Integrate Barracuda Spam Firewall - Beta Surion
Integrate Barracuda SpamFirewallPublication Date: November 10, 2015
Integrate Barracuda Spam FirewallAbstractThis guide provides instructions to configure Barracuda Spam Firewall to send the events to EventTracker.ScopeThe configurations detailed in this guide are consistent with EventTracker version 7.X and later, andBarracuda Spam Firewall 300 and later.AudienceBarracuda Spam Firewall users, who wish to forward messages to EventTracker manager.The information contained in this document represents the current view of EventTracker. on theissues discussed as of the date of publication. Because EventTracker must respond to changingmarket conditions, it should not be interpreted to be a commitment on the part of EventTracker,and EventTracker cannot guarantee the accuracy of any information presented after the date ofpublication.This document is for informational purposes only. EventTracker MAKES NO WARRANTIES,EXPRESS OR IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT.Complying with all applicable copyright laws is the responsibility of the user. Without limiting therights under copyright, this paper may be freely distributed without permission fromEventTracker, if its content is unaltered, nothing is added to the content and credit toEventTracker is provided.EventTracker may have patents, patent applications, trademarks, copyrights, or other intellectualproperty rights covering subject matter in this document. Except as expressly provided in anywritten license agreement from EventTracker, the furnishing of this document does not give youany license to these patents, trademarks, copyrights, or other intellectual property.The example companies, organizations, products, people and events depicted herein are fictitious.No association with any real company, organization, product, person or event is intended orshould be inferred. 2017 EventTracker Security LLC. All rights reserved. The names of actual companies andproducts mentioned herein may be the trademarks of their respective owners.1
Integrate Barracuda Spam FirewallTable of ContentsAbstract . 1Overview. 3Prerequisites . 3Configuration . 3Barracuda Syslog Server Configuration: . 3EventTracker Knowledge Pack (KP) . 4Alerts . 4Categories . 5Reports . 5Import Barracuda Spam Firewall knowledge pack in EventTracker . 6Alerts . 6Category . 7Flex Reports . 8Template. 10Knowledge Object . 12To Configure Flex Dashboard . 14Verify Barracuda Spam Firewall knowledge pack in EventTracker . 18Alerts . 18Categories . 20Flex Reports . 21Template. 22Knowledge Objects . 23Sample Report . 24Sample Dashboard . 252
Integrate Barracuda Spam FirewallOverviewThe Barracuda Spam Firewall manages and filters all inbound and outbound email traffic to protectorganizations from email-borne threats and data leaks. As a complete email management solution, theBarracuda Spam Firewall let organizations encrypt messages and leverage the cloud to spool email if mailservers become unavailable.With EventTracker you can monitor system logs like login activity (login failed and logout), configurationchanges and messages containing virus and spam and quarantine messages. EventTracker will generate alertsfor configuration changes, spam mails and virus mails. It will generate reports for login failed activity andconfiguration changes which will helps you in compliance and security and generate reports for spam, virusand quarantine mails. Its dashboard provides us the graphical view for information of top mail recipients, topblocked messages and top spam and virus sender.Prerequisites EventTracker 7.x and later should be installed.Barracuda Spam Firewall 300 and later should be installed.Administrative access on the EventTracker Enterprise and Barracuda Spam Firewall.An exception should be added into Windows Firewall on EventTracker machine for syslog port 514.An exception should be added into Firewall in between EventTracker and Barracuda Spam Firewall forsyslog port 514.ConfigurationYou must enable and configure logging on Barracuda Spam Firewall prior to configuring EventTracker.Barracuda Syslog Server Configuration:1. Login into web console of Barracuda Spam Firewall.2. Go to the ADVANCED Advanced Networking page.In the Syslog Configuration section, fill IP address and port of EventTracker machine in Mail Syslog and webinterface Syslog.3
Integrate Barracuda Spam FirewallFigure 13. Click on Add4. Click Save button for saving the configuration.EventTracker Knowledge Pack (KP)Once logs are received into EventTracker, Categories, reports, alerts and knowledge objects can beconfigured into EventTracker.The following Knowledge Packs are available in EventTracker Enterprise to support Barracuda SpamFirewall.Alerts 4Barracuda Spam Firewall: Mail contains virus - This alert is generated when spam firewall identifiesmails which contains virus.Barracuda Spam Firewall: Spam mails - This alert is generated when spam firewall blocks spammessages.Barracuda Spam Firewall: Configuration changes - This alert is generated when the configurationchanges in barracuda spam firewall.Barracuda Spam Filter: User login failed – This alert is generated when user login fails in barracudaspam filter.
