Mercer, Jeff C - Raleigh, NC wrote: > I've never found a truely good Nessus client, not even from Tenable. :(
A lot of what you have written about in this email are things we want to do. However, the Nessus user base is split between command line users, UNIX users, Windows users and Mac OS X users. Integrating the many different GUIs into the new Nessus 3 beta client is our focus right now. We will add more features into the client in the future. > NessusWX is the best I've been able to find but it's largely orphaned. > Tenable should have invested time on re-working it instead of > continually re-writing clients from scratch. I'm assuming Tenable didn't > feel like using 3rd party open source software. Which is sad... Actually, Tenable has been maintaining NessusWX for some time. We've not added major new features to it, but have fixed bugs in it and have provided bandwidth/hosting for it. > Anyways, the new Nessus Client 3 beta is a good start but it's missing a > lot of critical pieces. I think some of these are just not done yet: A lot of the features you are asking for are things we'd like to do. Please keep in mind that the Nessus 3 client is cross platform and will look/behave the same for OS X, Windows and Linux users. Right now our focus is the new Nessus 3 client which includes the .nessus report format. We can build many new features on this reporting format which we can't do as easily with the .nsr, .nbe, .etc formats. The .nessus format tracks what was scanned and also what was found, so it becomes much easier to track results over time. The .nsr and .nbe formats only have results. > o Reporting! Yeah yeah, Tenable wants everyone to buy Security > Center. Which is absurd if all you want is a few reports for scans. > There's a HUGE difference between running a full-blown SIM and just > wanting to report on some scans The Security Center is very good for managing scans, scheduling reports, analyzing vuln data and many other things. For 500 servers, it costs less than $20k which is a steal compared to many of the companies below that you are comparing Nessus to. I also don't consider the Security Center a SIM, unless you add in the Log Correlation Engine which then allows you to also look at firewall, syslog, windows events, .etc all in one spot. > I really could go on. Basically, Nessus has grown-up a lot from where it > started but it still lacks MANY features found in Enterprise scanning > solutions from ISS/IBM, Harris, BindView, etc... And frankly, most of > this is due to the simplified clients. I've worked a lot with customers who have replaced those solutions with the Security Center. A big reason most of them made the switch was because of the differences in speed and accuracy between the Nessus 3 engine and their previous solution. Having said that, many of the features you are asking for are things we plan to do with the Nessus client in future releases. Until then, I encourage Nessus users to try the beta and send in feedback. Ron Gula Tenable Network Security _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
