Create an Accept Rule for a Plugin

Required User Role: Administrator

Important: The time it takes to apply a recast/accept rule depends on the system load and the number of matching vulnerabilities.

To create an accept rule:

  1. View the Recast/Accept Rules page.
  2. In the upper-right corner, click the Add Rule button.

    The Add Rule plane appears.

  3. In the Action section, select Accept.
  4. In the Vulnerability box, type the ID of the plugin that you want to recast. For example, 51192.

    Note: If the plugin ID corresponds to a Tenable Nessus plugin, the Original Severity indicator changes to match the default severity of the vulnerability. The Original Severity indicator does not change if another type of plugin is used.

  5. In the Targets drop-down box, do one of the following:

    • To target all assets, select All. This is the default target.
    • To target a custom set of assets:
      1. Select Custom.

        A Target Hosts box appears.

      2. In the Target Hosts box, type one or more targets for the rule. You can type a comma-delimited list that includes any combination of IP addresses, IP ranges, CIDR, and hostnames.
      3. Caution: You can only specify 1000 comma-separated custom entries. If you want to target a larger number of custom entries, create multiple rules.

  6. (Optional) In the Expires box, set an expiration date for the rule. This action is only necessary if you want the rule to expire. By default, the rule applies indefinitely.
  7. (Optional) In the Comments box, type a description of the rule. The text you type in this box is only visible if the rule is modified and has no functional effect.
  8. (Optional) To report the vulnerability as a false positive:
    1. Enable the Report as false positive toggle.

      A Message To Tenable box appears.

    2. In the Message to Tenable box, type a description of the false positive to send to Tenable.
  9. Click Save.

    Tenable Vulnerability Management starts applying the rule to existing vulnerabilities. This process may take some time, depending on the system load and the number of matching vulnerabilities. The affected vulnerability is hidden on your workbench.

    Note: To view vulnerabilities hidden from your workbench, use the Recast & Accept advanced filter.