[AI-5281] Barracuda Secure Edge Integration PR #20423
Open
+3,587
−0
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cswatt
previously approved these changes
Jun 2, 2025
Review from cswatt is dismissed. Related teams and files:
- documentation
- barracuda_secure_edge/manifest.json
iliakur
previously approved these changes
Jun 4, 2025
hey @cswatt looks like the description needs updating (@vinodkumar-sacumen will update), please have a look at the PR from a docs perspective. It does have Assets that we can use docs review/approval on. |
ab6d522 to
b00a197
Compare
Review from iliakur is dismissed. Related teams and files:
- agent-integrations
- .github/CODEOWNERS
- .github/workflows/config/labeler.yml
- barracuda_secure_edge/CHANGELOG.md
- barracuda_secure_edge/README.md
- barracuda_secure_edge/assets/configuration/spec.yaml
- barracuda_secure_edge/assets/dashboards/barracuda_secure_edge_overview.json
- barracuda_secure_edge/changelog.d/20423.added
- barracuda_secure_edge/datadog_checks/barracuda_secure_edge/about.py
- barracuda_secure_edge/datadog_checks/barracuda_secure_edge/init.py
- barracuda_secure_edge/datadog_checks/barracuda_secure_edge/data/conf.yaml.example
- barracuda_secure_edge/images/secureEdge1.png
- barracuda_secure_edge/images/secureEdge2.png
- barracuda_secure_edge/images/secure_edge_overview.png
- barracuda_secure_edge/manifest.json
- barracuda_secure_edge/pyproject.toml
92e4d60 to
48c4f43
Compare
shrey4b
requested changes
Jun 17, 2025
There was a problem hiding this comment.
Looks like this one is missing some steps
| @@ -0,0 +1,2498 @@ | |||
| { | |||
| "title": "Barracuda Secure Edge", | |||
| "description": "[[suggested_dashboards]]", | |||
| { | ||
| "id": 5966799396123124, | ||
| "definition": { | ||
| "title": "Network Event Timeline", |
There was a problem hiding this comment.
For this title, checking if the double space was intentional
| { | ||
| "id": 6000789218138106, | ||
| "definition": { | ||
| "title": "Auth Access Event Timeline", |
| { | ||
| "id": 3172417779844822, | ||
| "definition": { | ||
| "title": "Auth Access Event level", |
There was a problem hiding this comment.
"L" to be capitalized as part of title
| "configuration": "README.md#Setup", | ||
| "support": "README.md#Support", | ||
| "changelog": "CHANGELOG.md", | ||
| "description": "SecureEdge is a unified SASE platform that includes NGFW, zero trust and secure SD-WAN", |
There was a problem hiding this comment.
I believe this description section is searchable. As such it should include "Barracuda". I also recommend writing out the acronyms and having the acronym itself follow in parentheses i.e. Secure Access Service Edge (SASE).
There was a problem hiding this comment.
Have restricted it due to line length CI check issue.
48c4f43 to
00284d1
Compare
brett0000FF
reviewed
Jun 23, 2025
barracuda_secure_edge/README.md
Outdated
Comment on lines
54
to
65
| ### Metrics | ||
|
|
||
| Barracuda_Secure_Edge does not include any metrics. | ||
|
|
||
|
|
||
| ### Log Collection | ||
| ## Data Collected | ||
| The Barracuda Secure Edge logs contain key information such as the event timestamp, source and destination IPs and ports, protocol used, firewall action (allow/deny), the matched rule name, user identity (if available), log type (e.g., firewall, VPN, authentication), network interface, device name, and status of the operation, all of which help monitor traffic behavior, access control, and system activity and many more which are collected by DataDog. | ||
|
|
||
| ### Events | ||
|
|
||
| The Secure_edge integration includes log events such as failed logins and rule hits. |
There was a problem hiding this comment.
