Description

Barracuda CloudGen Firewall provides multiple layers of detection including advanced threat signatures, behavioral and heuristic analysis, static code analysis, and finally comprehensive sandboxing, to provide accurate detection and in-depth protection against ransomware, malware, and other advanced cyber-attacks.

Architecture

CloudGen ships with Filebeat which processes data on the CloudGen side into structured JSON data. They then output to Logstash via the Lumberjack protocol (see steps here). With this integration, we're proposing to add a lumberjack input to Filebeat, which could receive the structured events from CloudGen. We then build a Fleet integration with ingest pipelines and dashboards.

An alternative approach is their syslog output, but the data doesn't conform to the syslog RFC's and may be difficult to parse. There would also be more maintenance involved as their syslog parsing often changes with major releases.

Integration release checklist

This checklist is intended for integrations maintainers to ensure consistency when creating or updating a Package, Module or Dataset for an Integration.

All changes

[ ] Change follows the contributing guidelines
[ ] Supported versions of the monitoring target are documented
[ ] Supported operating systems are documented (if applicable)
[ ] Integration or System tests exist
[ ] Documentation exists
[ ] Fields follow ECS and naming conventions
[ ] At least a manual test with ES / Kibana / Agent has been performed.
[ ] Required Kibana version set to:

New Package

[ ] Screenshot of the "Add Integration" page on Fleet added

Dashboards changes

[ ] Dashboards exists
[ ] Screenshots added or updated
[ ] Datastream filters added to visualizations

Log dataset changes

[ ] Pipeline tests exist (if applicable)
[ ] Generated output for at least 1 log file exists
[ ] Sample event (sample_event.json) exists

elastic / integrations

Barracuda Cloudgen Firewall #3773