Integrate Barracuda Spam FirewallCategories Barracuda Spam Firewall: Configuration changes: All logs generated by Barracuda spam virus firewallwhen configuration changes happen.Barracuda Spam Firewall: Firewall received messages: All logs generated by Barracuda spam virusfirewall when a message was received and handled by the MTA.Barracuda Spam Firewall: Firewall scan messages: All logs generated by Barracuda spam virus firewallwhen a message was scanned and processing may have stopped or it may have been sent to theoutbound processing for delivery.Barracuda Spam Firewall: Firewall sending messages: All logs generated by Barracuda spam virusfirewall when a message is sent and status of outbound delivery.Barracuda Spam Firewall: Login and logout activity: All logs generated by Barracuda spam virusfirewall when login or logout is happened on barracuda spam firewall web interface.Barracuda Spam Filter: User login success: This category provides information related to user loginsuccess into barracuda spam filter.Barracuda spam filter - User login failed: This category provides information related to user loginfailure into barracuda spam filter.Reports 5Barracuda Spam Firewall - Blocked messages: This report provides information related to blockedmessages which contains sender and recipient information, message id, mail direction (inbound oroutbound), mail server IP, subject of the mails and reason code for why the mail transfer is blocked.Barracuda Spam Firewall - Mails contains virus: This report provides us the information related tomails containing virus which have information about sender and recipient, message id, mail directionand subject of the mails.Barracuda Spam Firewall - spam mails: This report provides us the information related to spam mailswhich contains sender and recipient information, mail direction, message id and subject of themessage.Barracuda Spam Firewall - quarantine messages: This report provides us the information related toquarantine messages which contains sender and recipient information, mail direction, message id,subject of the message and reason code why it is in quarantine.Barracuda Spam Firewall - Login failed activity: This report provides information related to loginfailed which contains username and source IP address.Barracuda Spam Firewall - Configuration changes: This report provides information related toconfiguration changes in barracuda spam firewall which contains source IP, setting which is changedand the changes happened and information about who changed it.
Integrate Barracuda Spam Firewall Barracuda Spam Filter - User login success: This report provides information related to user loginsuccess into barracuda spam filter.Barracuda spam filter - User login failed: This reports provides information related to user loginfailure into barracuda spam filter.Import Barracuda Spam Firewall knowledge pack inEventTracker1. Launch EventTracker Control Panel.2. Double click Export Import Utility. Click Import tab.Import Alert/Category/Tokens/ Flex Reports/Knowledge Objects as given below.Alerts1. Click Alerts option, and then click the browsebutton.Figure 22. Locate All Barracuda Spam Firewall.isalt file, and then click the Open button.6
Integrate Barracuda Spam Firewall3. To import alerts, click the Import button.EventTracker displays success message.Figure 34. Click OK, and then click the Close button.Category1. Click Category option, and then click the browsebutton.Figure 42. Locate All Barracuda Spam Firewall group of Categories.iscat file, and then click the Open button.7
Integrate Barracuda Spam Firewall3. To import categories, click the Import button.EventTracker displays success message.Figure 54. Click OK, and then click the Close button.Flex Reports1. Click Reports option, and then click the browsebutton.Figure 62. Locate the All Barracuda Spam Firewall group of Flex Report.issch file, and then click the Openbutton.8
Integrate Barracuda Spam Firewall3. Click the Import button to import the scheduled reports.EventTracker displays success message.Figure 74. Click the OK button. Click the Close button.9
Integrate Barracuda Spam FirewallTemplate1.2.3.4.Logon to EventTracker Enterprise.Click the Admin menu and then click the Parsing rule.Click the Template tab.Click the Import button, it will open new window. ( NOTE: Make sure pop-up is enabled forEventTracker).Figure 85. Locate and Choose .ETTD file and then click the Open button.10
Integrate Barracuda Spam FirewallFigure 96. Select the template you want to upload.7. Then click on the Import configuration icon.Figure 10EventTracker displays success message11
Integrate Barracuda Spam FirewallFigure 118. Click OK and it will automatically close the window.Knowledge Object1. Logon to EventTracker Enterprise.2. Click the Admin menu and then click the Knowledge Objects.3. Click the Import button, it will open new window. (NOTE: Make sure pop-up is enabled forEventTracker.Figure 124. Choose the Knowledge object template (.EKTO) files and click on UPLOAD button.12
Integrate Barracuda Spam FirewallFigure 135. Select Knowledge Object and click on Overwrite or Merge button.Figure 14EventTracker displays success message.13
Integrate Barracuda Spam FirewallFigure 156. Click OK and it will automatically close the window.To Configure Flex Dashboard1. Schedule the flex reports (Barracuda Spam Firewall-Allowed messages) after importing them.2. During scheduling, please check Persist data and select all the columns to persist.Figure 1614
Integrate Barracuda Spam FirewallFigure 173. Now, wait for report to run as per scheduled time.4. After generating report, click on Dashboard Flex.5. Click on Add Dashboardbutton and fill Title and Description box and save it.Figure 1815
Integrate Barracuda Spam Firewall6. Now, create dashlet for Barracuda Spam Firewall by clicking on Configure flex dashlet icon .7. Fill WIDGET TITLE, select DATA SOURCE, select CHART TYPE and select AXIS LABELS [X-AXIS].Figure 198. After selecting and filling all options, click on the TEST button to check the Dashlet. If data are comingproperly, then click on CONFIGURE button.16
Integrate Barracuda Spam FirewallFigure 209. After creation of Dashlet for Barracuda Spam Firewall, click on Customize flex dashlet10. Select Barracuda Spam Firewall-Top blocked mails dashlet and click on ADD buttonFigure 2111. Now, you can see the Dashlet on Dashboard.17.
