Educause Security Discussion mailing list archives
Re: Evaluating Rapid7's Nexpose
From: Conor McGrath <conormc () UCHICAGO EDU>
Date: Wed, 11 Apr 2007 11:35:34 -0500
On Wed, Apr 11, 2007 at 11:27:59AM -0400 Michael Bayne said:
We're currently evaluating Rapid7's Nexpose vulnerability scanner. They claim to have a large install base in education, so I thought I'd see if any of you were using it and what your experience with it have been. I'm particularly interested in your estimates of false positives/false negatives, how you handle false positives in reporting, scalability, experiences with Rapid7's technical support, how well its database and web services scans work. The marketing guy was pushing the fact that all the vulnerability checks are stored in text files and custom vulnerability checks can be written. The scripting language for the checks seems to be proprietary, however, which makes writing custom checks a tad bit hard without documentation. Has anyone tried to write custom checks? Have you had custom checks written for you by Rapid7? Have you been able to get documentation about scripting from Rapid7? Any other thoughts you might want to share would be appreciated.
I don't know much about the product because their sales folks were so thoroughly unprofessional I simply refuse to talk to them any longer. They started off with cold calls and then acting like they were my best friends when I did answer. From there they began to call multiple times in a row. If I did not answer they wouldn't leave a voice mail for me but would call again in two minutes...and again...and again. I observed this behavior twice while I was in meetings in my office. Perhaps I'm just in a crabby mood today but I will not likely do business with such folks anytime soon. -Conor -- Conor McGrath Phone: (773)702-7611 Manager for Network Security Fax: (773)834-8444 Network Security Center, The University of Chicago NetSec: (773)702-2378 PGP: http://security.uchicago.edu/centerinfo/pgpkeys.shtml
Current thread:
- Evaluating Rapid7's Nexpose Michael Bayne (Apr 11)
- <Possible follow-ups>
- Re: Evaluating Rapid7's Nexpose Logan, Kimberly (loganks) (Apr 11)
- Re: Evaluating Rapid7's Nexpose Conor McGrath (Apr 11)
- Re: Evaluating Rapid7's Nexpose Stelfox, Samuel G @ VTC (Apr 11)
- Re: Evaluating Rapid7's Nexpose Jason Carr (Apr 11)
- Re: Evaluating Rapid7's Nexpose Ferris, Joe (Apr 12)
- Re: Evaluating Rapid7's Nexpose Steve Brukbacher (Apr 12)