Barracuda Forensics and Incident Response

Respond faster to email attacks.

Request Free Trial
Schedule A Demo

Threat Hunting

Users can report phishing and other suspicious emails to their IT administrators directly from the Outlook Essentials Message Actions add-in. This provides end users with a simpler way to report suspicious emails to their IT department. Reported messages will appear within Forensics and Incident Response for IT to review, investigate, and take corrective action.

Barracuda Forensics & Incident Response can help you locate potential threats looming in your Office 365 account.

Potential Incidents comprise two categories:

Related Threats – Threats based on an incident you already created.

Post-Delivery Threats – Based on Barracuda’s (community) intelligence on currently circulating threats, threats that might already be present in your inbox.

Forensics and Incident Response gives you access to Insights, to glean more information about email use patterns. This intelligence can be used to identify anomalies within delivered mail and to uncover instances of phishing attacks that might otherwise go undetected.


Identity all users who received malicious emails and clicked on links, replied to or forwarded these messages. Automatically send them email notifications with instructions to change their passwords and other necessary remediation actions.

Use Forensics and Incident Response to identify users that received malicious email and permanently remove malicious emails directly from user inboxes. This action can be taken by IT administrator without need to involve end users.

Use Forensics and Incident Response to identify users that received malicious email and automatically send alerts notifying them of an incident. These emails can be sent in bulk to all affected users.


You can enable Barracuda Forensics & Incident Response to automatically remediate email messages that contain malicious URLs or attachments. All user-reported messages are automatically scanned for malicious content. When a threat is detected all matching emails are moved from users’ mailboxes into their junk folders. Security teams will get an alert notifying them of an incident.

Email attacks come in waves. When you activate Continuous Remediation, Barracuda Forensics & Incident Response will continue to delete any copies of the email that appear in inboxes for 72 hours after the initial remediation has completed.

Build custom playbooks to completely automate your incident response process. Admins at any technical level can create a workflow and add complexity by defining a trigger, determining conditions and assigning the desired actions through a simple user interface.

The Barracuda Forensics & Incident Response RESTful API (beta) provides remote administration and configuration of Barracuda Forensics & Incident Response.

Syslog Integration enables you to export your event data to a syslog server or a security information and events management (SIEM) system. With Syslog Integration, you can store your information and use it for tracking, analysis, and troubleshooting.