Create Recast/Accept Rules in Findings

In Tenable Web App Scanning, you can create rules that affect your vulnerability findings. Recast rules change the severity of host vulnerabilities or web application findings, while Accept rules accept the risk of these findings without modifying their severity. This topic describes how to create rules in the Findings page.

Note: If a rule is targeted by IP address, that rule applies to the specified IP in each network in which it is found. For more information, see Networks in the Tenable Vulnerability Management User Guide.

Create a Recast Rule in Findings

To create a Recast rule:

1. In the upper-left corner, click the button.

   The left navigation plane appears.

2. In the left navigation plane, click Findings.

   The Findings page appears.

3. In the row for the finding to create a rule for, click the button.

   A drop-down menu appears.

4. Click Recast.

   The Recast plane appears.

5. Complete the following options:

   Option	Required	Description
   Name	Yes	Name exclusive to this recast.
   Description	No	Description of this recast.
   Criteria	No	The criteria for applications to be included in this recast.
   Original Severity	No	The original severity level of the scan you are recasting. Can be Info, Low, Medium, High, or Critical.
   New Severity	No	The new severity to assign to the recast action. Can be Info, Low, Medium, High, or Critical.
   Expires	No	Select date when the rule will expire.
   Comments	No	Type comments to provide rule details.

6. Click Recast.

   Tenable Web App Scanning starts applying the rule to existing findings. This process may take some time, depending on the system load and the number of matching findings. Tenable Web App Scanning updates your dashboards, where a label appears to indicate how many instances of affected findings were recast.

   Note: A recast rule does not affect the historical results of a scan.

Create an Accept Rule in Findings

To create an Accept rule from the Findings workbench:

1. In the upper-left corner, click the button.

   The left navigation plane appears.

2. In the left navigation plane click Findings.

3. In the row for the finding to create a rule for, click the button.

   A drop-down menu appears.

4. Click Accept.

   The Accept Risk window appears.

5. Complete the following options:

   Option	Required	Description
   Name	Yes	Name exclusive to this recast.
   Description	No	Description of this recast.
   Criteria	No	The criteria for applications to be included in this recast.
   Expires	No	Select date when the rule will expire.
   Comments	No	Type comments to provide rule details.
   Report as False Positive to Tenable	No	Turn on this toggle when a plugin generates inaccurate findings and you want Tenable to review the results.

6. Click Accept.

   Tenable Web App Scanning starts applying the rule to existing findings. This process may take some time, depending on the system load and the number of matching findings.