SIRP

The Email Security Gateway is an email security gateway that manages and filters all inbound and outbound email traffic to protect organizations from email-borne threats and data leaks.

SIRP and Baracuda automate threat detection and mitigation. Protection against malicious domains and IPs is possible because the actions and playbooks are executed on SIRP using Barracuda

SIRP’s integration with Barracuda allows security teams to execute response actions right from SIRP. 

SIRP’s Barracuda integration app allows you to execute the following actions

Whitelist SIRP's IP and Generate API password

Log into the Barracuda Spam firewall web console

Select Basic and then select the Administration tab

Enter SIRP's IP and Netmask in Allowed IP/Range table and click Add

Note: For SIRP to access the Barracuda email security instance through its API SIRP IP needs to be added.

Add an API Password right under the table, and click Save on the top left.

- Log into the Barracuda Spam firewall web console
- Select Basic and then select the Administration tab 
 
 
 
- Enter SIRP's IP and Netmask in Allowed IP/Range table and click Add
 Note: For SIRP to access the Barracuda email security instance through its API SIRP IP needs to be added.
- Add an API Password right under the table, and click Save on the top left.

Next, log in to SIRP, then go to Apps from the left navigation bar

Locate the Barracuda Email Security Gateway App.

Click on the Toggle button to enable the app.

- Next, log in to SIRP, then go to Apps from the left navigation bar
- Locate the Barracuda Email Security Gateway App.
- Click on the Toggle button to enable the app.

 For configuration, click configure &amp; it will ask for the followings.

- Configuration name
- URL (web URL of Barracuda)
- API-Password

-  For configuration, click configure &amp; it will ask for the followings.
  - Configuration name
  - URL (web URL of Barracuda)
  - API-Password

The action can be executed from a ticket or playbook.

The blocked domain is visible in Barracuda in the Domain Manager list.

Note: You can also unblock a domain following the same steps 

Example 2: Block IP FOR DOMAIN action below parameters are required.

For this action the following parameters are required:

IP: The desired IP that needs to be blocked

Domain: The IP must be blocked against a domain that is already present in the blocklist

Domain: Domain name that is already blocked by Barracuda

- IP: The desired IP that needs to be blocked
- Domain: The IP must be blocked against a domain that is already present in the blocklist
- Input: IP that is needed to be blocked.
- Domain: Domain name that is already blocked by Barracuda
- Block-Type:
  - Tag
  - Quarantine
  - Block

Once the IP for Domain action is successfully performed, its results can view on Barracuda in the BLOCK/ACCEPT tab, under the IP/Filters section, the in the Blocked IP/Range table.

S.no	Action	Description
1	ADD DOMAIN	Adding domain to Domain Manager
2	DELETE DOMAIN	Deleting domain from Domain Manager
3	BLOCK IP FOR DOMAIN	Blocking IP Address for the Domain

About Barracuda

Supported Actions

Enable and Configure the Barracuda App

Whitelist SIRP's IP and Generate API password

Configure the app in SIRP

Barracuda in Action

Example 1: Blocking a malicious domain