Explore and Analyze Barracuda Events

All Barracuda logs

col_type = "barracuda"

All normalized Barracuda events

norm_id = "Barracuda*"

Firewall allow events

norm_id = "Barracuda*" label = "Allow"

Firewall deny/block events

norm_id = "Barracuda*" label IN ["Deny", "Block", "Drop"]

Attack detection events

norm_id = "Barracuda*" label = "Detect"

Web application firewall attacks

norm_id = "BarracudaWAF" label = "Attack"

Email virus detections

norm_id = "Barracuda*" label = "Virus"

Spam detections

norm_id = "Barracuda*" label = "Spam"

Blocked attachments

norm_id = "Barracuda*" label = "Banned" label = "Attachment"

IPS alerts

norm_id = "Barracuda*" label = "IPS"

Web filter blocked content

norm_id = "BarracudaWebFilter" label = "Block"

Attack Count

The count of attacks such as DDOS attacks, forceful browsing, protocol violations, limits violation and other to gain unauthorized access to a computer, computing system or computer network with the intent to cause damage.

Attack Timetrend

A time span observation providing a dynamic view of attacks in the hope of forecasting future attacks.

Top 10 Attack Events

The top ten attack events that have or might lead to unauthorized data access, processing, corruption, alteration, transfer or disclosure of data.

Top Distinct Attacks by Source Locations

The sources of top distinct attacks and their destinations based on source country, action and destination address.

Total Attackers

The distinct count of total attackers based on source address.

Top Actions Taken on Traffic

The top actions taken on traffic by a firewall to block attack traffic while allowing valid traffic through the firewall with no impact on the quality of experience of the valid traffic.

Top 10 Errors from Client

The top ten client-side error codes such as Invalid Request (status code 400), Authentication Failed (401), Not Found (status code 404), Method Not Allowed (status code 405) and Invalid Post Data (status code 415) that occurred on a client-server system, such as a web application.

Top 10 Protocols

The top ten protocols applied by a firewall to establish a secure communication between different devices for the exchange of data.

Injection Attack Details

Details of an injection attack such as blind SQL injection or SSI injection. An attacker injects code into a program or query, or injects malware onto a computer to execute remote commands that can read or modify a database, or change data on a web site.

DOS Attack Details

Details of DOS attack such as buffer overflows or flood attacks, where an attacker uses a false IP address to flood the targeted host or network with illegitimate service requests.

Top 10 Users in Attack Events

The top ten remote or local users involved during an attack.

Attack Details

Details of the attack including source address, source country, attack type, destination address, destination country, request method, URL, rule type and actions.

Top 10 Action

The top ten actions taken to inspect incoming and outgoing traffic using a set of security rules to identify and block threats.

Top 10 Mail Destinations Domain

The top ten destination addresses domains where emails were sent, for a firewall to allow or block the destination IP address.

Top 10 Source Address

The top ten source addresses of a device or user that sent data across the network. It allows an administrator to specify which source addresses are allowed or denied access to the network or choose to block all traffic from a particular source address.

Top 10 Mail Sender

The top ten email senders whose behavior on the server is monitored. Problem senders are blocklisted based on their IP address and domain name.

Top 10 Mail Receiver

The top ten email receivers can help administrators decide what kind of filters to apply to incoming emails in addition to removing spam.

User Login - List

The user logins activity list by login timestamp, username and actions.

Time trend of Action

A dynamic view of actions that can help forecast future threats.

Top 10 Destination Address

The top ten destination addresses of servers where you want to grant access to a service.

Message Category - RECV and SCAN services

The data on RECV services indicating a message was handled by the MTA and processing stopped and SCAN service indicating the message was scanned and processing may have stopped or it may have been sent to outbound processing for delivery.

Message Category - SEND services

The data on SEND services, such as delivered message, rejected message, deferred message and expired message indicating the status of outbound delivery.

Top 15 Event Category by Reason Code

The top fifteen Barracuda event categories by reason code, such as Virus, Banned Attachment or RBL Match to identify an error condition.

Top 10 Hosts in Barracuda Blocklist Category

The top ten hosts linked to junk emails in the block list category.

Top 10 Senders in Barracuda Blocklist Category

The top ten senders in the block list category from which you would not receive emails.

Top 10 Receivers in Barracuda Blocklist Category

The top ten receivers in the block list category who would not receive incoming mails.

Top 10 Hosts in Virus Category

Top ten hosts categorized as Virus of Barracuda RECV and SCAN services.

Top 10 Senders in Virus Category

Top ten senders categorized as Virus of Barracuda RECV and SCAN services.

Top 10 Receivers in Virus Category

Top ten receivers categorized as Virus of Barracuda RECV and SCAN services.

Top 10 Receivers in Banned Attachment Category

The top ten receivers in the Band Attachment category of Barracuda RECV and SCAN services based on filename patterns you specify, common text attachment file types and attachment MIME types.

Top 10 Senders in Banned Attachment Category

Top ten senders in the Band Attachment category of Barracuda RECV and SCAN services.

Top 10 hosts in Banned Attachment Category

Top ten hosts in the Band Attachment category of Barracuda RECV and SCAN services.

Top 10 host in Spam Fingerprint Found Category

The top ten hosts in the Spam Fingerprint Found category of Barracuda RECV and SCAN services through which hackers create a network map that helps them identify vulnerabilities for a successful attack.

Top 10 Sender in Spam Fingerprint Found Category

Top ten senders in the Spam Fingerprint Found category of Barracuda RECV and SCAN services.

Top 10 receiver in Spam Fingerprint Found Category

Top ten receivers in the Spam Fingerprint Found category of Barracuda RECV and SCAN services.

Barracuda Web Filter Details - List

A list of Barracuda Web Filters activities based on timestamp, source address, destination address, URL, action, reason, content type (HTML or jpeg), data size, matched part and category.

Top 10 Source Address

The top ten source addresses to prevent malicious traffic.

Top 10 Destination Address

The top ten destination addresses to prevent certain data from flowing into a destination.

Top 10 Action with Reason

The top ten actions performed by Barracuda Web Filter, along with the reasons for the actions taken. For example, a device scanned as a threat is detected.

URL Details - List

A list of the frequently visited URLs based on action, reason, matched part and category.

Top Content Type - List

A list of the top website contents filtered by Barracuda Web Filters.

Top Matched Part - List

A list of the top regular expressions, domain names or keywords that matched to a URL.

Top Matched Category - List

A list of the top built-in or customized web content categories that matched with your regular expressions, domain names or keywords.