Suricata Rule using GRE

Maria · November 18, 2024, 12:16pm

Hi! I’m new to using Suricata.
I was trying to create a rule for GRE detection. So far, using ip_proto:47 works perfectly, but I’d like to be more specific and differentiate between GRE encapsulating Ethernet (GRE | ETH | IP | UDP) and GRE encapsulating IP (GRE | IP | UDP). I tried looking for information about GRE and Suricata but couldn’t find much.

Thank you!

vjulien · November 19, 2024, 9:37am

I don’t think there are any rule keywords for this. Could you open a feature ticket describing the use case(s)?

Topic		Replies	Views
Hi! Need help with GRE tunnel config Help	1	24	November 4, 2024
Suricata gre protocol Help	9	338	February 9, 2024
Testing IPS fails Help	26	1902	January 25, 2023
Af-packet with gre Help	3	570	April 21, 2021
Suricata and Fortinet ERSpan Version 1 Help suricata	3	66	August 13, 2024

Suricata Rule using GRE

Related topics