Which WAF platforms does KEVIntel support?

KEVIntel virtual patches ship as pre-generated, deployable WAF rules for ModSecurity, Cloudflare, and AWS WAF.

Which CVEs get a virtual patch?

KEVIntel focuses on actively exploited vulnerabilities. Virtual patches are authored for known exploited CVEs (KEVs) where a reliable, low-false-positive WAF rule can match the exploitation pattern.

Is virtual patch rule content free?

Free KEVIntel channels signal whether a virtual patch is available for a CVE (an availability indicator only). The full rule content and deployable ModSecurity, Cloudflare, and AWS WAF exports are available to KEVIntel Pro and Enterprise users via the Pro API.

How do I deploy a KEVIntel virtual patch?

Pro and Enterprise users fetch the deployable rules from GET /api/v2/pro/virtual_patches, then deploy the matching ModSecurity, Cloudflare, or AWS WAF rule into their existing WAF.

Virtual Patching

Virtual Patch Guidance for Exploited CVEs

KEVIntel helps teams turn observed exploitation patterns into temporary WAF, IPS, and detection controls while remediation is underway. Where data is available, KEVIntel provides request paths, payload fingerprints, exploit-pattern context, false-positive notes, and mitigation references.

Get the Pro API View API Docs

WAF Platforms Supported

Every patch ships as deployable ModSecurity, Cloudflare, and AWS WAF rules.

KEV

Focused on Exploited CVEs

Patches target known exploited vulnerabilities, so you spend WAF effort where attackers are actually active.

API

Automation-Ready Delivery

Pull deployable WAF rules from the Pro API to feed CI/CD, WAF-as-code, and SOAR pipelines.

What Is a Virtual Patch?

A virtual patch is a compensating control — usually a WAF rule — that helps reduce exposure to a known vulnerability before you can apply the vendor's official fix. When a CVE is being exploited in the wild, patching windows, change freezes, and regression testing all take time. A virtual patch helps reduce exposure during the patch window.

KEVIntel delivers virtual patches as deployable rules for the WAFs your team already runs. The result is a fast, reversible compensating control you can ship while the permanent patch goes through its normal lifecycle.

Virtual Patches Help You:

Reduce exposure while remediation is underway.
Bridge the gap until vendor patches are tested and deployed.
Protect legacy or unpatchable systems that can't take the fix.
Deploy reversible WAF controls without code changes.
Standardize rules across ModSecurity, Cloudflare, and AWS WAF.

How KEVIntel Virtual Patches Work

From exploited CVE to a deployable WAF rule, on a repeatable pipeline.

Step 1

Identify

Surface actively exploited CVEs from KEVIntel's known exploited vulnerability intelligence.

Step 2

Build

Build a WAF rule that matches the exploitation pattern with a low false-positive profile.

Step 3

Test

Validate the rule against must-block and must-allow cases for ModSecurity, Cloudflare, and AWS WAF.

Step 4

Deliver

Pull the deployable WAF rules from the Pro API and deploy into your existing WAF.

Supported WAF Platforms

Deployable rules for the WAFs your team already operates.

ModSecurity

SecRule-format rules for the widely deployed open-source WAF engine and its CRS-based stacks.

Cloudflare

Cloudflare WAF custom rule expressions with a recommended action for edge deployment.

AWS WAF

AWS WAF rule JSON plus Terraform HCL so you can manage virtual patches as code.

Built for Operational Teams

Virtual patches plug into the workflows that already own exposure reduction.

Vulnerability Management

Reduce exposure on exploited CVEs while remediation is underway and SLAs are at risk.

SOC & Detection

Turn exploitation intelligence into enforceable WAF controls and detection signals.

MSSPs

Roll out consistent, evidence-backed virtual patches across many client WAF estates.

Free

Free KEVIntel channels signal whether a virtual patch is available for a CVE and which WAF platforms are supported.

Per-CVE virtual patch availability indicator
Supported platform names on the CVE Virtual Patch tab
Availability surfaced in the Free Public KEV RSS Feed and Free KEV JSON Feed

Pro & Enterprise

Pro API

Get the full deployable WAF rules from GET /api/v2/pro/virtual_patches.

Deployable ModSecurity, Cloudflare, and AWS WAF rules
Severity, confidence, and false-positive risk context
Embedded in Pro KEV records for automated workflows

Get the Pro API

Frequently Asked Questions

What is a virtual patch?: A virtual patch is a compensating control — typically a WAF rule — that helps reduce exposure to a known vulnerability while the official vendor patch is tested and deployed. It buys security teams time to test and roll out permanent fixes during the patch window.
Which WAF platforms does KEVIntel support?: KEVIntel virtual patches ship as pre-generated, deployable WAF rules for ModSecurity, Cloudflare, and AWS WAF.
Which CVEs get a virtual patch?: KEVIntel focuses on actively exploited vulnerabilities. Virtual patches are authored for known exploited CVEs (KEVs) where a reliable, low-false-positive WAF rule can match the exploitation pattern.
Is virtual patch rule content free?: Free KEVIntel channels signal whether a virtual patch is available for a CVE (an availability indicator only). The full rule content and deployable ModSecurity, Cloudflare, and AWS WAF exports are available to KEVIntel Pro and Enterprise users via the Pro API.
How do I deploy a KEVIntel virtual patch?: Pro and Enterprise users fetch the deployable rules from GET /api/v2/pro/virtual_patches, then deploy the matching ModSecurity, Cloudflare, or AWS WAF rule into their existing WAF.

Patch the Vulnerabilities Attackers Are Exploiting.

Deploy KEVIntel virtual patches as ModSecurity, Cloudflare, and AWS WAF rules and reduce exposure on exploited CVEs while the vendor fix is tested and deployed.

Get the Pro API View KEV Feed