Incident Response

Respond faster to email attacks.


Threat Hunting

Users can report phishing and other suspicious emails to their IT administrators directly from the Outlook Essentials Message Actions add-in. This provides end users with a simpler way to report suspicious emails to their IT department. Reported messages will appear in the Incident Response dashboard for IT to review, investigate, and take corrective action.

Incident Response can help you locate potential threats looming in your Office 365 account. Potential incidents comprise two categories:

  • Related threats — Threats based on an incident you already created.
  • Post-delivery threats — Based on Barracuda’s (community) intelligence on currently circulating threats that might already be present in your inbox.

Incident Response gives you access to Insights to glean more information about email-use patterns. This intelligence can be used to identify anomalies in delivered mail and to uncover instances of phishing attacks that might otherwise go undetected.


Identity all users who received malicious emails and clicked on links, replied to, or forwarded these messages. Automatically send them email notifications with instructions to change their passwords and other necessary remediation actions.

Use Incident Response to identify users that received malicious email and permanently remove malicious emails directly from user inboxes. This action can be taken by an IT administrator without the need to involve end users.

Use Incident Response to identify users that received malicious email and automatically send alerts notifying them of an incident. These emails can be sent in bulk to all affected users.


You can enable Incident Response to automatically remediate email messages that contain malicious URLs or attachments. All user-reported messages are automatically scanned for malicious content. When a threat is detected, all matching emails are moved from users’ mailboxes into their junk folders. Security teams will get an alert notifying them of an incident.

Email attacks come in waves. When you activate Continuous Remediation, Incident Response will continue to delete any copies of the email that appear in inboxes for 72 hours after the initial remediation has completed.

Build custom playbooks to completely automate your incident response process. Admins at any technical level can create a workflow and add complexity by defining a trigger, determining conditions, and assigning the desired actions through a simple user interface.

Incident Response RESTful API (beta) provides remote administration and configuration of Barracuda Incident Response.

Syslog Integration enables you to export your event data to a syslog server or a security information and events management (SIEM) system. With Syslog Integration, you can store your information and use it for tracking, analysis, and troubleshooting.