{"slug": "barracuda-makes-security-logs-conversational-with-genie", "title": "Barracuda makes security logs conversational with Genie", "summary": "Barracuda Networks launched AI-Powered Log Search, built on Databricks Genie, inside its Managed XDR platform to let security analysts query logs using natural language instead of SQL. The feature reduces investigation time from hours to minutes by converting questions into SQL with multi-tenant isolation enforced via Unity Catalog.", "body_md": "Inside the AI-Powered Log Search feature in Barracuda Managed XDR, built on Databricks Genie with row-level tenant isolation in Unity Catalog.\n\nWhen a security analyst is alerted to a suspicious login or an unusual firewall block, the answer is almost always in the logs. Finding it is the hard part.\n\nBarracuda Managed XDR is an AI-powered security service that combines advanced detection with a dedicated Security Operations Center (SOC) to help organizations protect against, detect, and respond to threats across endpoints, networks, email, and cloud environments.\n\nThat protection depends on a huge volume of security logs from firewalls, endpoints, identity providers, cloud platforms, and email gateways across thousands of customer environments. Every WatchGuard, Fortinet, Palo Alto, Microsoft 365, and AWS source has its own schema and field names. Pulling answers from that data has historically meant writing SQL and navigating the inconsistencies and proprietary formats across each vendor’s data.\n\nBarracuda's engineering team set out to fix that. They wanted any analyst, MSP technician, or security manager to be able to query the data directly, without first having to become an expert in a dozen log formats.\n\nThe solution they shipped is AI-Powered Log Search, built on [Genie](https://www.databricks.com/product/business-intelligence/genie) and integrated directly into the XDR dashboard. Users ask questions like \"show me failed login attempts from external IPs in the last 24 hours\" and get back results in seconds, with multi-tenant isolation enforced at the data layer.\n\nWant a detailed technical breakdown of how it works? [Read the Barracuda engineering team’s post](https://blog.barracuda.com/2026/06/03/ai-powered-log-search-barracuda-managed-xdr).\n\nBefore AI-Powered Log Search, an investigation usually went one of two ways.\n\nIf the analyst on the case knew relevant schemas for the specific data source, they could query the data themselves. That meant a small group of senior analysts handled most of the non-routine work, since few people had the time or background to learn the full landscape of vendor formats.\n\nIf they didn't, they escalated. The question got handed to someone who could write the query, which created a queue. Even simple requests had to wait until a senior analyst had time to pick them up.\n\nNeither approach scaled cleanly across thousands of customers and partners. Barracuda wanted something that gave every user direct access to the data without requiring SQL, and without weakening the tenant isolation that a managed platform depends on.\n\nAI-Powered Log Search lives inside the XDR dashboard. The user types a question, Genie converts it into SQL, runs it against that customer's logs, and returns results in a familiar table view. The generated query is shown alongside the results, which gives analysts a way to verify what ran or learn the SQL for next time.\n\nWhat makes this work better than a generic text-to-SQL tool is the context Genie has access to. Barracuda enriched its [Unity Catalog](https://www.databricks.com/product/unity-catalog) with security-specific metadata, including descriptions for every column and table covering network, server, cloud, email, and endpoint sources. So when a user asks about \"blocked connections,\" Genie can map the request onto the right tables and fields across whichever firewall vendors are in play for that customer.\n\nMulti-turn conversations are supported, which is how most analysts work in practice. A first question pulls back a broad view, and follow-ups refine it: \"now filter to just the top 10 source IPs,\" \"show me the same data for last week,\" \"exclude internal addresses.\" Genie carries the context forward, so each follow-up builds on the last without restating it.\n\nAccording to Barracuda, Genie has reduced time-to-insight on routine investigations from hours to minutes. A junior analyst who would have escalated a non-trivial query last month can now run it themselves. An MSP technician serving multiple customers can answer a question on the spot rather than route it through a senior analyst. Compliance teams and security leaders can pull their own data without filing a ticket. And because every query gets logged, the audit trail covers SOC 2 and similar compliance requirements without extra instrumentation.\n\nThat shift is already changing how Barracuda handles recurring log-search requests. Before Genie, business users regularly relied on SOC analysts to pull specific log-search data. The SOC team received around 200 requests per month, with each request taking 25 to 30 minutes to interpret the request, identify the right data source and schema, write SQL, run the query and respond through tickets. With Genie, those recurring requests can move to self-service, freeing an estimated 83 to 100 SOC analyst hours per month, or 1,000 to 1,200 hours annually.\n\nBy using Databricks Genie to allow our partners and SMBs to query complex security data using everyday language, Barracuda Managed XDR makes threat investigation remarkably easy to use. This intuitive AI-powered search enables faster turnaround on potential risks, significantly improving our overall operational productivity and corporate defense.—Boopathy Veerappa, Director, Cyber DevOps Engineering - Managed XDR\n\nA natural-language interface to security logs is only useful if it's safe to expose to thousands of customers in a shared platform. A query that crosses customer boundaries is a breach, so Barracuda built tenant isolation into every layer of the system.\n\nGenie never queries base tables directly. Instead, it queries secure views in Unity Catalog that filter data by the authenticated user's organization before the query engine ever runs the SQL. Because the filter is applied at the view layer rather than in the prompt or application code, a malformed or adversarial query can't bypass it. Service principals are scoped to a single organization, and a query validator inspects every generated SQL statement to confirm that the organization filter is present and rejects any that fail.\n\nGovernance comes for free with this design. The same row-level security policies that protect the underlying tables apply to natural-language queries, so there's no parallel access model to maintain or a separate authorization layer to keep in sync.\n\nBarracuda's Managed XDR team is continuing to build on AI-Powered Log Search. Saving and scheduling searches is on the near-term roadmap, along with integration with Barracuda's AI Assistant for summarization, additional data sources, and chart and visualization generation directly from query results.\n\nFor the full technical breakdown, including the compound AI architecture, row-level security implementation, query validation pipeline, and multi-region deployment model, [read Barracuda's engineering post](https://blog.barracuda.com/2026/06/03/ai-powered-log-search-barracuda-managed-xdr).\n\nTo learn more about Genie and how teams are using it to make data and agents available to every employee, visit[ the Genie product page](https://www.databricks.com/product/ai-bi/genie).\n\nSubscribe to our blog and get the latest posts delivered to your inbox.", "url": "https://wpnews.pro/news/barracuda-makes-security-logs-conversational-with-genie", "canonical_source": "https://www.databricks.com/blog/barracuda-makes-security-logs-conversational-genie", "published_at": "2026-07-06 23:15:23+00:00", "updated_at": "2026-07-07 16:34:35.059315+00:00", "lang": "en", "topics": ["artificial-intelligence", "natural-language-processing", "ai-products", "ai-tools", "ai-infrastructure"], "entities": ["Barracuda", "Databricks", "Genie", "Unity Catalog", "Managed XDR", "WatchGuard", "Fortinet", "Palo Alto"], "alternates": {"html": "https://wpnews.pro/news/barracuda-makes-security-logs-conversational-with-genie", "markdown": "https://wpnews.pro/news/barracuda-makes-security-logs-conversational-with-genie.md", "text": "https://wpnews.pro/news/barracuda-makes-security-logs-conversational-with-genie.txt", "jsonld": "https://wpnews.pro/news/barracuda-makes-security-logs-conversational-with-genie.jsonld"}}