Recast Filters
On the Recast page you can view the recast rules by finding type by clicking on the appropriate tab: Host Audits, Vulnerabilities. or Web Applications.
Each tab shows a table that contains the current recast rules for each finding type. You can add recast rules based on query criteria. The filters available in your query criteria vary by finding type.
The following table describes the query filters available for each finding type.
| Column | Finding Type(s) | Description |
|---|---|---|
| Asset ID | Vulnerabilities, Web Applications | The UUID of the asset where a scan detected the finding. |
| Asset Name | Vulnerabilities, Web Applications |
The name of the asset where a scan detected the vulnerability. This value is unique to Tenable Vulnerability Management. This filter is case-sensitive, but you can use the wildcard character to turn this off. |
| Audit File | Host Audits |
The name of the audit file the scanner used to perform the compliance check. |
| Audit Name | Host Audits |
The name of the compliance check the scanner performed on the affected asset. |
|
Created |
All | The date the recast rule was created. |
| CVE | Vulnerabilities, Web Applications |
The Common Vulnerability and Exposure (CVE) IDs for the vulnerabilities that the plugin identifies. (200 value limit) |
| Disabled | All | Allows filtering on the date a recast rule was disabled. |
| Disabled By | All | Allows filtering on the user that disabled a recast rule. |
| Expires | All | Date that the recast rule expires and no longer applies to new findings. |
| FQDNs | Vulnerabilities, Host Audits | Allows filtering on the fully qualified domain names (FQDNs) for the asset. |
| IPv4 Address | All | Use the IPv4 address of the affected asset to query. |
| IPv6 Address | Vulnerabilities, Host Audits | Use the IPv6 address of the affected asset to query. |
| Name | All | Filter on the name of the recast rule. |
| Network | Vulnerabilities, Web Applications | The name of the network object associated with scanners that identified the asset. The default name is Default. For more information, see Networks. |
| New Severity | Vulnerabilities, Web Applications |
The updated severity defined by the recast rule. Values are Critical, High, Medium, Low, Info. |
| Original Result | Host Audits |
The result from the initial audit. Values are Passed, Failed, Warning, Unknown. |
| Original Severity | Vulnerabilities, Web Applications |
The vulnerability's CVSS-based severity. For more information, see CVSS vs. VPR. |
| Owner | All | Filter on the user that created the recast rule. |
| Plugin ID | Vulnerabilities, Web Applications |
Filter on the ID of the plugin that identified the vulnerability. (200 value limit) |
| Plugin Name | Vulnerabilities, Web Applications |
The name of the plugin that identified the vulnerability. |
| Plugin Output | Vulnerabilities |
Use this filter to return findings with plugin output that you specify. Search for a value in the plugin output using the contains or does not contain operator, as described in Use Filters. Caution: Due to technical constraints in how the underlying system processes large data in JSON format, only the first 20,000,000 characters of raw plugin data are available when searching plugin output. If your search is too broad, the system suggests adding Plugin ID to refine the results from that search. For example, to search for output that contains “Kernel”, type: Plugin Output contains Kernel Note: Manually enable this filter in Settings > General Search > Enable Plugin Output Search. If you do not use this filter for 35 days, it is disabled again.
 Plugin Output search best practices...
Since plugin outputs can be large, broad searches may cause system timeouts! For the best results, combine the Plugin Output filter with the Plugin ID filter. Limit the number of plugin IDs you search at once. Specify plugin ID(s) to search for plugins or to exclude them. These approaches apply to different use cases. For example, include plugins when searching for software listings by operating system. Exclude plugins from exploratory searches where the top plugins appear too frequently.
|
| Port | Vulnerabilities | Filter the port the scanner used to connect to the asset where the scan detected the vulnerability. |
| Protocol | Vulnerabilities | Filter the protocol the scanner used to communicate with the asset where the scan detected the vulnerability. |
| Revised Findings | All | Filter on the number of findings that were impacted by this recast rule. |
| Rule ID | All |
Filter on the Rule ID assigned by Tenable Vulnerability Management. This value is unique to Tenable Vulnerability Management. |
| Rule Type | All | Filter on the rule type which are Recast or Accept for Vulnerabilities and Web Applications and Changed for Host Audits. |
| Status | All | Filter on whether the recast rule is Enabled or Disabled. |
| Tags | Vulnerabilities, Web Applications |
Filter and organize assets into logical groups (e.g., Network: Headquarters) for easier management and reporting. This filter is case-sensitive. You can add a maximum of 100 tags. For more information, see Tags. |
| Updated | All | Filter on the date the recast rule was updated. |
| Updated By | All | Filter on the user that updated recast rule. |
| Updated Result | Host Audits | The modified result from the recast rule. Values are Passed, Failed, Warning, Unknown. |