cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Jbayle1
Newcomer I

Tenable.io vs Security Center

Hello,


I currently use Nessus Pro for vulnerability scanning and management and I'm looking to add additional reporting and tracking of the history of my hosts to the setup. I've noticed that Nessus Pro greatly lacks any form of reporting and dashboard creation. The two solutions to this appear to be Security Center(on-prem) or Tenable.IO Vulnerability Management (cloud). I'm looking to get some opinions from those that use or have looked into using these two products what seem to be the pros and cons of each. 

 

Cheers,

 

Josh

12 Replies
NVAnalyzer
Viewer II

Check https://nvanalyzer.com for a tool that allows combining Nessus scan files into logical scans, analyzing and comparing them.

robinfoprotech
Newcomer I

Hi,  just thought I would add my experience.  We started life with Openvas and then added a Nessus Pro when our pen testers started giviing us reports from a Nessus scan.  We were using Nessus pro for approx 6 months and exporting the results into Excel with resonable success.  We then started to look at Security Center but were guided down the IO route as we were looking at a Siem solution to run alongisde.  Tenable IO is a great product and easy to use, you can make API calls into the backend to export results into a SIEM, you can also do the normal export into Excel.  The reporting in TIO is ok, I still think it needs work as a lot of the reports are fixed and it lacks the ability to create fully custom reports.  I would say you would be best to sign up for a free trial to have a look through the TIO reporting options.  Happy to take any futher questions if I can help.

Elvar
Newcomer II

It could be worth your time to take a look at VulnWhisperer  (https://github.com/austin-taylor/VulnWhisperer)

 

It can integrate with various scanners like Nessus, OpenVAS and Qualys. So you can have multiple scanners and view the results in the same interface. The big use case I can see that you can purchase a certified scanner for your internet facing IP addresses while using OpenVAS for your internal environment.

 

Note that I have not personally tried it yet but I do know the underlying stack it uses (The Elastic Stack) and the reporting and data mining features are solid. Also I am in no way connected to that project, just find the approach to be good.