Virtual Patching

Virtual Patch Guidance for Exploited CVEs

KEVIntel helps teams turn observed exploitation patterns into temporary WAF, IPS, and detection controls while remediation is underway. Where data is available, KEVIntel provides request paths, payload fingerprints, exploit-pattern context, false-positive notes, and mitigation references.

3

WAF Platforms Supported

Every patch ships as deployable ModSecurity, Cloudflare, and AWS WAF rules.

KEV

Focused on Exploited CVEs

Patches target known exploited vulnerabilities, so you spend WAF effort where attackers are actually active.

API

Automation-Ready Delivery

Enterprise users pull deployable WAF rules via the Pro API to feed CI/CD, WAF-as-code, and SOAR pipelines.

What Is a Virtual Patch?

A virtual patch is a compensating control — usually a WAF rule — that helps reduce exposure to a known vulnerability before you can apply the vendor's official fix. When a CVE is being exploited in the wild, patching windows, change freezes, and regression testing all take time. A virtual patch helps reduce exposure during the patch window.

KEVIntel delivers virtual patches as deployable rules for the WAFs your team already runs. The result is a fast, reversible compensating control you can ship while the permanent patch goes through its normal lifecycle.

Virtual Patches Help You:

  • Reduce exposure while remediation is underway.
  • Bridge the gap until vendor patches are tested and deployed.
  • Protect legacy or unpatchable systems that can't take the fix.
  • Deploy reversible WAF controls without code changes.
  • Standardize rules across ModSecurity, Cloudflare, and AWS WAF.

How KEVIntel Virtual Patches Work

From exploited CVE to a deployable WAF rule, on a repeatable pipeline.

Step 1

Identify

Surface actively exploited CVEs from KEVIntel's known exploited vulnerability intelligence.

Step 2

Build

Build a WAF rule that matches the exploitation pattern with a low false-positive profile.

Step 3

Test

Validate the rule against must-block and must-allow cases for ModSecurity, Cloudflare, and AWS WAF.

Step 4

Deliver

Enterprise users pull deployable WAF rules via the Pro API and deploy into their existing WAF.

Supported WAF Platforms

Deployable rules for the WAFs your team already operates.

ModSecurity

SecRule-format rules for the widely deployed open-source WAF engine and its CRS-based stacks.

Cloudflare

Cloudflare WAF custom rule expressions with a recommended action for edge deployment.

AWS WAF

AWS WAF rule JSON plus Terraform HCL so you can manage virtual patches as code.

Built for Operational Teams

Virtual patches plug into the workflows that already own exposure reduction.

Vulnerability Management

Reduce exposure on exploited CVEs while remediation is underway and SLAs are at risk.

SOC & Detection

Turn exploitation intelligence into enforceable WAF controls and detection signals.

MSSPs

Roll out consistent, evidence-backed virtual patches across many client WAF estates.

Free

Free KEVIntel channels signal whether a virtual patch is available for a CVE and which WAF platforms are supported.

  • Per-CVE virtual patch availability indicator
  • Supported platform names on the CVE Virtual Patch tab
  • Availability surfaced in the Free KEV RSS Feed and Free KEV JSON Feed

Pro

Pro accounts see the same virtual patch availability indicators as Free — not deployable rule content.

  • Per-CVE availability indicator on the CVE Virtual Patch tab
  • Supported platform names (ModSecurity, Cloudflare, AWS WAF)
  • Full Pro API enrichment and limited sensor telemetry

Enterprise

Enterprise

Get the full deployable WAF rules from GET /api/v2/enterprise/virtual_patches.

  • Deployable ModSecurity, Cloudflare, and AWS WAF rules
  • Severity, confidence, and false-positive risk context
  • Embedded in Pro KEV show records for Enterprise accounts

Frequently Asked Questions

What is a virtual patch?
A virtual patch is a compensating control — typically a WAF rule — that helps reduce exposure to a known vulnerability while the official vendor patch is tested and deployed. It buys security teams time to test and roll out permanent fixes during the patch window.
Which WAF platforms does KEVIntel support?
KEVIntel virtual patches ship as pre-generated, deployable WAF rules for ModSecurity, Cloudflare, and AWS WAF.
Which CVEs get a virtual patch?
KEVIntel focuses on actively exploited vulnerabilities. Virtual patches are authored for known exploited CVEs (KEVs) where a reliable, low-false-positive WAF rule can match the exploitation pattern.
Is virtual patch rule content free?
Free KEVIntel channels signal whether a virtual patch is available for a CVE (an availability indicator only). The full rule content and deployable ModSecurity, Cloudflare, and AWS WAF exports are available to KEVIntel Enterprise users via the Pro API.
How do I deploy a KEVIntel virtual patch?
Enterprise users fetch the deployable rules from GET /api/v2/enterprise/virtual_patches, then deploy the matching ModSecurity, Cloudflare, or AWS WAF rule into their existing WAF.

Patch the Vulnerabilities Attackers Are Exploiting.

Deploy KEVIntel virtual patches as ModSecurity, Cloudflare, and AWS WAF rules and reduce exposure on exploited CVEs while the vendor fix is tested and deployed.