Recast Risk Rules

A list of recast rules configured in Tenable Security Center appears on the Recast Risk Rules page. Organizational users must add recast risk rules before the rules appear on this page.

Administrator and organizational users can manage recast risk rules. You can access information on what particular vulnerabilities or hosts have had risk levels recast, their new severity level and, if noted in the comments, the reason for the severity change. You can search for rules by Plugin ID or Repository.

To view details for a rule, click the row. For more information about adding, editing, or deleting recast risk rules, see Manage Recast Risk Rules.

Note: Creating, editing, or deleting a recast risk rule triggers a background process to update the severity levels of all matching vulnerabilities currently stored in your repositories. Your dashboards and reports may not immediately reflect these changes until the reprocessing is complete.

Requirements and Considerations for Recast Risk Rules

  • Rule enforcement: When you create a recast risk rule, Tenable Security Center applies the new severity to all existing vulnerability instances in your repositories that match the rule criteria.

  • Automatic application: After the initial application, the rule automatically recasts future vulnerability instances discovered during subsequent scans.

  • Processing delay: Reprocessing your cumulative vulnerability data to reflect a new or modified rule may take several minutes depending on the size of your repositories.

  • Archived data: Recast rules do not affect historical data stored in scan results; they only modify the severity of active vulnerabilities in the Cumulative view.

  • Recast expiration: You can set an expiration date for a recast risk rule. When a recast risk rule expires, the severity will reset based on the following criteria:

    • If an administrator has configured Tenable Security Center to use CVSSv3 at the organization level, and there are CVSSv3 metrics available, the severity level of the vulnerability will return to the level determined by the CVSSv3 data.

    • If an administrator has not configured Tenable Security Center to use CVSSv3, or there are no CVSSv3 metrics available, the vulnerability will retain the recast severity level. If Tenable Security Center finds the vulnerability again, the vulnerability will receive the severity level currently determined by the plugin.