Recast Rules
In Tenable Vulnerability Management, you can customize Tenable's risk management framework to fit the needs of your organization. To do this, you create rules that modify the severity of vulnerabilities or the results of host audits—or hide them from your scan results.
Example
Imagine you have an asset featuring an FTP with an open vulnerability. You no longer need FTP, so you shut down the service. Now, Tenable Vulnerability Management cannot verify the vulnerability as patched, so it continues to appear in your Findings list. You can use a recast or accept rule to ignore this vulnerability finding without needing to delete the asset and begin a fresh scan.
To access the Accept/Recast Rules page:
-
In the left navigation, click
Settings.The Settings page appears.
-
Click the
Recast tile.The Accept/Recast Rules page appears.
Here, you can view the following information about your accept and recast rules:
-
Action — An icon that indicates the type of rule, for example
(Accept) or (Recast). Tip: To learn about these rule types, see About Recast and Accept Rules. -
Vulnerability — The name of the vulnerability associated with the rule.
-
Plugin ID — The plugin ID associated with the vulnerability.
-
Original Severity — The original severity of the vulnerability before the rule was applied.
-
New Severity — The new severity of the vulnerability after the rule was applied.
-
Targets — The IP addresses/hostnames targeted by the rule.
-
Owner — The Tenable Vulnerability Management user who created the rule.
-
Expires — The date and time on which the rule expires. If the rule does not expire, this column is blank.
-
Created — The date and time at which the rule was created.
-
Last Updated — The date and time at which the rule was last updated by a user.
-
Actions — Click the
button to view actions you can take with the rule. For more information, see Manage Recast Rules.
This documentation explains how to create recast rules, when to use them, and how to manage them. For more information, see the following topics: