Barracuda CloudGen¶
About¶
Barracuda CloudGen Access isĀ an innovative ZTNA solution that provides secure access to applications and workloads from any device and location. CloudGen Access continuously verifies that only the right person, with the right device, and the right permissions can access company data or apps, or any infrastructure.
Product Details¶
Vendor URL: Barracuda CloudGen Access - Enable Zero-Touch Access
Product Type: Network Security
Product Tier: Tier II
Integration Method: Syslog
Integration URL: How to Configure Syslog Streaming | Barracuda Campus
Log Guide: Log Files: FAQ | Barracuda Campus
Parser Details¶
Log Format: JSON
Expected Normalization Rate: 75%
Data Label: BARRACUDA_CLOUDGEN_ACCESS
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| device.hostname | principal.hostname |
| device.id | principal.asset.product_object_id |
| device.model | principal.asset.hardware |
| device.os.name | principal.asset.platform_software.platform |
| device.os.version | principal.asset.platform_software.platform_version |
| events.0.creationDate | metadata.event_timestamp |
| events.0.id | target.asset.product_object_id |
| events.0.name | metadata.product_event_type |
| events.0.name | security_result.summary |
| events.0.payload.admittanceType | security_result.action_details |
| events.0.payload.category | security_result.category_details |
| events.0.payload.domainName | target.url |
| events.0.payload.resourceId | target.hostname |
| events.0.payload.source | principal.application |
| product.environment | principal.asset.software |
| product.name | principal.asset.software |
| product.version | principal.asset.software |
| state.payload.antivirus | additional.fields |
| state.payload.diskEncryption | additional.fields |
| state.payload.firewall | additional.fields |
| state.payload.jailbroken | additional.fields |
| state.payload.locale | principal.asset.location.country_or_region |
| state.payload.screenLock | additional.fields |
| state.payload.tenant.enrollmentId | metadata.product_log_id |
| state.payload.tenant.id | metadata.product_deployment_id |
| state.payload.user.email | principal.administrative_domain |
| state.payload.user.email | principal.user.userid |
| state.payload.user.email | principal.user.email_addresses |
| state.version | metadata.product_version |
Product Event Types¶
| type,subtype | severity | UDM Event Classification | alerting enabled |
|---|---|---|---|
| Default | GENERIC_EVENT | ||
| tunnelState | tunnelState | ||
| accessProxyAdmittance | USER_LOGIN | ||
| domainBlocked | NETWORK_CONNECTION |
Log Sample¶
{"device":{"hostname":"DEVICENAME","id":"sdfb-shbntr-0-40e-gntr4gd0-04651","model":"MacBookPro17,1","os":{"name":"macOS","version":"12.3.1"}},"events":[{"creationDate":"2022-06-10T21:20:11-0500","id":"a6gf40w-adgfae85ff40-asfd5awe0f-6540","name":"accessProxyAdmittance","payload":{"admittanceType":"granted","proxyId":"0d71f278-57bd-4fac-b489-871366b5bac2","resourceId":"640-ag-d4f0se-0g4df0-ag651"},"version":1}],"product":{"environment":"appstore","id":"8f39efb2-07d9-46d5-a6d4-59583be1892f","name":"app","version":"1.7.0"},"state":{"payload":{"antivirus":"notAvailable","diskEncryption":"enabled","firewall":"enabled","jailbroken":false,"locale":"en-US","screenLock":"notAvailable","tenant":{"enrollmentId":"a6v546v51r65f1v6e51v564b16000","id":"ave6840-avbaf-0ad5fs4"},"user":{"email":"johndoe@companyname.com"}},"version":1}}
Sample Parsing¶
metadata.product_log_id = "a6v546v51r65f1v6e51v564b16000"
metadata.event_timestamp = "2022-06-11T02:20:11Z"
metadata.event_type = "USER_LOGIN"
metadata.product_version = "1"
metadata.product_event_type = "accessProxyAdmittance"
metadata.product_deployment_id = "ave6840-avbaf-0ad5fs4"
additional.screen_lock = "notAvailable"
additional.jailbroken = "false"
additional.disk_encryption = "enabled"
additional.firewall = "enabled"
additional.antivirus = "notAvailable"
principal.hostname = "DEVICENAME"
principal.asset_id = "CS:assd-123456-dfabnt-104-a5640694"
principal.user.userid = "johndoe"
principal.user.email_addresses = "johndoe@companyname.com"
principal.administrative_domain = "companyname.com"
principal.asset.product_object_id = "sdfb-shbntr-0-40e-gntr4gd0-04651"
principal.asset.hostname = "DEVICENAME"
principal.asset.asset_id = "CS:assd-123456-dfabnt-104-a5640694"
principal.asset.hardware.model = "MacBookPro17,1"
principal.asset.platform_software.platform = "MAC"
principal.asset.platform_software.platform_version = "12.3.1"
principal.asset.location.country_or_region = "en-US"
principal.asset.software.name = "appstore/app"
principal.asset.software.version = "1.7.0"
target.hostname = "640-ag-d4f0se-0g4df0-ag651"
target.user.userid = "johndoe@companyname.com"
target.asset.product_object_id = "a6gf40w-adgfae85ff40-asfd5awe0f-6540"
target.asset.hostname = "640-ag-d4f0se-0g4df0-ag651"
security_result.summary = "accessProxyAdmittance"
security_result.action = "ALLOW"
security_result.action_details = "granted"
Parser Alerting¶
This product currently does not have any Parser-based Alerting
Rules¶
Coming Soon