If WAS detects a vulnerability for a web application protected by WAF, you can install a Virtual Patch to protect your Web application from that vulnerability.
To do that, select the WAS app, go to Web Applications > Detections, click on the arrow and select “Install Patch”.
Virtual Patches are created in the form of custom rules.
Rule details and conditions for the custom rule are auto populated based on the detection. By default, the action for a virtual patch is Block.
Virtual patches once created are linked to the web application. To view them, simply click View in the Quick Actions for a web application, and then click the Security pane.
Deleting a virtual patch from WAS detections list does not remove the associated WAF custom rule. You can use the custom rule in the future for similar web applications.