This detection rule focuses on identifying failed BGP (Border Gateway Protocol) authentication attempts in Huawei devices, which may signal brute force attacks aimed at manipulating routing. The rule operates by monitoring logs generated by Huawei BGP services and aims to help network administrators detect potential unauthorized access attempts or misconfigurations in BGP settings. When BGP authentication fails, it flags the events containing specific keywords like ':179' and 'BGP_AUTH_FAILED'. As BGP is a critical component for routing information between routers on the internet, any unauthorized attempt to alter this communication could pose significant risks to network integrity. To successfully deploy this rule, BGP logs from Huawei devices must be enabled and properly ingested into the monitoring system. The detection is categorized as low-level risk primarily because false positives are unlikely unless misconfigurations occur. The rule also prioritizes awareness in terms of security context, marking it relevant to multiple stages of attack activity such as initial access, privilege escalation, and credential access, as indicated in the referenced attack tactics.