<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Segoe UI";
panose-1:2 11 5 2 4 2 4 2 2 3;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
text-align:right;
direction:rtl;
unicode-bidi:embed;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 90.0pt 72.0pt 90.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal" style="margin-bottom:8.0pt;text-align:left;line-height:107%;direction:ltr;unicode-bidi:embed">
<span style="font-family:"Segoe UI",sans-serif;color:#201F1E;background:white">Hi
<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom:8.0pt;text-align:left;line-height:107%;direction:ltr;unicode-bidi:embed">
<span style="font-family:"Segoe UI",sans-serif;color:#201F1E;background:white">We are in the middle of integrating Suricata with Cumulus switches at a client site.<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom:8.0pt;text-align:left;line-height:107%;direction:ltr;unicode-bidi:embed">
<span style="font-family:"Segoe UI",sans-serif;color:#201F1E;background:white">Cumulus switch sends the data via ERSPAN – GREv0, by Suricata support, this should be supported (as for my knowledge, Please correct me if I am wrong).<br>
When we analyzed the packets, we found the packets still encapsulated, compared to GREv2 which we tested and were parsed by Suricata with no issue.<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom:8.0pt;text-align:left;line-height:107%;direction:ltr;unicode-bidi:embed">
<span style="font-family:"Segoe UI",sans-serif;color:#201F1E;background:white">What is the best approach dealing with the issue?<o:p></o:p></span></p>
<p class="MsoNormal" dir="RTL"><span lang="HE" style="font-family:"Arial",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-align:left;direction:ltr;unicode-bidi:embed">Thank you in advance
<o:p></o:p></p>
<p class="MsoNormal" dir="RTL"><span dir="LTR"><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-align:left;direction:ltr;unicode-bidi:embed"><span style="font-size:10.0pt;color:#595959">Golan Sharon</span><span style="font-size:12.0pt;color:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="text-align:left;direction:ltr;unicode-bidi:embed"><span style="font-size:10.0pt;color:#595959">Cyber Readiness & IR</span><span style="font-size:12.0pt;color:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="text-align:left;direction:ltr;unicode-bidi:embed"><span style="font-size:10.0pt;color:#595959">Security Associate Principal | Accenture Security |
</span><span style="font-size:10.0pt;color:#4472C4">Maglan</span><span style="font-size:12.0pt;color:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="text-align:left;direction:ltr;unicode-bidi:embed"><span style="font-size:12.0pt;color:black"><img width="143" height="26" style="width:1.4895in;height:.2708in" id="Picture_x0020_1" src="cid:image001.png@01D5B036.0702BC40" alt="cid:e98e5894-ac80-4dd3-9ab6-64fbd9085e6c">
<img width="19" height="19" style="width:.1979in;height:.1979in" id="Picture_x0020_2" src="cid:image002.png@01D5B036.0702BC40" alt="cid:18219709-c5de-4d98-9f66-a9fd04ffec50"> <img width="19" height="19" style="width:.1979in;height:.1979in" id="Picture_x0020_3" src="cid:image003.png@01D5B036.0702BC40" alt="cid:19643a01-cc91-4470-8aec-456094318b96"><o:p></o:p></span></p>
<p class="MsoNormal" style="text-align:left;direction:ltr;unicode-bidi:embed"><span style="font-size:12.0pt;color:black"> </span><span style="font-size:12.0pt;color:black"><o:p></o:p></span></p>
<p class="MsoNormal" dir="RTL"><span lang="HE" style="font-family:"Arial",sans-serif"><o:p> </o:p></span></p>
</div>
<br>
<hr>
<font face="Arial" color="Gray" size="1"><br>
This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by
you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of
internal compliance with Accenture policy. Your privacy is important to us. Accenture uses your personal data only in compliance with data protection laws. For further information on how Accenture processes your personal data, please see our privacy statement
at https://www.accenture.com/us-en/privacy-policy. <br>
______________________________________________________________________________________<br>
<br>
www.accenture.com<br>
</font>
</body>
</html>