Integrate Barracuda Spam FirewallFigure 22Verify Barracuda Spam Firewall knowledge pack inEventTrackerAlerts1. Logon to EventTracker Enterprise.2. Click the Admin menu, and then click Alerts.3. In Search field, type ‘Barracuda Spam’, and then click the Go button.Alert Management page will display all the imported Barracuda Spam Firewall alerts.18
Integrate Barracuda Spam FirewallFigure 234. To activate the imported alerts, select the respective checkbox in the Active column.EventTracker displays message box.Figure 245. Click OK, and then click the Activate Now button.NOTE: You can select alert notification such as Beep, Email, and Message etc. For this, select the respectivecheckbox in the Alert management page, and then click the Activate Now button.19
Integrate Barracuda Spam FirewallCategories1. Logon to EventTracker Enterprise.2. Click Admin dropdown, and then click Categories.3. In Category Tree to view imported categories, scroll down and expand Barracuda Spam Firewall groupfolder to view the imported categories.Figure 2520
Integrate Barracuda Spam FirewallFlex Reports1. Logon to EventTracker Enterprise.2. Click the Reports.3. Select the Configuration.In the Reports Configuration, select Defined by clicking the radio button. EventTracker displays Definedpage.4. Click the Barracuda Spam Firewall report group.EventTracker displays Flex reports of Barracuda Spam Firewall.Figure 2621
Integrate Barracuda Spam FirewallTemplate1. Logon to EventTracker Enterprise, Go to Parsing rule.2. Click on Template tab.3. Check the template you had uploaded.Figure 2722
Integrate Barracuda Spam FirewallKnowledge Objects1. Logon to EventTracker Enterprise.2. Click on Knowledge Object option.Figure 283. Check the Knowledge Object you had uploaded.23
Integrate Barracuda Spam FirewallSample ReportA sample report is shown below.1. Barracuda Spam Firewall-Login and logout activityFigure 292. Barracuda Spam Firewall-Configuration changesFigure 3024
Integrate Barracuda Spam FirewallSample Dashboard1. Barracuda Spam Firewall-Top Blocked messagesFigure 312. Barracuda Spam Firewall-Top RecipientFigure 3225
Barracuda Spam Firewall: Login and logout activity: All logs generated by Barracuda spam virus firewall when login or logout is happened on barracuda spam firewall web interface. Barracuda Spam Filter: User login success: This category provides information related to user login success into barracuda spam filter.
1.4 Barracuda NG Firewall VPN Gateway Our tests and VPN configuration have been conducted with Barracuda NG Firewall firmware release 5.4. 1.5 Barracuda NG Firewall VPN Gateway product info It is critical that users find all necessary information about Barracuda NG Firewall VPN Gateway. All product
You must use Barracuda Cloud Control to view and manage mixed mode deployments such as the Cloud Protection Layer component of the Barracuda Spam & Virus Firewall. Click the plus symbol ( ) next to the Barracuda Spam & Virus Firewall in the product tree, then click on the Clo ud Protection Layer link to access the web interface. A subset of the .
Anti‐Spam 3 10 Anti‐Spam Email Security uses multiple methods of detecting spam and other unwanted email. This chapter reviews the configuration information for Anti‐Spam: Spam Management Anti‐Spam Aggressiveness Languages Anti‐Spam Aggressiveness Spam Management
Barracuda Web Security Agent (WSA): Protect remote and mobile users by routing all web traffic from Windows or Mac laptops or desktops through the Barracuda Web Security Service. The Barracuda WSA can optionally be installed silently so it is undetected by the end user. Begin with Using the Barracuda WSA with the Barracuda Web Security Service.
Filter Virus, Spam, Volume Attack Address Credit Card, ID number leaking On-premises and Cloud-Based Office 365 eDiscovery and Compliance through Message Archiving 7-Year Retention Policy, Start Small and Scale-out . . Barracuda Spam & Virus Firewall Author:
Anti-spam scanning relates to incoming mail only , and in volv es chec king whether a message needs to be categorised as spam or suspected spam (depending on the spam rating of the message) and taking appropr iate action. A spam digest email and w eb based spam quar antine enables end users to manage their quarantined spam email.
Spam related cyber crimes, including phishing, malware and online fraud, are a serious threat to society. Spam filtering has been the major weapon against spam for many years but failed to reduce the number of spam emails. To hinder spammers' capability of sending spam, their supporting infrastructure needs to be disrupted.
American Revolution has fallen into the condition that overtakes so many of the great . 4 events of the past; it is, as Professor Trevor-Roper has written in another connection, taken for granted: "By our explanations, interpretations, assumptions we gradually make it seem automatic, natural, inevitable; we remove from it the sense of wonder, the unpredictability, and therefore the freshness .
