Barracuda full logo

How AI-powered log search helps security teams investigate faster

Topics:
Jun. 3, 2026
Boopathy Veerappa

Barracuda Managed XDR makes it easier to investigate security data with AI-powered log search and plain-language queries

Key takeaways

  • Plain-language investigations: Security teams can ask questions in everyday language instead of writing complex queries.
  • ·Faster time to insight: AI-powered log search helps analysts move from question to answer more quickly.
  • Built for multi-tenant environments: The experience is designed to support strong customer isolation and security controls.
  • More value from existing telemetry: Teams can investigate across security data already collected in Barracuda Managed XDR.

Why do security teams struggle to get answers from log data?

Security teams are collecting more telemetry than ever, but turning that data into answers often still takes too much time and specialized tools or expertise.

Traditional log analysis often requires SQL fluency, deep knowledge of multiple schemas, and manual query refinement across different data sources. That slows investigations and creates bottlenecks when teams need answers quickly.

For a multi-tenant managed security platform like Barracuda Managed XDR, these challenges are amplified. Each customer needs secure, isolated access to their own data while maintaining full flexibility to investigate threats and analyze security events.

How does AI-powered log search help security teams investigate faster?

Barracuda Managed XDR addresses these challenges by integrating Databricks Genie to bring AI-powered log search into the platform. Instead of writing complex queries, users can ask questions in plain language to investigate security data faster and more easily.

How it works

  • Ask questions in plain language: Users can type requests such as "Show me failed login attempts from the last 24 hours" without needing to know the underlying schema.
  • AI-powered translation: AI helps turn the request into an optimized query so analysts can move from question to insight more quickly.
  • Secure controls: Queries execute against the customer's data with row-level security, ensuring complete tenant isolation.
  • Instant results: Results are presented an easy-to-understand format, with the option to view the generated SQL for verification and refinement.

What are the key features of AI-powered log search?

1. Natural language query interface

Instead of wrestling with complex SQL syntax, users can describe what they want to investigate in everyday language. The conversational interface understands security terminology and context. That lowers the barrier to entry for less specialized users and helps experienced teams move faster. For example:

  • "Show me all blocked connections from external IPs"
  • "List users with multiple failed authentication attempts"
  • "What endpoints communicated with known malicious domains?"

The system also supports natural follow-up questions, making it easier to refine investigations and dig deeper.

2. Multi-tenant row-level security (RLS)

Security and data isolation are essential to Barracuda Managed XDR. The AI-powered log search capability is designed to work within that multi-tenant model from the start.

  • Row-level security (RLS): Enforced at the Databricks view level, data is filtered before it ever reaches the query engine.
  • Organization-based data filtering: Customers only ever access their own logs, with no cross-tenant leakage possible.
  • Service principal permissions: Configured for read-only access, scoped to a single organization.
  • Comprehensive guardrails: Preventing cross-tenant data exposure at every layer.

The RLS implementation uses Databricks views that dynamically filter data based on the authenticated user's organization, deployed consistently across all production workspaces globally.

3. Extensive data source coverage

AI-powered log search spans a broad range of security data ingested into Barracuda Managed XDR, giving teams one place to investigate across network, server, cloud, email, and endpoint telemetry.

Category

Data Sources

Network Security

WatchGuard, Meraki, Fortinet, SonicWall, Barracuda CloudGen, Barracuda SecureEdge, Palo Alto, Sophos XG, Suricata, Cisco FTD, pfSense, Ubiquiti

Server Security

Windows Events (Security, System, Application), Linux audit, Forensics artifacts

Cloud Security

Microsoft 365 (Azure AD, Exchange, SharePoint), Google Workspace, AWS CloudTrail, Azure Activity Logs

Email Security

Barracuda Email Gateway Defense (EGD), Barracuda Impersonation Protection (IP), Barracuda Incident Response (IR)

Endpoint Security

Coming soon: SentinelOne, Bitdefender GravityZone, Microsoft Defender for Endpoint

4. Pre-built saved searches

Curated saved searches help teams get started quickly on common use cases. Users can execute these searched with a single click and then can customize as needed.

Why does AI-powered log search matter for analysts, MSPs and security leaders?

For security analysts

  • Faster investigations: Reduce time-to-insight from hours to minutes
  • Lower barrier to entry: No SQL expertise required
  • Contextual follow-ups: Refine searches conversationally
  • SQL visibility: View generated queries to learn and verify

For MSPs and channel partners

  • Scalable service delivery: Serve multiple customers efficiently with secure data isolation
  • Reduced training overhead: Intuitive interface requires minimal onboarding
  • Enhanced value: Offer advanced analytics without additional tooling
  • White-label ready: Integrate into partner workflows

For security leaders

  • Democratized data access: Empower more team members to investigate independently
  • Audit compliance: Full query logging meets SOC 2 and compliance requirements
  • Cost efficiency: Leverage existing XDR data investment for deeper insights
  • Reduced tool sprawl: Consolidate log analysis into a single platform

Technical deep dive

The appendix below summarizes the engineering design behind the integration, including how the experience works, how customer data is protected and how Barracuda supports consistent performance across regions. It is intended for architects, engineers and others interested in the technical details.

