Unleashed more advanced features and automation with scripting and SQL
August 02, 2016

Unleashed more advanced features and automation with scripting and SQL

Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User

Overall Satisfaction with Rapid7 NeXpose

Rapid7 NeXpose is being used across the whole organization directly or indirectly by multiple departments. It is being used to scan the current assets and new build servers for vulnerabilities. It is also the main tool to find the vulnerabilities for PCI compliance and remediation. In addition, we utilize its tagging features to help sort out scans and reports for different asset owners or teams. We also use its features of services and software inventory findings to assist incident response in case any assets need a more deeper info, which may compensate some missing features in the product in case you can't find a away to achieve in the GUI.
  • The API is also a great tool for us to automate lots of routine procedures like scan and report of asset(s) BY EMAIL.
  • Tagging. It helps sort out results and reports for respective assets Owner for remediation without a lengthy report including unnecessary information for that particular team.
  • SQL Reporting. It provides advanced reporting and export capabilities that you can not find in the stock report template.
  • Scan for individual asset(s) (with schedule) should be more friendly and easy in GUI rather than going through its corresponding site for scheduling.
  • Scan with Credentials can not be customized or prioritized the use of credentials for different sites or assets. How credentials are applied or the order of applying is still not very customizable.
  • SQL database (PostgreSQL) should be opened to customer, since it lives on customer's appliance, so that we can do live monitoring and query in a more robust way.
  • Not my territory to know the ROI.
  • nessus
Selection was made by my manager. We have used Nessus before and switched to Rapid7 Nexpose.
This is NOT a point-and-click product.
Rapid7 NeXpose is well suited for company or team have member(s) with scripting and SQL skills. You may find some features missing or it is not working the way you want from time to time. It is great that Rapid7 open the products' API, and maybe they know their product is NOT perfect nor suit everyone's need. The API can allow you to do more advanced work like automation, but if the team who use or manage it does not has member proficient in scripting or SQL query, it maybe frustrated to just purely going through the GUI or wait the support for solution.