Managed XDR Dashboard.

Configuring ports for syslog integrations

You can now configure custom ports for certain integrations. Instead of being restricted to the default port, you can select any port, as long as it’s open. The integrations where you can identify a custom port include:

  • Check Point

  • Cisco ASA

  • Cisco FTD

  • Cisco Meraki

  • Citrix WAF (Citrix Netscaler Application Delivery Controller ADC)

  • Eset Protect

  • F5 BIG IP

  • Fortinet

  • Juniper SRX

  • Palo Alto

  • Sonicwall

  • Sophos UTM

  • Sophos XGS

  • Symantec (Broadcom Endpoint Security)

  • Tanium

  • Trendmicro Deep Security

  • Watchguard

  • ZScaler

SQL search for data source logs

You can now search data source logs with SQL in addition to AI. You can start with SQL created from plain language search, then edit the SQL, run it, and copy the SQL code.

For more information, see https://documentation.campus.barracuda.com/wiki/spaces/SKOUT/pages/519045121.

Additional data sources

The following have been added to data source logs as a data source:

  • AWS Cloudtrail

  • Microsoft GCC High

  • Sophos XG

  • Stormshield

  • Ubiquiti

  • Zscaler

For more information, see https://documentation.campus.barracuda.com/wiki/spaces/SKOUT/pages/294715691.

New Endpoint Security group

A new endpoint security group, Monitor + Remediation + VSS Disabled, is created by default when SentinelOne is integrated.

Monitor + Remediation + VSS Disabled — Barracuda XDR monitor your endpoints, notifies you with an Alert if any risks are detected, and isolates and remediates risks. In this group, Volume Shadow Copy Service (VSS) is disabled, which is required for most backup software to run without interference from the SentinelOne agent. If you’re running your own backup systems, place your servers in this group to avoid issues right away upon installation.

For more information, see https://documentation.campus.barracuda.com/wiki/spaces/SKOUT/pages/6947821.

Managing SentinelOne threats

You can now mitigate threats detected by SentinelOne directly in the Barracuda Managed XDR dashboard, letting you act instantly when a threat is detected. You can choose between quarantining the file that started the process or killing the process.

A graphic of the Mitigate Threat dialog box
The Mitigate Threat dialog box

 

Introducing geographic controls

Defining your authorized geographic footprints (country, region/state, city) enhances the accuracy of XDR detections by incorporating geographic data into detection models and automated workflows, reducing false positives.

XDR uses this data to track login anomalies such as impossible travel. 

footprint.png

For more information, see https://documentation.campus.barracuda.com/wiki/spaces/SKOUT/pages/519602190.

Automatic Threat Response (ATR) added for Microsoft Defender XDR (Previously known as Microsoft 365 Defender)

While endpoint ATR was previously available for Microsoft Defender for Endpoint, XDR has added ATR for Microsoft Defender XDR. Once ATR is set up, if a security alert triggers, ATR quarantines the impacted device from the network. You can manually isolate devices and also see the records of ATR actions that XDR has taken for Microsoft Defender XDR.

For more information on setting up ATR for Microsoft Defender XDR, see https://documentation.campus.barracuda.com/wiki/spaces/SKOUT/pages/429162693.

Automated interoperability catalog

A new page in the XDR Dashboard lets you manage their SentinelOne Interoperability Catalog and application exclusions. To see it, select Administration > Managed Endpoint Interoperability Catalog.

Dashboard bug fixes

 

 

 

 

8474

Hid Multi Factor Authentication (MFA) settings for users signed in with authdb.

9980

Resolved an issue where the log search screen didn’t load properly.

10027

Resolved an issue with account changer.

10049

Resolved an issue with audit log formatting.

10077

Resolved an issue with saving Barracuda Intrusion Detection System (IDS) integration.

100163

Resolved an issue where certain users with a new account saw an error on the Interoperability Catalog page.

Rules

New Rules

  • Windows WinRM Activation

  • Windows Net User Account Created

  • Windows Net User Account Deleted

  • Windows Net User Account Disabled

  • Windows Suspicious Net User Domain Command

  • Windows Domain Admin Group Enumeration

  • Stormshield SNS (9)

    Query

    • Stormshield Blocked Traffic Major Alarm

    • Stormshield Configuration Change from External IP

    • Stormshield Network Security Threat Simulation

    • Stormshield Suspicious Outbound Traffic to High-Risk Ports

    Threshold

    • Stormshield Brute Force Authentication Attempt

    • Stormshield Password Spraying Activity

    Threat Intel

    • Stormshield Outbound Traffic to Threat IP

    • Stormshield Threat IP Communication Detected on Critical Protocol

    • Stormshield User Login from Threat IP

  • pfSense (10)
    Query

    • pfSense Inbound RDP from Internet Allowed

    • pfSense Inbound SSH from Internet Allowed

    • pfSense Network Security Threat Simulation

    • pfSense Suspicious Outbound Traffic to High-Risk Ports

    Threshold

    • pfSense Allowed Port Scan Activity

    • pfSense Potential C2 Beaconing Activity

    Threat Intel

    • pfSense Inbound Traffic from Threat IP

    • pfSense Outbound Traffic to Threat IP

    • pfSense Threat IP Communication on Critical Protocol

    • pfSense User Login from Threat IP

Tuning and Bug Fixes

  • GLB.EA.NET Checkpoint Detected Download Manager Traffic - Rule Tuned by removing legitimate applications consistently used by customers internally.

  • The following Windows rules have updated ticket bodies and recommendations:

    • Windows PsExec Executed

    • Windows Device Logs Cleared

    • Windows Persistence Via Bits Job Cmdline

    • Windows Firewall Disabled via PowerShell

    • Windows Deleting Backup Catalogs Wbadmin

    • Windows PowerShell Kerberos Ticket Dump

    • Windows Suspicious Certutil Commands

    • Windows HackTool - WinPwn Execution

    • Windows RDP Enabled via Registry

    • Windows Mimikatz Command Line Syntax Detected

    • Windows DPAPI Domain Backup Key Extraction

    • Windows Impacket smbexec Reverse Shell Gained

    • Windows Remote File Download via Cmd.exe

    • Windows Potential Evasion via Filter Manager

    • Windows Impacket PsExec Reverse Shell Executed

    • Windows Volume Shadow Copy Deletion via PowerShell

    • Windows Volume Shadow Copy Deletion via VssAdmin

    • Windows Volume Shadow Copy Deletion

  • Checkpoint Detected Download Manager Traffic 

    • Excluded package managers such as apt-get, dnf, git, npm

  • Okta: Logon from Anomalous Location

    • Added a correlation via SentinelOne to check if a device in the console matches the suspect IP 

  • Microsoft Office 365 Anomalous Login 

    • Added a correlation via SentinelOne to check if a device in the console matches the suspect IP 

We value your feedback.
If you have questions, suggestions, or feedback on our documentation, contact the Campus Product Documentation team.
For general product inquiries or technical support, please contact the global Barracuda Support team.