Document toolboxDocument toolbox

ids.huawei

Owned by Juan Tomás Alonso Nieto (Deactivated), created
Last updated: Aug 21, 2023
2 min read
[ 1 Introduction ] [ 2 Valid tags and data tables  ] [ 3 Table structure ]

Introduction

The tags beginning with ids.huawei identify events generated by Huawei.

Valid tags and data tables 

The full tag must have at least 3 levels. The first two are fixed as ids.huawei. The third level identifies the type of events sent. The fourth level indicates the event subtype.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

Tags

Data tables

Product / Service

Tags

Data tables

Huawei NIP intrusion detection system (IDS)

ids.huawei.nip.assoc

ids.huawei.nip

ids.huawei.nip.assoc

ids.huawei.nip.assoc

ids.huawei.nip.atk

ids.huawei.nip.atk

ids.huawei.nip.iprpu

ids.huawei.nip.iprpu

For more information, read more About Devo tags.

Table structure

These are the fields displayed in these tables:

ids.huawei.nip

Field

Type

Field transformation

Source field name

Extra fields

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

 

 

 

host

str

 

vhost

 

type

str

 

vtype

 

srcTime

str

 

 

 

srcHost

str

 

 

 

version

str

substring(versionModule, 0, 2)

versionModule

 

severity

str

 

 

 

brief

str

 

 

 

logIdentifier

str

 

 

 

rawMessage

str

 

 

 

hostchain

str

 

 

✓

tag

str

 

 

✓

ids.huawei.nip.assoc

Field

Type

Field transformation

Source field name

Extra fields

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

 

 

 

host

str

 

vhost

 

srcTime

str

 

 

 

srcHost

str

 

 

 

version

str

substring(versionModule, 0, 2)

versionModule

 

severity

str

 

 

 

brief

str

 

 

 

logIdentifier

str

 

 

 

SyslogId

str

 

 

 

VSys

str

 

 

 

Policy

str

 

 

 

SrcIp

ip4

 

 

 

DstIp

ip4

 

 

 

SrcPort

str

 

 

 

DstPort

str

 

 

 

SrcZone

str

 

 

 

DstZone

str

 

 

 

User

str

 

 

 

Protocol

str

 

 

 

Application

str

 

 

 

Profile

str

 

 

 

SignName

str

 

 

 

SignId

str

 

 

 

EventNum

str

 

 

 

Target

str

 

 

 

Severity

str

 

 

 

Os

str

 

 

 

Category

str

 

 

 

Action

str

 

 

 

hostchain

str

 

 

✓

tag

str

 

 

✓

rawMessage

str

 

rawSource

✓

ids.huawei.nip.atk

Field

Type

Field transformation

Source field name

Extra fields

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

 

 

 

host

str

 

vhost

 

srcTime

str

 

 

 

srcHost

str

 

 

 

version

str

substring(versionModule, 0, 2)

versionModule

 

severity

str

 

 

 

brief

str

 

 

 

logIdentifier

str

 

 

 

AttackType

str

 

 

 

slot

str

 

 

 

cpu

int4

 

 

 

receiveInterface

str

 

 

 

proto

str

 

 

 

src

str

 

 

 

srcIP

ip4

src

 

srcPort

str

src

 

dst

str

 

 

 

dstIP

ip4

dst

 

dstPort

str

dst

 

beginTime

str

 

 

 

endTime

str

 

 

 

totalPackets

int4

 

 

 

maxSpeed

int4

 

 

 

User

str

 

 

 

Action

str

 

 

 

rawMessage

str

 

 

✓

hostchain

str

 

 

✓

tag

str

 

 

✓

ids.huawei.nip.iprpu

Field

Type

Field transformation

Source field name

Extra fields

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

 

 

 

host

str

 

vhost

 

version

str

versionModule

 

severity

str

 

 

 

brief

str

 

 

 

logIdentifier

str

 

 

 

processId

int4

 

 

 

AttackType

str

 

 

 

SrcIP

ip4

 

 

 

VSysId

str

 

 

 

hostchain

str

 

 

✓

tag

str

 

 

✓

rawMessage

str

 

rawSource

✓