[Oisf-users] Cumulus ERSPAN - GREv0

Sharon, Golan golan.sharon at accenture.com
Wed Dec 11 13:19:29 UTC 2019

We are in the middle of integrating Suricata with Cumulus switches at a client site.
Cumulus switch sends the data via ERSPAN - GREv0, by Suricata support, this should be supported (as for my knowledge, Please correct me if I am wrong).
When we analyzed the packets, we found the packets still encapsulated, compared to GREv2 which we tested and were parsed by Suricata with no issue.
What is the best approach dealing with the issue?

Thank you in advance

Golan Sharon
Cyber Readiness & IR
Security Associate Principal | Accenture Security | Maglan
[cid:e98e5894-ac80-4dd3-9ab6-64fbd9085e6c]     [cid:18219709-c5de-4d98-9f66-a9fd04ffec50]      [cid:19643a01-cc91-4470-8aec-456094318b96]


This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. Your privacy is important to us. Accenture uses your personal data only in compliance with data protection laws. For further information on how Accenture processes your personal data, please see our privacy statement at https://www.accenture.com/us-en/privacy-policy.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20191211/25782506/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 3605 bytes
Desc: image001.png
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20191211/25782506/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 584 bytes
Desc: image002.png
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20191211/25782506/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 442 bytes
Desc: image003.png
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20191211/25782506/attachment-0002.png>

More information about the Oisf-users mailing list