Huawei HiSec NG-SIEM
Build an Enterprise-Grade Continuous Security Operations Hub Platform
Produkty, Rozwiązania i usługi dla przedsiębiorstw
Build an Enterprise-Grade Continuous Security Operations Hub Platform
Huawei HiSec NG-SIEM
Built on Huawei's self-developed, high-performance distributed big-data engine, the platform natively integrates five core capabilities: SIEM intelligent analytics, UEBA behavior analytics, SOAR automated response, panoramic situational awareness dashboards, and an AI-powered security operations assistant, delivering an end-to-end, closed-loop security operations workflow.
Global Data Collection & Parsing
10+ ingestion methods, including Syslog, Kafka, API, and Agent, for full coverage of heterogeneous data sources;
3,000+ out-of-the-box parsing rules and 20+ mainstream parsing formats;
Tiered hot/warm/cold storage with PB-scale full-lifecycle log management.
Intelligent Threat Detection & Analytics
Integrated detection framework combining rules, AI, and UEBA;
2,000+ built-in detections covering the full MITRE ATT&CK chain;
Deep cross-source correlation, visual attack-chain reconstruction, and 90%+ alert noise reduction.
Automated Closed-Loop Response
Native SOAR orchestration with 100+ out-of-the-box standardized playbooks;
Low-code, drag-and-drop workflow design for customized business processes;
Fully automatic or human-in-the-loop modes with native integration to mainstream global vendors.
Full-Scenario Operations & Compliance
Native hierarchical multi-tenant management with fine-grained isolation and dedicated operational views;
10+ built-in situational dashboard templates with low-code custom visualization;
Global compliance templates such as GDPR, PCI DSS, and MLPS, with automated reporting;
Native compatibility with third-party SIEM and log-platform data.
Cybersecurity Assisted Operations Services
Based on HiSec NG-SIEM, provides asset-risk discovery, security policy and configuration optimization, security monitoring, threat warning, and more.
Specifications
| Specifications | Huawei HiSec NG-SIEM |
| Full-domain, All-type Out-of-the-box Data Collection | • Full Coverage Data Collection Methods: Supports 10+ data collection methods including Syslog, Kafka, JDBC, API, and Agent, covering network devices, security devices, host servers, business systems, middleware, and domestic databases, allowing for quick integration without custom development • Massive Pre-built Parsing Rules: Built-in 3000+ parsing rules, covering mainstream Huawei and other manufacturers' device models, supporting 20+ parsing formats such as regular expressions, JSON, KV, and XML • Full Lifecycle Management: Cold, hot, and warm data are stored in a tiered manner, supporting PB-level log management to meet compliance auditing and long-term retention requirements • Customer Value: Quickly access comprehensive data, eliminate data silos and monitoring blind spots, reduce deployment costs, and meet global compliance requirements |
| Multi-source Device Correlation Analysis Reconstructs the Attack Chain and Reduces Alert Noise | • Full-source Correlation Analysis: Correlate alerts and logs across devices and systems to achieve multi-dimensional data fusion and attack chain visualization • Enhanced Threat Intelligence Analysis: By combining threat intelligence from Huawei or third parties, known threats can be quickly identified and contextualized, improving the accuracy of risk assessment • Intelligent Alert Noise Reduction: Alert aggregation and false alert filtering, noise reduction rate can reach over 90% in typical scenarios, highlighting high-value risks and mitigating alert surges • UEBA User Entity Behavior Analysis: Dynamic behavior baselines and abnormal behavior identification support scenarios such as internal threats, abnormal logins, and data leakage, assisting in security analysis and decision-making. • Customer Value: Breaking down the fragmentation of single-point alerts and providing a comprehensive view of attack paths. Significantly reducing the number of alerts, allowing security teams to shift from "handling alerts" to "analyzing attacks" |
| Fully Automated Response, End-to-end Closed Loop | • Abundant Handling Playbooks: Includes 100+ built-in automated handling playbooks, covering typical scenarios such as malicious IP blocking, illegal account locking, and phishing email deletion • Low-code Visual Orchestration: Drag-and-drop custom workflows that connect with Huawei and third-party devices, with typical event response times reduced to minutes • Dual-mode Execution: Supports fully automatic or manual confirmation, flexibly adapting to different business processes • Customer Value: Reduces the burden of manual handling, improves response efficiency, and quickly achieves closed-loop management of security incidents |
| Multi-tenant Operation | • Multi-tenant Hierarchical Management: Separate tenants by department/business line, isolate permissions and configure exclusive views, customize compliance reports and threat rules, and centrally manage overall risks from headquarters • Cross-platform Compatibility and Federated Search: Natively compatible with third-party SIEM and log platforms, enabling second-level correlation queries and attack chain reconstruction across heterogeneous data sources through federated search capabilities, without the need for data migration. • Visualized Operations and Compliance: Built-in 10+ status dashboards and global compliance templates, supporting low-code custom reports and automatic push notifications • Customer Value: Independent and controllable, secure and reliable, supporting refined group operations and multi-regional compliance audits; compatible with existing third-party system data, breaking down data silos and maximizing the reuse of existing assets |
Copyright © 2026 Huawei Technologies Co., Ltd. Wszystkie prawa zastrzeżone.
