Elastic Security Integeration with Huawei firewall

any idea about elastic security integration with Huawei firewall ?
any workaround as Huawei integration is not listed in elastic security builtin integrations ?

Hi @Rizwan_Balouch, unfortunately we do not currently have a Huawei firewall integration and isn't something we are currently working on. Looking at their documentation, output to syslog is supported (presumably via UDP/TCP).

The custom UDP or TCP integrations could be used to ingest the logs via Elastic Agent, but events won't be automatically mapped to Elastic Common Schema, which is required to leverage your data within our solutions such as Elastic Security. You would need to build an Ingest Pipeline to parse and map the events.

If you'd like to provide some log samples, we'd be happy to look at the format and advise on how to parse the events.

1 Like

Hi @jamie.hynds , Thanks for confirmation about Huawei Integration , i am working on Custom ingest pipelines to parse the Huawei Firewalls logs. Thanks

Thanks @Rizwan_Balouch - if we can help in any way just let me know. Also, if you're interested in contributing your pipeline, we can certainly work with you on a PR, with a few to using your pipeline as a starting point for a fully supported Huawei integration.

Yes sure i will contribute Huawei Pipeline as a start point so other can use this as a starting point for a fully supported Huawei integrations.

Could you please share the necessary steps how i can start work with you on PR. Thanks

Sounds good, thanks Rizwan. You can view our contributing guide for Elastic Agent integrations here: integrations/CONTRIBUTING.md at master · elastic/integrations · GitHub

A good example of a community user PR is a recent Cloudflare integration submitted by @legoguy1000: [Cloudflare] Cloudflare audit logs by legoguy1000 · Pull Request #2294 · elastic/integrations · GitHub

1 Like

Thank you @jamie.hynds :slightly_smiling_face:

Greetings. I have read the solution its quite impressing. I just want to know that is there a webinar or something like that happened on this topic that how to use custom logs integration and then how can we seperate the pipelines. If yes then it would a great favor indeed.

Looking forward hearing from you.