To enable you to build an integrated security risk intelligence system, Metasploit integrates with leading vulnerability management and web application scanning solutions and provides interfaces to integrate with security information and event management (SIEM) systems.

You can import data from the market-leading vulnerability management solution Nexpose or a third-party vulnerability and web application scanners. Alternatively, you can kick off a scan directly from within Metasploit, either to verify vulnerabilities for security risk management or as a first step of your penetration test.

Metasploit can import the following file formats:

Click to enlarge

Leveraging Metasploit after a vulnerability assessment eliminates false positives and determines which vulnerability puts what data at risk. This integrated enterprise risk intelligence enables security professionals to make informed decisions on which vulnerabilities need to be fixed first, dramatically reducing your mitigation costs.

While Metasploit provides only a file import option for third-party scanners, it can directly pull vulnerability data from one or more Nexpose scan engines. This is particularly useful to organizations that have deployed Nexpose as an enterprise solution. As a result, organizations can streamline the verification of vulnerabilities and reduce their remediation costs.

Click to enlarge

Through an RPC interface, you can programmatically control SIEM solutions and other enterprise security management tools to kick off standardized penetration tests and import the results in an XML format for further analysis.

Click to enlarge