I have been invited to an interview for Risk management position. One of the tasks includes organizing and maintaining IT security monitoring inside the bank.

Issue is my trainee tasks involving vulnerability management was managing the scan results from Qualys, vulnerabilities and notifying users before a ticket opens. I did not see how did the other team set up the vulnerability database and the scans/agents itself.

I would like to ask for some guidance here, since I am not sure how to face this task.