Virtual patching rules are partially pre-constructed rules that allow you to block, tag, and log requests that match Common Vulnerabilities and Exposures (CVE). The rules can be configured to send an alert when a threshold of matching requests is reached.
New virtual patching rules are announced through an optional email subscription. You can subscribe to virtual patching announcements in your account settings.
Limitations and considerations
When working with virtual patching rules, keep the following things in mind:
- The Essential platform only supports virtual patching in BLOCK mode. The Premier and Professional platforms support all modes and have the additional option of enabling a threshold blocking approach.
- The Templated Rules page is only included with the Premier and Professional platforms. It is not included as part of the Essential platform.
- The Signals page is only included with the Essential platform. It is not included as part of the Premier and Professional platforms.
Working with virtual patching rules from the Templated Rules page
For Premier and Professional platforms, you can view, enable, and edit virtual patching rules from the Templated Rules page.
Working with virtual patching rules from the Signals page
For Essential platform, you can view, enable, and edit virtual patching rules from the Signals page.
View virtual patching rules from the Signals page
To view virtual patching rules, follow these steps:
- Log in to the Signal Sciences console.
- Click the Signals tab. The Signals page appears.
- In the Category filter section, select CVE. The virtual patching rules are listed.
Enable virtual patching rules from the Signals page
To enable a virtual patching rule, follow these steps:
- On the Signals page, click View in the row of the virtual patching rule that you want to enable. An activity overview of the selected rule appears.
- Click the Configuration tab. Configuration options for the signal appear.
- Click the Alerts tab. The Alerts tab appears.
- Click Add alert. The Add form appears.
- Fill out the alert configuration fields as follows:
- In the Signal area, verify that the virtual patching rule that you want to enable is selected.
- In the Action area, select Block requests immediately.
- In the Status area, set the switch to Enabled.
- Click the Save alert button. The virtual patching rule is enabled.
- Click the Detections tab. The Detections configuration tab appears.
- Click Add detection. The Add form appears.
- Verify the switch is set to Enabled.
- Click the Create detection button. Requests that match the virtual patching rule are assigned the tag associated with the rule.