Suricata Snorby Intrusion Detection of an Arachni Scan (Apache Proxying Exchange 2010)
See the blog article here: http://stephenfritz.blogspot.com/2014...
For Suricata-Barnyard2, Snorby installation and configuration, see the blog article: http://stephenfritz.blogspot.com/2014...
See the blog article http://stephenfritz.blogspot.com/2014... for how to reverse proxy Apache to Exchange and http://stephenfritz.blogspot.com/2014... for how to relay from Postfix to Exchange.
The Scanned appliance is described in the blog article: http://stephenfritz.blogspot.com/2014...
Using Arachni to scan an Apache Reverse Proxy Web Server in front of Microsoft Exchange 2010 Client Access Server. The scan is NEITHER detected NOR reported by a Suricata - Snorby IDS