About Recast and Accept Rules

On the Recast page in both the Vulnerabilities and Web Applications tabs, you can create both Recast and Accept rules. While recast rules can modify the severity of all findings that correspond to a criteria query, Accept rules hide the findings instead. These rules do not modify scan results.

Why would I use these?

Imagine you have an asset with a vulnerability on an FTP service. You no longer need FTP, so you shut down the service. Now, Tenable Vulnerability Management cannot verify the vulnerability as patched, so it continues to appear in your Findings list. You can use a recast or accept rule to ignore this vulnerability finding without needing to delete the asset and begin a fresh scan.

Recast Rules

Recast rules target findings determined by the query that is shown in the Criteria column on the tables in both the Vulnerabilities and Web Applications tabs in Recast.

You can set recast rules to expire. When recast rules expire, findings revert to their original severity. See Add Recast Rules for more information.

Findings Affected by a Recast Rule

To view findings affected by a recast rule, do one of the following:

  • To view findings affected by a recast rule via the Recast page:

    1. Select either the Vulnerabilities or Web Applications tabs in Recast.

    2. In the recast table, select the check box for the recast rule.

    3. On the left side of the row click the button.

      A table appears.

    4. Click the Findings tab.

      A table appears with the list of findings that meet the Criteria for that rule.

  • To view findings affected by a recast rule via the recast rule details page:

    1. Select the Findings tab in the details view of any recast rule. For more information, see Recast Rule Details.

Note: Findings in the Explore > Findings table whose severity has been modified by a recast rule show a recast icon (such as ) along with a tooltip (such as High-Recast) in the Severity column of the finding .
Note: In Tenable Vulnerability Management without Tenable One (without the Tenable One platform), an Accept or Recast rule does not alter the underlying risk calculations. This means that even if you accept a finding or change its severity, the core risk scores VPR, CES, or AES will remain the same.

Example Recast Rule

Let's say you have a group of internal servers that use self-signed SSL certificates. Your scans report vulnerabilities from plugin 51192, SSL Certificate Cannot Be Trusted, which has a Medium severity. You know the servers use self-signed certificates, so you create the following rule to lower the severity:

  • Action — Recast

  • Criteria— Plugin ID is equal to 51192

  • New Severity — Info

  • Expires — 12 / 05 / 2025

Accept Rules

Accept rules work the same way as recast rules, but accept the risk and hide the findings. You can set Accept rules to expire. When Accept rules expire, their findings reappear on the Explore > Findings table.

To view findings that are hidden due to Accept rules, use the Risk Modified filter on the Explore > Findings table with a value of Accepted. Accepted findings appear with in the Severity column and, at the top-left corner of the Findings Details page, with an Accepted label.

Note: If a finding is Accepted or Recast, this rule won't impact the VPR, AES, or CES scores of any findings.

Example Accept Rule

For the same internal servers using self-signed SSL certificates, let's say you want to hide any findings for plugin 51192. Instead of lowering the severity of the vulnerability, you create the following rule:

  • Action — Accept

  • Name — Accept - Plugin ID: 51192

  • Critera — Plugin ID is equal to 51192

  • Expires — Never