ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Vulnerability Assessment and Alerting Solutions

    Scheduled Pinned Locked Moved IT Discussion
    siemvulnerabilityopen source
    13 Posts 6 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DustinB3403D
      DustinB3403 @nadnerB
      last edited by

      @nadnerB said in Vulnerability Assessment and Alerting Solutions:

      Have a look at Rapid7 InsightVM

      Never heard of it, what makes it good?

      nadnerBN 1 Reply Last reply Reply Quote 0
      • nadnerBN
        nadnerB @DustinB3403
        last edited by

        @DustinB3403 said in Vulnerability Assessment and Alerting Solutions:

        @nadnerB said in Vulnerability Assessment and Alerting Solutions:

        Have a look at Rapid7 InsightVM

        Never heard of it, what makes it good?

        I haven’t used many tools in that space, but it’s what our sys admins picked when we went looking several years ago. Produces a lot of info, and the alerting features are highly customisable.

        Tenable is another option

        1 Reply Last reply Reply Quote 1
        • EddieJenningsE
          EddieJennings
          last edited by

          Just say "no" to Qualys.

          dbeatoD 1 Reply Last reply Reply Quote 1
          • J
            Jimmy9008
            last edited by

            Possibly something like Arctic Wolf.

            1 Reply Last reply Reply Quote 0
            • dbeatoD
              dbeato @EddieJennings
              last edited by

              @EddieJennings What has been your experience with them?

              EddieJenningsE 1 Reply Last reply Reply Quote 0
              • dbeatoD
                dbeato
                last edited by

                What about Nessus?

                1 Reply Last reply Reply Quote 0
                • EddieJenningsE
                  EddieJennings @dbeato
                  last edited by

                  @dbeato I do not touch our Qualys instance as often as I probably should, but the team members that do touch it often generally complain about remediated vulnerabilities still being detected. However, I really the think the problem lies with how queries are built for the dashboards (done by another team).

                  I can say Ansible-izing the installation of the agent for Linux servers was a bit of a challenge (I can take a look back at the playbook tasks on Monday to see what I had to do).

                  dbeatoD 1 Reply Last reply Reply Quote 0
                  • dbeatoD
                    dbeato @EddieJennings
                    last edited by

                    @EddieJennings said in Vulnerability Assessment and Alerting Solutions:

                    but the team members that do touch it often generally complain about remediated vulnerabilities still being detected.

                    That is true, lol. That is one of my complaints lol.

                    DustinB3403D 1 Reply Last reply Reply Quote 0
                    • DustinB3403D
                      DustinB3403 @dbeato
                      last edited by

                      So I've used qualys when I worked for an MSP and actually liked it, besides of a few things.

                      Setting up networks sucked
                      The interface generally was a bit confusing to get used to (infrequent customers)

                      The reporting was incredibly in-depth, I can't say I ever saw remediated vulns being detected again

                      We settled on Wazuh for now as it at least covers our needs and lists different vulnerabilities.

                      1 Reply Last reply Reply Quote 0
                      • IRJI
                        IRJ @DustinB3403
                        last edited by

                        @DustinB3403 said in Vulnerability Assessment and Alerting Solutions:

                        Hey All,

                        I'm looking for a vulnerability assessment and alerting solution that is going to have to be agent based to alert for any OS vulnerabilities for a remote workforce.

                        Wazuh is the top item that comes to mind, but I'm not a huge fan of its presentation, likely I just need to sort out the views.

                        Does anyone else have any recommendations?

                        The target group is endpoint devices (workstations) and datacenter equipment.

                        TIA

                        Have you looked into OpenVAS?

                        https://openvas.org/

                        DustinB3403D 1 Reply Last reply Reply Quote 0
                        • DustinB3403D
                          DustinB3403 @IRJ
                          last edited by

                          @IRJ Yeah I've tried openVAS in the past, it wasn't bad, but it also wasn't great.

                          I've ended up making some changes to my firewall and using Wazuh to report on my endpoints that are remote to our datacenter.

                          Which works well enough for our needs

                          1 Reply Last reply Reply Quote 1
                          • 1 / 1
                          • First post
                            Last post