We're using Nessus Professional for our on-line/off-line systems.  The learning curve is a little steep, but it works great.

If you don't have any budget for it, you could build a Kali Linux box and run scans as cron jobs that way, too.

Microsoft Baseline Security Analyzer (MBSA) may be what you are looking for if you are a Windows shop:  https://www.microsoft.com/en-us/download/details.aspx?id=7558

I should add that I am trying to avoid buying a Nessus license which is very costly. I would prefer a low / no cost solution if there are alternatives out there since I have more than one system to scan.  Also, MBSA only does Windows patches, and we have WSUS that gives us this info. I was hoping for a product that would check other vendor apps (Adobe reader, etc.) that require patches.

Kali Linux and Metasploit tools may be viable options, but I have not tried these yet. I was just hoping for several options to consider, and get a sense of what others have experienced with specific tools.  I have read that several tools require a fair amount of fine tuning to reduce false positives, so first-hand experience feedback is appreciated.

Thanks to all who have replied so far.

- Pat

I'd agree OpenVAS is a good, no-cost solution for vulnerabilty scanning and Identification though it lacks some reporting features.

Nessus, as stated, is a good system and is very good at reporting on asset vulnerabilites.

Personally, I enjoy using Nexpose (InsightVM). Does a lot of the same things and reporting/management is good.

Both Nessus and Nexpose cost money, OpenVas is the no cost option. There are a load of other systems that so similar things so check what's on offer with each, weigh up cost/value add and happy hunting!

All of these systems tend to be OS agnostic too.

OpenVAS for the low cost option but Nessus is pretty much the gold standard. If you need to show proof of patching Nessus and its reporting capabilities makes the cost worth it.