# Vulnerability management

* identify total asset base (use nmap and see if it matches librenms and resolve any discrepancies)
* perform scans of total asset base (using openvas/lynis/ossim)
* manage vulnerability ratings/scope
* notify/escalate to appropriate contacts
* address the vulns
* report metrics (i think the apps provide built in dashboards, may need some light modification)


i think ossim can do all the above ,also lynis/openvas  (the three combined should provide complete coverage) (network scan/agent based combination)

librenms is our CMDB currently  (for identifying assets/contacts). phpipam is our inventory.