About Change Result and Accept Rules

On the Accept/Recast Rules page in the Host Audits tab, you can create both Change Result and Accept rules. While Change Result rules modify the results of a host audit, Accept rules hide the findings instead. These rules do not modify historical scan results and you can only use them on Host Audit findings.

Change Result Rules

Change Result rules use an Audit File and an Audit Name and modify finding results to a value you specify. You can use Change Result rules on some or all assets or some and set them to expire. When Change Result rules expire, findings revert to their original result.

To view findings for a Change Result rule, on the Findings workbench in the Host Audits tab, use the Results Modified filter with a value of Result Changed.

Example Change Result Rule

In the following example, you create a rule to address host audit findings from a HIPAA audit. Since only some assets contain Protected Health Information (PHI), the rule changes results to Passed on assets without PHI:

  • Action — Change Result

  • Category — Custom

  • Audit File — HIPAA_Security_Rule_v1.1.0.audit

  • Audit Name — Check HIPAA Security

  • Original Result — Failed

  • New Result — Passed

  • Targets — Custom

  • Target Hosts — 192.0.2.1 - 192.0.2.10

  • Expires — Never

Accept Rules

Accept rules hide findings instead of changing their results —useful when you want to keep a clean audit list with actionable items. Like Change Result rules, you can apply Accept rules to to some or all assets and set them to expire. When Accept rules expire, targeted findings reappear on the Findings workbench.

To view findings for an Accept rule, on the Findings workbench in the Host Audits tab, use the Results Modified filter with a value of Accepted.

Example Accept Rule

In the following example, you create a rule to accept host audit findings for Windows machines with disabled built-in firewalls, since your endpoint security package provides its own firewall:

  • Action — Accept

  • Category — Windows

  • Audit File — CIS_Microsoft_Windows_11_Enterprise_v3.0.0_L1.audit

  • Audit Name —Hide Windows Firewall Findings

  • Original Result — Failed

  • Targets — All

  • Expires — Never