Suggested change
| ### Metrics | |
| Barracuda_Secure_Edge does not include any metrics. | |
| ### Log Collection | |
| ## Data Collected | |
| The Barracuda Secure Edge logs contain key information such as the event timestamp, source and destination IPs and ports, protocol used, firewall action (allow/deny), the matched rule name, user identity (if available), log type (e.g., firewall, VPN, authentication), network interface, device name, and status of the operation, all of which help monitor traffic behavior, access control, and system activity and many more which are collected by DataDog. | |
| ### Events | |
| The Secure_edge integration includes log events such as failed logins and rule hits. | |
| ## Data Collected | |
| ### Metrics | |
| Barracuda_Secure_Edge does not include any metrics. | |
| ### Events | |
| The Barracuda Secure Edge integration does not include any events. | |
| ### Logs | |
| The Barracuda Secure Edge integration collects logs containing the following types of information: | |
| - **Security Events**: Firewall actions (allow/deny), rule matches, and security policy violations | |
| - **Network Traffic**: Source and destination IPs/ports, protocols, and network interfaces | |
| - **Authentication**: User login attempts, successes, and failures | |
| - **VPN Activity**: VPN connection events and status | |
| - **System Events**: Device status, configuration changes, and system health | |
barracuda_secure_edge/README.md
Outdated
|
|
||
| ## Overview | ||
|
|
||
| This integration monitors [barracuda_secure_edge][4]. |
There was a problem hiding this comment.
Suggested change
| This integration monitors [barracuda_secure_edge][4]. | |
| Barracuda Secure Edge is a unified Secure Access Service Edge (SASE) platform that includes Next-Generation Firewall (NGFW), zero trust, and secure Software-Defined Wide Area Network (SD-WAN) capabilities. This integration allows you to collect and analyze logs from your [barracuda_secure_edge][4] deployment to monitor security events, network traffic, and system activity. |
barracuda_secure_edge/README.md
Outdated
Comment on lines
31
to
36
| ### Prerequisites | ||
|
|
||
| 1. Administrative access to Barracuda Secure Edge installed on your server. | ||
| 2. The Datadog Agent installed and running (on a server or container that can receive syslog messages). | ||
| 3. Network Access between the firewall and the Datadog Agent (usually port 514, but may be a custom value). | ||
| 4. Syslog support enabled in the Datadog Agent (with a TCP or UDP listener configured). |
There was a problem hiding this comment.
This should be the first subsection of Setup, so users see this info before starting.
|
|
||
| ```yaml | ||
| logs: | ||
| - type: file |
There was a problem hiding this comment.
It seems like we are mixing file-based and syslog methods. The setup steps use a file, but the validation steps use syslog? My understanding is we should be consistent here.
There was a problem hiding this comment.
Basically, syslog logs are being exported to a file and datadog reads the file for ingesiton into the agent. I have updated few phrases. Thanks
barracuda_secure_edge/README.md
Outdated
| Need help? Contact [Datadog support][1]. | ||
|
|
||
| [1]: https://docs.datadoghq.com/help/ | ||
| [2]: https://app.datadoghq.com/account/settings/agent/latest |
There was a problem hiding this comment.
Suggested change
| [2]: https://app.datadoghq.com/account/settings/agent/latest | |
| [2]: /account/settings/agent/latest |
barracuda_secure_edge/README.md
Outdated
| [2]: https://app.datadoghq.com/account/settings/agent/latest | ||
| [3]: https://docs.datadoghq.com/agent/guide/agent-commands/#start-stop-and-restart-the-agent | ||
| [4]: https://www.barracuda.com/products/network-protection/secureedge | ||
| [5]: https://app.datadoghq.com/logs/livetail |
There was a problem hiding this comment.
Suggested change
| [5]: https://app.datadoghq.com/logs/livetail | |
| [5]: /logs/livetail |
b565132 to
348069e
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does this PR do?
This is a initial release PR of Barracuda SecureEdge Firewall integration including all the required assets.
Motivation
This is beta release of Agent based integration and is intended for internal testing before going live. We will raise a separate PR with assets and all necessary information once this PR has been merged.
Review checklist (to be filled by reviewers)
qa/skip-qalabel if the PR doesn't need to be tested during QA.backport/<branch-name>label to the PR and it will automatically open a backport PR once this one is merged