惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

博客园 - 【当耐特】
WordPress大学
WordPress大学
T
The Exploit Database - CXSecurity.com
博客园_首页
MyScale Blog
MyScale Blog
The Cloudflare Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
美团技术团队
Stack Overflow Blog
Stack Overflow Blog
博客园 - 聂微东
M
MIT News - Artificial intelligence
Microsoft Security Blog
Microsoft Security Blog
F
Full Disclosure
V
V2EX
博客园 - Franky
博客园 - 三生石上(FineUI控件)
Hugging Face - Blog
Hugging Face - Blog
P
Proofpoint News Feed
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
SecWiki News
SecWiki News
N
Netflix TechBlog - Medium
S
Secure Thoughts
酷 壳 – CoolShell
酷 壳 – CoolShell
Hacker News: Ask HN
Hacker News: Ask HN
爱范儿
爱范儿
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
Webroot Blog
Webroot Blog
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
Martin Fowler
Martin Fowler
PCI Perspectives
PCI Perspectives
S
Security @ Cisco Blogs
Recorded Future
Recorded Future
Help Net Security
Help Net Security
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
AI
AI
Microsoft Azure Blog
Microsoft Azure Blog
K
Kaspersky official blog
G
GRAHAM CLULEY
H
Hackread – Cybersecurity News, Data Breaches, AI and More
C
CERT Recently Published Vulnerability Notes
U
Unit 42
T
Tor Project blog
Cloudbric
Cloudbric
Hacker News - Newest:
Hacker News - Newest: "LLM"
MongoDB | Blog
MongoDB | Blog
GbyAI
GbyAI
T
The Blog of Author Tim Ferriss
Security Latest
Security Latest
N
News and Events Feed by Topic
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO

Databricks

Navigating a Synapse Migration to Databricks Benchmarking Coding Agents on Databricks’ Multi-Million Line Codebase How to Evaluate an Enterprise Analytics Platform How Imperial College London is accelerating dementia research with a modern data platform Automatic Upgrades: best practice features for your lakehouse tables Reimagining Data Modeling on the Lakehouse: Introducing Vibe Data Modeling Scaling Security Alert Triage With Specialized Agents on Databricks Contextual Policies in Omnigent: Using session state to better govern AI agents OpenAI and Databricks at DAIS 2026: Making enterprise AI real The 3 questions to answer to take AI from experimentation to impact
Barracuda makes security logs conversational with Genie
Barracuda XDR Engineering Team · 2026-07-07 · via Databricks

When a security analyst is alerted to a suspicious login or an unusual firewall block, the answer is almost always in the logs. Finding it is the hard part.

Barracuda Managed XDR is an AI-powered security service that combines advanced detection with a dedicated Security Operations Center (SOC) to help organizations protect against, detect, and respond to threats across endpoints, networks, email, and cloud environments.

That protection depends on a huge volume of security logs from firewalls, endpoints, identity providers, cloud platforms, and email gateways across thousands of customer environments. Every WatchGuard, Fortinet, Palo Alto, Microsoft 365, and AWS source has its own schema and field names. Pulling answers from that data has historically meant writing SQL and navigating the inconsistencies and proprietary formats across each vendor’s data.

Barracuda's engineering team set out to fix that. They wanted any analyst, MSP technician, or security manager to be able to query the data directly, without first having to become an expert in a dozen log formats.

The solution they shipped is AI-Powered Log Search, built on Genie and integrated directly into the XDR dashboard. Users ask questions like "show me failed login attempts from external IPs in the last 24 hours" and get back results in seconds, with multi-tenant isolation enforced at the data layer.

Want a detailed technical breakdown of how it works? Read the Barracuda engineering team’s post.

Why has log search been a bottleneck?

Before AI-Powered Log Search, an investigation usually went one of two ways.

If the analyst on the case knew relevant schemas for the specific data source, they could query the data themselves. That meant a small group of senior analysts handled most of the non-routine work, since few people had the time or background to learn the full landscape of vendor formats.

If they didn't, they escalated. The question got handed to someone who could write the query, which created a queue. Even simple requests had to wait until a senior analyst had time to pick them up.

Neither approach scaled cleanly across thousands of customers and partners. Barracuda wanted something that gave every user direct access to the data without requiring SQL, and without weakening the tenant isolation that a managed platform depends on.

Asking questions the way you'd ask a colleague

AI-Powered Log Search lives inside the XDR dashboard. The user types a question, Genie converts it into SQL, runs it against that customer's logs, and returns results in a familiar table view. The generated query is shown alongside the results, which gives analysts a way to verify what ran or learn the SQL for next time.

What makes this work better than a generic text-to-SQL tool is the context Genie has access to. Barracuda enriched its Unity Catalog with security-specific metadata, including descriptions for every column and table covering network, server, cloud, email, and endpoint sources. So when a user asks about "blocked connections," Genie can map the request onto the right tables and fields across whichever firewall vendors are in play for that customer.

Multi-turn conversations are supported, which is how most analysts work in practice. A first question pulls back a broad view, and follow-ups refine it: "now filter to just the top 10 source IPs," "show me the same data for last week," "exclude internal addresses." Genie carries the context forward, so each follow-up builds on the last without restating it.

According to Barracuda, Genie has reduced time-to-insight on routine investigations from hours to minutes. A junior analyst who would have escalated a non-trivial query last month can now run it themselves. An MSP technician serving multiple customers can answer a question on the spot rather than route it through a senior analyst. Compliance teams and security leaders can pull their own data without filing a ticket. And because every query gets logged, the audit trail covers SOC 2 and similar compliance requirements without extra instrumentation.

That shift is already changing how Barracuda handles recurring log-search requests. Before Genie, business users regularly relied on SOC analysts to pull specific log-search data. The SOC team received around 200 requests per month, with each request taking 25 to 30 minutes to interpret the request, identify the right data source and schema, write SQL, run the query and respond through tickets. With Genie, those recurring requests can move to self-service, freeing an estimated 83 to 100 SOC analyst hours per month, or 1,000 to 1,200 hours annually.

By using Databricks Genie to allow our partners and SMBs to query complex security data using everyday language, Barracuda Managed XDR makes threat investigation remarkably easy to use. This intuitive AI-powered search enables faster turnaround on potential risks, significantly improving our overall operational productivity and corporate defense.—Boopathy Veerappa, Director, Cyber DevOps Engineering - Managed XDR

The hard part: keeping tenants isolated

A natural-language interface to security logs is only useful if it's safe to expose to thousands of customers in a shared platform. A query that crosses customer boundaries is a breach, so Barracuda built tenant isolation into every layer of the system.

Genie never queries base tables directly. Instead, it queries secure views in Unity Catalog that filter data by the authenticated user's organization before the query engine ever runs the SQL. Because the filter is applied at the view layer rather than in the prompt or application code, a malformed or adversarial query can't bypass it. Service principals are scoped to a single organization, and a query validator inspects every generated SQL statement to confirm that the organization filter is present and rejects any that fail.

Governance comes for free with this design. The same row-level security policies that protect the underlying tables apply to natural-language queries, so there's no parallel access model to maintain or a separate authorization layer to keep in sync.

What's next

Barracuda's Managed XDR team is continuing to build on AI-Powered Log Search. Saving and scheduling searches is on the near-term roadmap, along with integration with Barracuda's AI Assistant for summarization, additional data sources, and chart and visualization generation directly from query results.

For the full technical breakdown, including the compound AI architecture, row-level security implementation, query validation pipeline, and multi-region deployment model, read Barracuda's engineering post.

To learn more about Genie and how teams are using it to make data and agents available to every employee, visit the Genie product page.