Vulnerability Scanning Service - Implementation and Support

Deployment Resources

Deployment Workflow

DMARC Workflow Diagram

Deployment Overview

Onboarding the Vulnerability Scanning service can be achieved in 4 easy steps. The diagram below details pathways to accessing either the Whole of Government (WofG) or the Shared model solution.

Onboarding Diagram

Detailed Deployments Steps

1. Review Existing Environment

Please review your organisation's existing environment and determine the following:

  • Estimated number of internal assets within scope - Asset is defined by workstations, servers and network devices such as switches and routers.
  • Estimated number of publicly facing assets such as websites, VPN portals, webapps.
  • Is your infrastructure (virtual machines) hosted within the Queensland Government QCloud? (managed by CITEC).
  • Is your upstream firewall and/or internet hosted or managed by CITEC?
  • Do you also host infrastructure in the public cloud? i.e. Microsoft Azure, Google Cloud Platform (GCP), Amazon Web Services (AWS).
    • If so, what hypervisor do you use? .i.e. Vmware, HyperV
  • Identify officers who will access the InsightVM Live Dashboard, including:
    • Technical officers, and;
    • Executive officers .i.e. CIO and/or CISO.
2. Complete Online Application Form

Use the information obtained above and complete the Vulnerability Scanning application Form to commence the onboarding  process.

3. Consultation

Once the application form has been submitted, a cyber security specialist will contact you to arrange an initial consultation where the information provided will be evaluated to determine whether to deploy the WofG or Shared Vulnerability Scanning solution.

4. Deployment

The Queensland Government Cyber Security Unit (CSU) partners with RIOT Solutions, who are an authorised service provider for RAPID7's cyber security products and services. The initial consultation and final deployment will be performed by specialists from RIOT solutions, in collaboration with the CITEC).

Support Resources

Documentation

The InsightVM Security Console is an on-premises vulnerability scanner and management system which allows you to identify risk in your environment, organise your devices, and prioritise remediation.

The links below explain the key features of the console and provide guidance on how to create a scan and generate reports.

Security Console - Overview
Security Console - Key Features
How to Create and Scan a Site
How to Generate a Report
InsightVM - Glossary of Terms

User Training

The Rapid7 Academy provides educational materials for cybersecurity professionals using Rapid7 solutions. The curriculum is self-paced, available 24/7 and structured to assist with implementing recommended best practices. 

Please note, participants will be required to create a login account using their Queensland Government email address.

Rapid7 InsightVM

This course provides training on how to use the InsightVM product and features in order to support your vulnerability management program. As implementation of the InsightVM console is included as part of the service to Queensland Government entities, it is suggested more focus be placed on the Overview, Scan Management, Analysis and Remediation modules of the courseware to effectively maximise your learning experience.

Support

Join a Community of Practice

The CSU hosts a Vulnerability Management Community of Practice (CoP) which consists of ICT professionals from Queensland Government entities who meet on a regular basis to collaborate and share information, improve their cyber security skills, and actively work on advancing their general knowledge of cyber security. Please sign in to the Cyber Security Unit website and request to be added to the Vulnerability Management CoP.

RIOT Solutions Service Desk

Contact the RIOT Solutions Service Desk at servicedesk@RIoTSolutions.com.au for technical support issues relating to the Application Scanning service.

Cyber Security Unit

Contact the Cyber Security Unit at CyberSecurityUnit@qld.gov.au should you require further information about the Vulnerability Scanning service.

Request Additional Licenses

Please complete the online License Application Form should your require additional licenses for your existing Vulnerability Scanning service.

Request a Vulnerability Health Check

Please complete the online application form to book a Vulnerability Health Check.


Last Reviewed: 21 June 2022