About Recast and Accept Rules

On the Accept/Recast Rules page in the Vulnerabilities tab, you can create both Recast and Accept rules. While Recast rules modify the severity of all findings that correspond to a Plugin ID, Accept rules hide the findings instead. These rules do not modify historical scan results and you can only use them on host vulnerabilities.

Recast Rules

Recast rules target a specific Plugin ID and its findings, for all your assets or some. You can set Recast rules to expire. When Recast rules expire, findings revert to their original severity.

You can check which findings have a Recast rule. To do this, on the Findings workbench, use the the Risk Modified filter with a value of Recast.

Recast findings are labeled in the user interface. On the Findings workbench in the Severity column, appears. On the Findings Details page, in the top-right corner, a Recast label appears.

Note:You cannot use Recast rules on findings from a Frictionless Assessment connector.
Note: If using Tenable Vulnerability Management without Tenable One, targeted findings do not change your VPR, CES, or AES scores.

Example Recast Rule

Let's say you have a group of internal servers that use self-signed SSL certificates. Your scans report vulnerabilities from plugin 51192, SSL Certificate Cannot Be Trusted, which has a Medium severity. You know the servers use self-signed certificates, so you create the following rule to lower the severity:

  • Action — Recast

  • Vulnerability Plugin ID — 51192

  • New Severity — Info

  • Targets — Custom

  • Target Hosts — 192.0.2.1 - 192.0.2.10

  • Expires — Never

Accept Rules

Accept rules work the same way as Recast rules, but accept the risk and hide the findings. You can set Accept rules to expire. When Accept rules expire, their findings reappear on the Findings workbench.

To view hidden findings from Accept rules, on the Findings workbench, use the Risk Modified filter with a value of Accepted. Accepted findings appear with in the Severity column and, at the top-left corner of the Findings Details page, with an Accepted label.

Note: Findings from Accept rules do not affect VPR, AES, or CES scores.

Example Accept Rule

For the same internal servers using self-signed SSL certificates, let's say you want to remove any scan results for plugin 51192 instead of lowering the severity of the vulnerability. You create the following rule:

  • Action — Accept

  • Vulnerability Plugin ID — 51192

  • Targets — Custom

  • Target Hosts — 192.0.2.1 - 192.0.2.10

  • Expires — Never