Vulnerability Assessment and Alerting Solutions
-
Hey All,
I'm looking for a vulnerability assessment and alerting solution that is going to have to be agent based to alert for any OS vulnerabilities for a remote workforce.
Wazuh is the top item that comes to mind, but I'm not a huge fan of its presentation, likely I just need to sort out the views.
Does anyone else have any recommendations?
The target group is endpoint devices (workstations) and datacenter equipment.
TIA
-
Have a look at Rapid7 InsightVM
-
@nadnerB said in Vulnerability Assessment and Alerting Solutions:
Have a look at Rapid7 InsightVM
Never heard of it, what makes it good?
-
@DustinB3403 said in Vulnerability Assessment and Alerting Solutions:
@nadnerB said in Vulnerability Assessment and Alerting Solutions:
Have a look at Rapid7 InsightVM
Never heard of it, what makes it good?
I haven’t used many tools in that space, but it’s what our sys admins picked when we went looking several years ago. Produces a lot of info, and the alerting features are highly customisable.
Tenable is another option
-
Just say "no" to Qualys.
-
Possibly something like Arctic Wolf.
-
@EddieJennings What has been your experience with them?
-
What about Nessus?
-
@dbeato I do not touch our Qualys instance as often as I probably should, but the team members that do touch it often generally complain about remediated vulnerabilities still being detected. However, I really the think the problem lies with how queries are built for the dashboards (done by another team).
I can say Ansible-izing the installation of the agent for Linux servers was a bit of a challenge (I can take a look back at the playbook tasks on Monday to see what I had to do).
-
@EddieJennings said in Vulnerability Assessment and Alerting Solutions:
but the team members that do touch it often generally complain about remediated vulnerabilities still being detected.
That is true, lol. That is one of my complaints lol.
-
So I've used qualys when I worked for an MSP and actually liked it, besides of a few things.
Setting up networks sucked
The interface generally was a bit confusing to get used to (infrequent customers)The reporting was incredibly in-depth, I can't say I ever saw remediated vulns being detected again
We settled on Wazuh for now as it at least covers our needs and lists different vulnerabilities.
-
@DustinB3403 said in Vulnerability Assessment and Alerting Solutions:
Hey All,
I'm looking for a vulnerability assessment and alerting solution that is going to have to be agent based to alert for any OS vulnerabilities for a remote workforce.
Wazuh is the top item that comes to mind, but I'm not a huge fan of its presentation, likely I just need to sort out the views.
Does anyone else have any recommendations?
The target group is endpoint devices (workstations) and datacenter equipment.
TIA
Have you looked into OpenVAS?
-
@IRJ Yeah I've tried openVAS in the past, it wasn't bad, but it also wasn't great.
I've ended up making some changes to my firewall and using Wazuh to report on my endpoints that are remote to our datacenter.
Which works well enough for our needs