• Nexpose
  • Overview
  • Features
  • Architecture & Open API
  • Try NeXpose
  • Buy NeXpose
  • System Requirements
  • Vulnerabilities Tested
  • NeXpose Information
• Solutions
  • Unified Vulnerability Management
  • Web Application VA
  • Database VA
  • Network & OS VA
  • Compliance Scanning
• Services
  • PCI Compliance Testing
  • Penetration Testing
  • Web Application Security Audits
  • Best Practices Consulting
  • Social Engineering
  • CISSP Seminar
  • NeXpose Training
• Support
  • NeXpose FAQ
  • System Requirements
  • Support Form
  • Vulnerabilities Tested
  • Customer Center Login
• Security Center
  • Advisories
  • Vulnerabilities Tested
  • Compliance
  • White Papers & Articles
  • SSHredder Test Suite
• Company
  • Management
  • Customers
  • Partners
  • Press Room
  • Events
  • Contact
  • Careers
• Customers

• Overview
• Features
  • Accurate Scan Results
  • Asset Groups
  • Ticketing
  • Risk Analysis
  • Policy Checking
  • Auto-Update
  • Customizable Reports
  • Hosted Scanning
  • Deployment Options
• Architecture & Open API
• Try NeXpose
• Buy NeXpose
• System Requirements
• Vulnerabilities Tested
• NeXpose Information
• NeXpose FAQ

Of further interest:

• White paper - NeXpose Vulnerability Management
• NeXpose Datasheet

NeXpose Reporting

One of the most powerful features of NeXpose is its ability to provide robust and useful reports for any person responsible for security within your organization. Once an audit is completed, analyzing the data can be quite a task. Depending upon the audience, there is often too much or too little data. The reporting framework in NeXpose has been designed to provide the flexibility necessary to satisfy all parties. Various levels of technical detail are supported, allowing reports to be tailored for audiences ranging from upper management to system administrators.

Configuring a report is quite simple. Just select the type of report you want as shown in the screenshot to the right, answer a few more questions provided in subsequent screens and your report will be generated. NeXpose reports are structured to address three audiences:

• Executive reports summarize risk by graphically displaying trends and statistics on vulnerabilities system wide.
• Remediation reports are used by network systems specialists charged with fixing systems; these reports contain project plans, system links, definitions of vulnerabilities and detailed steps for fixing the problem along with time estimates.
• Alerts are used to notify real time operations of the existence of threats as they are found. Alerts tie into many network operations consoles using SNMP.

Reports can be generated automatically in HTML, plain text, or XML formats and e-mailed to any number of recipients. The email subject lists the number of vulnerabilities, allowing an administrator to quickly decide whether or not further attention is required. Customization is simple as report sections can be added, removed or re-ordered. The amount of technical detail can be adjusted, allowing reports to be tailored for any target audience.

Not only are NeXpose reports flexible, but they also provide the needed information efficiently. Vulnerability reports contain information to quickly understand what the problem is and provide supporting evidence that the system is vulnerable. URL links to downloadable patches and vendor advisories make resolving problems straightforward. The service reports contain version and configuration information, which provides an inventory of software running on your network.

NeXpose includes a number of report templates that can be combined to build custom reports for your organization. Some of the templates include:

• Executive Overview - Provides a high-level summary of scan results in a format that can be presented to management
• Baseline Comparison report - Highlights changes since a previous session, allowing the administrators to monitor progress in the security of the network.
• Audit report - Details systems, services, vulnerabilities and resources discovered during the scan.
• Policy Evaluation reports - details violations and other errors encountered while evaluating compliance with the defined security policies.
• Remediation Plan reports - Defines a strategy to efficiently resolve issues affecting network nodes. A plan is provided with a solution-centric approach to ease correcting problems on each host.
• Trend Reports - Compares the vulnerabilities discovered in the baseline to the vulnerabilities discovered in the session being reported on. This information is useful to monitor progress in reducing vulnerabilities and to gauge maintenance of the network's security.

NeXpose reports can be generated in HTML, XML, CSV and Text formats. Session data can also be exported to any JDBC or ODBC compliant data source. The professional quality HTML reports provide URL links to patches and additional references (CVE, SecurityFocus and vendor advisories) making it easy to resolve discovered vulnerabilities. The XML and CSV formats are ideal for integration with publishing and workflow tools. XML reports can also be used with your own stylesheets to generate customer HTML reports.

The best way to find out why NeXpose makes vulnerability management easier is to see the reports first hand. Request your 20 day evaluation today.

Copyright © 2001 - 2008, Rapid7, LLC. All Rights Reserved.

• Home
• |
• Nexpose
• |
• Solutions
• |
• Services
• |
• Support
• |
• Security Center
• |
• Company
• |
• Contact