Vulnerability scanning service

The Whole of Government Vulnerability scanning service uses the Rapid 7 Insight Platform and Splunk Dashboard to collect, analyse and visualise data streams of cyber security vulnerabilities within an organisation’s internal or external facing ICT systems and technology infrastructures. The dashboard allows large data streams to be transformed into useful information which can be used to inform internal engagement and decision-making to achieve powerful business and operational outcomes.

This scanning service enables our agencies to obtain targeted intelligence to guide activities such as installation of patches to correct security and functionality problems in software and firmware.

The Vulnerability Scanning Service includes two key components and an optional application scanning service.

Vulnerability Scanning

The InsightVM Security Console is an on-premises vulnerability scanner and management system which allows you to identify risk in your environment, organise your devices, and prioritise remediation.

This service uses the Rapid 7 Insight Platform and Splunk Dashboard to collect, analyse and visualise data streams of cyber security vulnerabilities present within an organisation’s IT systems and technology infrastructures. The dashboard enables large data streams to be transformed into useful information which can be used to inform internal engagement and decision-making.

Vulnerability Health Check

This is a consultation service provided by RioT Solutions which takes place annually and is included as part of the WoG Vulnerability scanning service offering. Based on an agency's core business functions and priorities, the Vulnerability Health Check service analyses historical vulnerability data collected in the Splunk Dashboard and iteratively fine-tunes vulnerability   scanning parameters in order to improve an organisations cyber threat mitigation initiative. A Vulnerability Health Check Report is provided to the agency as part of this consultation.

See our Vulnerability Health check PowerPoint presentation (PDF, 201 KB) for an overview of this service. Agencies that use the Vulnerability scanning service for more than 12 months are encouraged to book a Health Check.

Application vulnerability scanning service (optional add-on)
Agencies can choose to purchase licenses to access the Application vulnerability scanning service console as an optional service.

Using this service helps enable Queensland Government organisations to meet their obligations as specified under the Information Security Policy (IS18:2018) and improve cyber security maturity.

Business benefits

This service is a flexible and scalable solution that provides two different business functions:

• a dedicated infrastructure model for larger agencies with diverse technology infrastructures who prefer to host and manage their Vulnerability Scanning functions in-house, or
• a shared-infrastructure model ideally suited for the cyber security needs of smaller agencies with limited ICT resources. The shared approach allows for system support functions to be managed externally while still providing useful vulnerability threat intelligence to agencies as vulnerability reports.

Technical capabilities

• Visibility and governance across internet facing systems, applications, and firmware.
• Receive targeted intelligence on vulnerable software and server fleets with recommendations for correct patches.
• Uplift scanning and patching strategy to improve WoG threat landscape.

The implementation of Rapid 7 InsightVM vulnerability scanning console, along with the Whole of Government Splunk Dashboard and Vulnerability Health Check service, provides coverage of non-managed and unauthorised devices on agency networks. It aims to identify common misconfigurations and detect weaknesses such as SQL Injection vulnerabilities, expiring certificates, default passwords and common OWASP application issues.

Service cost varies between Vulnerability scanning and the Vulnerability Health check.

Vulnerability scanning

Vulnerability Health Check

The application process for this service has 2 steps.

1. Review your organisation’s existing environment. Your agency needs to determine:

• the estimated number of internal assets within scope – an asset is defined by workstations, servers and network devices such as switches and routers
• the estimated number of publicly facing assets such as websites, VPN portals, webapps.
• if your infrastructure (virtual machines) is hosted within the Queensland Government QCloud? (managed by CITEC)
• if your upstream firewall or internet is hosted or managed by CITEC
• do you also host infrastructure in the public cloud? i.e. Microsoft Azure, Google Cloud Platform (GCP), Amazon Web Services (AWS).
  • if so, what hypervisor do you use? .i.e. Vmware, HyperV
• identify officers who will access the InsightVM Live Dashboard, including:
  • technical officers and;
  • executive officers,.i.e. CIO and/or CISO.

2. Complete the Vulnerability scanning application form, including the details listed above, to start onboarding this service. If you need support or want to discuss the details of this service, contact your Cyber Security Unit representative at CyberSecurityUnit@qld.gov.au.

Implement this service

Visit Implement the Vulnerability scanning service for instructions on how to set up and customise the service for your agency.

Agencies that have used the Vulnerability scanning service for 12 months or more are encouraged to complete the online application form to book a Vulnerability Health Check.

Read the vendor Product Brief for detailed information on service features and capabilities.