Skip to content

Barracuda CloudGen

Barracuda CloudGen

About

Barracuda CloudGen Access isĀ an innovative ZTNA solution that provides secure access to applications and workloads from any device and location. CloudGen Access continuously verifies that only the right person, with the right device, and the right permissions can access company data or apps, or any infrastructure.

Product Details

Vendor URL: Barracuda CloudGen Access - Enable Zero-Touch Access

Product Type: Network Security

Product Tier: Tier II

Integration Method: Syslog

Integration URL: How to Configure Syslog Streaming | Barracuda Campus

Log Guide: Log Files: FAQ | Barracuda Campus

Parser Details

Log Format: JSON

Expected Normalization Rate: 75%

Data Label: BARRACUDA_CLOUDGEN_ACCESS

UDM Fields (list of all UDM fields leveraged in the Parser):

Log File Field UDM Field
device.hostname principal.hostname
device.id principal.asset.product_object_id
device.model principal.asset.hardware
device.os.name principal.asset.platform_software.platform
device.os.version principal.asset.platform_software.platform_version
events.0.creationDate metadata.event_timestamp
events.0.id target.asset.product_object_id
events.0.name metadata.product_event_type
events.0.name security_result.summary
events.0.payload.admittanceType security_result.action_details
events.0.payload.category security_result.category_details
events.0.payload.domainName target.url
events.0.payload.resourceId target.hostname
events.0.payload.source principal.application
product.environment principal.asset.software
product.name principal.asset.software
product.version principal.asset.software
state.payload.antivirus additional.fields
state.payload.diskEncryption additional.fields
state.payload.firewall additional.fields
state.payload.jailbroken additional.fields
state.payload.locale principal.asset.location.country_or_region
state.payload.screenLock additional.fields
state.payload.tenant.enrollmentId metadata.product_log_id
state.payload.tenant.id metadata.product_deployment_id
state.payload.user.email principal.administrative_domain
state.payload.user.email principal.user.userid
state.payload.user.email principal.user.email_addresses
state.version metadata.product_version

Product Event Types

type,subtype severity UDM Event Classification alerting enabled
Default GENERIC_EVENT
tunnelState tunnelState
accessProxyAdmittance USER_LOGIN
domainBlocked NETWORK_CONNECTION

Log Sample

{"device":{"hostname":"DEVICENAME","id":"sdfb-shbntr-0-40e-gntr4gd0-04651","model":"MacBookPro17,1","os":{"name":"macOS","version":"12.3.1"}},"events":[{"creationDate":"2022-06-10T21:20:11-0500","id":"a6gf40w-adgfae85ff40-asfd5awe0f-6540","name":"accessProxyAdmittance","payload":{"admittanceType":"granted","proxyId":"0d71f278-57bd-4fac-b489-871366b5bac2","resourceId":"640-ag-d4f0se-0g4df0-ag651"},"version":1}],"product":{"environment":"appstore","id":"8f39efb2-07d9-46d5-a6d4-59583be1892f","name":"app","version":"1.7.0"},"state":{"payload":{"antivirus":"notAvailable","diskEncryption":"enabled","firewall":"enabled","jailbroken":false,"locale":"en-US","screenLock":"notAvailable","tenant":{"enrollmentId":"a6v546v51r65f1v6e51v564b16000","id":"ave6840-avbaf-0ad5fs4"},"user":{"email":"johndoe@companyname.com"}},"version":1}}

Sample Parsing

metadata.product_log_id = "a6v546v51r65f1v6e51v564b16000"
metadata.event_timestamp = "2022-06-11T02:20:11Z"
metadata.event_type = "USER_LOGIN"
metadata.product_version = "1"
metadata.product_event_type = "accessProxyAdmittance"
metadata.product_deployment_id = "ave6840-avbaf-0ad5fs4"
additional.screen_lock = "notAvailable"
additional.jailbroken = "false"
additional.disk_encryption = "enabled"
additional.firewall = "enabled"
additional.antivirus = "notAvailable"
principal.hostname = "DEVICENAME"
principal.asset_id = "CS:assd-123456-dfabnt-104-a5640694"
principal.user.userid = "johndoe"
principal.user.email_addresses = "johndoe@companyname.com"
principal.administrative_domain = "companyname.com"
principal.asset.product_object_id = "sdfb-shbntr-0-40e-gntr4gd0-04651"
principal.asset.hostname = "DEVICENAME"
principal.asset.asset_id = "CS:assd-123456-dfabnt-104-a5640694"
principal.asset.hardware.model = "MacBookPro17,1"
principal.asset.platform_software.platform = "MAC"
principal.asset.platform_software.platform_version = "12.3.1"
principal.asset.location.country_or_region = "en-US"
principal.asset.software.name = "appstore/app"
principal.asset.software.version = "1.7.0"
target.hostname = "640-ag-d4f0se-0g4df0-ag651"
target.user.userid = "johndoe@companyname.com"
target.asset.product_object_id = "a6gf40w-adgfae85ff40-asfd5awe0f-6540"
target.asset.hostname = "640-ag-d4f0se-0g4df0-ag651"
security_result.summary = "accessProxyAdmittance"
security_result.action = "ALLOW"
security_result.action_details = "granted"

Parser Alerting

This product currently does not have any Parser-based Alerting