Unleashed more advanced features and automation with scripting and SQL
August 02, 2016
Unleashed more advanced features and automation with scripting and SQL
Score 8 out of 10
Vetted Review
Verified User
Overall Satisfaction with Rapid7 NeXpose
Rapid7 NeXpose is being used across the whole organization directly or indirectly by multiple departments. It is being used to scan the current assets and new build servers for vulnerabilities. It is also the main tool to find the vulnerabilities for PCI compliance and remediation. In addition, we utilize its tagging features to help sort out scans and reports for different asset owners or teams. We also use its features of services and software inventory findings to assist incident response in case any assets need a more deeper info, which may compensate some missing features in the product in case you can't find a away to achieve in the GUI.
- The API is also a great tool for us to automate lots of routine procedures like scan and report of asset(s) BY EMAIL.
- Tagging. It helps sort out results and reports for respective assets Owner for remediation without a lengthy report including unnecessary information for that particular team.
- SQL Reporting. It provides advanced reporting and export capabilities that you can not find in the stock report template.
- Scan for individual asset(s) (with schedule) should be more friendly and easy in GUI rather than going through its corresponding site for scheduling.
- Scan with Credentials can not be customized or prioritized the use of credentials for different sites or assets. How credentials are applied or the order of applying is still not very customizable.
- SQL database (PostgreSQL) should be opened to customer, since it lives on customer's appliance, so that we can do live monitoring and query in a more robust way.
- Not my territory to know the ROI.
- nessus
Selection was made by my manager. We have used Nessus before and switched to Rapid7 Nexpose.