Over the years, I’ve had the opportunity to work with both Rapid7’s InsightVM and Tenable’s Tenable.SC. At the core of these products is their vulnerability scanners, Nexpose and Nessus respectively. I wanted to compare these two vulnerability management products and document some of the pros and cons of each one.
While both products scan your network and report on vulnerabilities, they report them in different ways. Ideologically, InsightVM is more vulnerability focused while Tenable.SC is more remediation focused.
Nexpose, like other vulnerability management platforms, has the ability to create exceptions for the vulnerabilities it finds. You might need to issue exceptions because the vulnerability is a false positive, a compensating control is in place, or the risk is acceptable to the business.
Unfortunately, you sometimes have to create exceptions for hundreds, if not thousands, of vulnerabilities within Nexpose. It’s far too time consuming to create those manually.
The good news is that Nexpose has a well documented API. I’ve used this API to create a Powershell module that can help automate the submission of vulnerability exceptions.