Manage Recast Risk Rules

Note: Creating, editing, or deleting a recast risk rule triggers a background process to update the severity levels of all matching vulnerabilities currently stored in your repositories. Your dashboards and reports may not immediately reflect these changes until the reprocessing is complete.

Add a Recast Risk Rule

Required Tenable Security Center User Role: Organizational user with appropriate permissions. For more information, see User Roles.

If you create a recast risk rule, Tenable Security Center automatically updates the severity for any vulnerabilities that match the rule to the severity you specified in the rule.

For more information, see Recast Risk Rules.

To add a recast risk rule:

  1. Log in to Tenable Security Center via the user interface.

  2. In the left navigation, click Analysis > Vulnerabilities.

    The Vulnerabilities page appears.

  3. In the analysis tools drop-down box, select Vulnerability Detail List, Vulnerability List, or Vulnerability Summary.

    The page refreshes to show the analysis tool view you selected.

  4. To recast risk, do one of the following:

    Recast Risk Rule

    Actions

    To recast risk rule for a single vulnerability

    • Right-click any row that you want to recast and select Recast Risk.

    • Select the check box next to the vulnerability that you want to recast and in the toolbar, click Recast Risk.

    To recast rule for multiple vulnerabilities

    • Select more than one row and in the toolbar, click Recast Risk.

    The Recast Risk pane appears.

  5. Configure the following settings for the accept risk rule:

    Option

    Description

    Basic

    New Severity

    		 Select the new severity level you want to assign to the vulnerability. When saved, this severity replaces the original plugin severity in all active repository findings.

    Comment

    Add a comment to the recast risk rule.

    Expires

    Select the date you want the recast risk rule to expire.

    Repository

    Repositories

    Select one or more repositories where you want to apply the rule.

    Targets

    Type

    Select the target for the rule:

    • All Available Devices - Target all assets.

    • Asset Tag - Target specific labels.

    Asset Tag

    (If Type is Asset Tag) The label you want the accept risk rule to target.

    Port

    The port you want the recast risk rule to target.

    Protocol

    The protocol you want the recast risk rule to target.

  6. Click Submit.

    Tenable Security Center saves your configuration.

    Note: There can be a short delay between clicking on Submit and vulnerabilities showing the new risk. It may be necessary to reload the filters to view the applied changes.

What to do next:

  • (Optional) Enable Recast and Accept Risk Rule Comments to display contents of the Comment field in reports and vulnerability analysis views. For more information, see Risk Rule Comments.

Edit a Recast Risk Rule

Required Tenable Security Center User Role: Organizational user with appropriate permissions. For more information, see User Roles.

If you create a recast risk rule, Tenable Security Center automatically updates the severity for any vulnerabilities that match the rule to the severity you specified in the rule. You can edit the expiration date of existing recast risk rules.

For more information, see Recast Risk Rules.

To edit the expiration date of a recast risk rule:

  1. Log in to Tenable Security Center via the user interface.

  2. Click Workflow > Recast Risk Rules.

    The Recast Risk Rules page appears.

  3. To edit a single rule:

    1. In the table, right-click the row for the rule you want to edit.

      The actions menu appears.

    To edit multiple rules:

    1. In the table, select the check box for each rule you want to edit.

      The available actions appear at the top of the table.

  4. Click Edit.

    The Edit Recast Rules pane appears.

  5. In the Expires box, select the date you want the recast risk rule to expire.

  6. Click Submit.

    Tenable Security Center saves your configuration.

Delete a Recast Risk Rule

Required Tenable Security Center User Role: Administrator or organizational user with appropriate permissions. For more information, see User Roles.

You can delete a recast risk rule to remove your custom severity for a vulnerability. Then, if Tenable Security Center sees the vulnerability again, the vulnerability receives the severity currently associated with the plugin.

Note: If you enabled CVSSv3 scoring, Tenable Security Center immediately restores the original severity of a vulnerability after you delete a recast risk rule. However, because Info-level vulnerabilities do not have a CVSSv3 score, Tenable Security Center does not restore Info-level severities until the vulnerability is detected in a subsequent scan.

Note: Recast risk rules do not apply to offline repositories. Adding or deleting a recast risk rule for an offline repository does not change the risk data.

To delete a recast risk rule and remove your custom severity:

  1. Log in to Tenable Security Center via the user interface.

  2. Click Workflow > Recast Risk Rules (Organizational users) or Repositories > Recast Risk Rules (Administrator users).

    The Recast Risk Rules page appears.

  3. To delete a single rule:

    1. In the table, right-click the row for the rule you want to delete.

      The actions menu appears.

    To delete multiple rules:

    1. In the table, select the check box for each rule you want to delete.

      The available actions appear at the top of the table.

  4. Click Delete.

    A confirmation window appears.

  5. Click Delete.

    Tenable Security Center deletes the rule.

  6. Click Apply Rules.

    If Tenable Security Center sees the vulnerability again, the vulnerability receives the severity currently associated with the plugin.