Create Recast/Accept Rules in Findings

In Tenable Web App Scanning, you can create rules that affect your vulnerability findings. Recast rules change the severity of host vulnerabilities or web application findings, while Accept rules accept the risk of these findings without modifying their severity. This topic describes how to create rules in the Findings page.

Note: If a rule is targeted by IP address, that rule applies to the specified IP in each network in which it is found. For more information, see Networks in the Tenable Vulnerability Management User Guide.

Create a Recast Rule in Findings

To create a Recast rule:

1. In the upper-left corner, click the button.

   The left navigation plane appears.

2. In the left navigation plane, click Findings.

   The Findings page appears.

3. In the row for the finding to create a rule for, click the button.

   A drop-down menu appears.

4. Click Recast.

   The Recast plane appears.

5. Complete the following options:

   1. New Severity – Select the desired severity level for the vulnerability.

   2. Targets – Select All to target all assets or Custom to specify targets that you want the rule to run against.

      Note: If you set the Targets drop-down to All, a warning appears indicating that this option may override existing rules.

   3. Target Hosts – Type one or more custom targets for the rule, if necessary. You can type a comma-separated list that includes any combination of IP addresses, IP ranges, CIDR, and hostnames.

      Caution: You can only specify 1000 comma-separated custom entries. If you want to target a larger number of custom entries, create multiple rules.

   4. (Optional) Expires – Select when you want the rule to age out.

   5. (Optional) Comments – Type a description of the rule. This option is only visible when the rule is modified.

6. Click Save.

   Tenable Web App Scanning starts applying the rule to existing findings. This process may take some time, depending on the system load and the number of matching findings. Tenable Web App Scanning updates your dashboards, where a label appears to indicate how many instances of affected findings were recast.

   Note: A recast rule does not affect the historical results of a scan.

Create an Accept Rule in Findings

To create an Accept rule from the Findings workbench:

1. In the upper-left corner, click the button.

   The left navigation plane appears.

2. In the left navigation plane click Findings.

3. In the row for the finding to create a rule for, click the button.

   A drop-down menu appears.

4. Click Accept.

   The Accept Risk window appears.

5. Complete the following options:

   1. Targets – Select All to target all assets or Custom to specify targets that you want the rule to run against.

   2. Target Hosts – Type one or more custom targets for the rule, if necessary. You can type a comma-separated list that includes any combination of IP addresses, IP ranges, CIDR, and hostnames.

      Caution: You can only specify 1000 comma-separated custom entries. If you want to target a larger number of custom entries, create multiple rules.

   3. (Optional) Expires – Select when you want the rule to age out.

   4. (Optional) Comments – Type a description of the rule. This option is only visible when the rule is modified.

6. (Optional) To report the vulnerability as a false positive:

   1. Enable the Report as false positive toggle.

      A Message To Tenable box appears.

   2. In the Message to Tenable box, type a description of the false positive.

7. Click Save.

   Tenable Web App Scanning starts applying the rule to existing findings. This process may take some time, depending on the system load and the number of matching findings.