Educause Security Discussion mailing list archives
Re: Evaluating Rapid7's Nexpose
From: Jason Carr <jcarr () ANDREW CMU EDU>
Date: Wed, 11 Apr 2007 19:40:42 -0400
Hello, We just recently purchased NeXpose after evaluating the product for awhile. As of right now we're going to setup a small test group of servers and users and also use it for one off scans. We will start scanning more servers after our "beta" group. There haven't been may false positives in our scans. Rapid7 has always said that any false positive is a bug in their software and they try to fix it. Speaking of support, they are pretty easy to get a hold of and has always responded back quickly to any problem that we've had. They also seem to be open to suggestions and from what I understand, many features get added because of customer suggestions. Recently NeXpose was updated to include PostgreSQL support instead of using the Apache Derby database. This has improved speed especially when dealing with large amounts of data. I have yet to play with creating our own custom vulnerability checks, but it will be something we will be investigating. We haven't asked for documentation yet, but we're just not ready for it. Let me know if you have any other questions and I'll try to answer them, - Jason -- Jason Carr Information Security Office Carnegie Mellon University
Current thread:
- Evaluating Rapid7's Nexpose Michael Bayne (Apr 11)
- <Possible follow-ups>
- Re: Evaluating Rapid7's Nexpose Logan, Kimberly (loganks) (Apr 11)
- Re: Evaluating Rapid7's Nexpose Conor McGrath (Apr 11)
- Re: Evaluating Rapid7's Nexpose Stelfox, Samuel G @ VTC (Apr 11)
- Re: Evaluating Rapid7's Nexpose Jason Carr (Apr 11)
- Re: Evaluating Rapid7's Nexpose Ferris, Joe (Apr 12)
- Re: Evaluating Rapid7's Nexpose Steve Brukbacher (Apr 12)