Compound AI architecture

The Genie AI-Powered Log Search capability is not just a thin wrapper around an large language model (LLM). It is a sophisticated multi-agent architecture that combines several AI components working in concert.

Traditional text-to-SQL approaches have a fundamental limitation: LLMs hallucinate column names, misunderstand table relationships and generate syntactically valid but semantically incorrect queries. Genie solves this through a compound AI system that orchestrates multiple specialized components:

  • Schema understanding layer: Genie leverages Unity Catalog metadata. Not just table and column names, but also column descriptions, data types, foreign key relationships, and sample values. This grounding dramatically reduces hallucination.
  • Semantic context engine: We have enriched our Unity Catalog with security-domain context: Column descriptions like "src_ip: Source IP address of the connection initiator " and table descriptions explain the security context of each data source.
  • Query planning agent: Rather than generating SQL in a single pass, Genie employs a planning agent that breaks complex questions into sub-queries, identifies required tables and determines optimal join strategies.
  • SQL generation and validation: The generated SQL is validated against the actual schema before execution, catching errors before they hit the compute layer.
  • Result interpretation: For complex results, Genie can summarize findings in natural language, highlighting anomalies or patterns relevant to the original question.

Query execution pipeline

When a user submits a natural language query, here is what happens under the hood:

1

User Query

"Show me failed SSH logins from external IPs today"

2

XDR Dashboard

Authenticates session · extracts organization _id from JWT · initializes Genie conversation context

3

Genie Conversation API

POST /api/2.0/genie/spaces/{space_id}/conversations · stateful session · multi-turn memory for refinements

4

Compound AI Processing

① Intent classification  ② Entity extraction  ③ Schema mapping  ④ Query planning  ⑤ SQL generation + RLS injection

5

Query Validation Layer

Single SELECT check · no JOINs/UNIONs · org filter verification · injection pattern detection · blocked keyword scan

6

Unity Catalog (Row-Level Security)

Executes against RLS-protected view only · WHERE organization_id = current_user_organization() · partition pruning applied

7

Serverless SQL Warehouse

Auto-scaling compute (0 → N clusters) · query timeout enforced · result set limited to 5,000 rows

8

Response to User

Formatted results table · generated SQL (viewable) · optional natural language summary · suggested follow-up questions

How Barracuda protects customer data

Because Barracuda Managed XDR operates in a multi-tenant environment, customer data isolation is built into the architecture from the start. AI-powered log search works within that model through layered controls that limit access, validate execution and help prevent cross-tenant exposure.

The foundation is row-level security enforced through Unity Catalog views that filter data to the authenticated organization before it reaches the query engine. Barracuda also applies validation and execution controls so requests stay within allowed boundaries. Together, these measures create a defense-in-depth model that protects customer data while preserving investigative flexibility.

How Barracuda scales the experience globally

Barracuda Managed XDR runs across five production regions, with customer data remaining within its regional boundary. Barracuda deploys a consistent Databricks-based architecture in each region so the AI-powered log search experience behaves predictably across geographies while respecting operational and data residency requirements.

Operationally, this lets Barracuda maintain consistent instructions, guardrails and secure query surfaces across regions while using auto-scaling compute and optimized data layouts to support performance. The result is a system that can handle large-scale telemetry, support interactive investigations, and evolve over time without unnecessary configuration drift.

Conclusion

AI-powered log search in Barracuda Managed XDR gives security teams a faster, more intuitive way to investigate security data.

By making investigations easier to start and faster to refine, it helps analysts, MSPs and security leaders get more value from the telemetry they already collect while maintaining the controls required in a multi-tenant managed environment.

For more information about Barracuda Managed XDR and its capabilities, visit barracuda.com or contact your Barracuda representative.

Boopathy Veerappa

Boopathy Veerappa is Director, Cyber DevOps Engineering - Managed XDR at Barracuda.

Related Posts:
SOC Threat Radar — May 2026
SOC Threat Radar — May 2026
 Why Cybercrime Losses Hit $21 Billion in 2025 | FBI IC3 Report
Why Cybercrime Losses Hit $21 Billion in 2025 | FBI IC3 Report
 Threat Spotlight: CypherLoc, an advanced browser-locking scareware targeting millions
Threat Spotlight: CypherLoc, an advanced browser-locking scareware targeting millions
 Barracuda brings automated response to your inbox
Barracuda brings automated response to your inbox
Search the blog

2026 Email Threats Report

Learn how AI and phishing-as-a-service are reshaping the email threat landscape and how to stay protected

Get the report

Subscribe to the Barracuda Blog.

Sign up to receive threat spotlights, industry commentary, and more.

The Managed XDR Global Threat Report 

Key findings about the tactics attackers use to target organizations and the security weak spots they try to exploit

Get the report

Sign up to receive threat spotlights, industry commentary, and more.

Get all the latest news, research, and analysis delivered right to your inbox.