Have you attended any SecOps training at all?

Self-taught via documentation and experimentation is an admirable approach, but if you're looking to deploy and support this tool into a production instance, I really would recommend a more formal training programme. 

Given this is an application that can support and maintain the security posture of an organisation, there's quite a lot of risk weighing heavily upon a job done right.

As a query.. do you want to create Vulnerability Group Rules or Vulnerability Groups...?