How to Validate Vulnerabilities Automatically
Hello everyone, In this lesson, you’ll learn how to use and configure the Auto Validator tool — one of the key components in automating vulnerability management. It significantly reduces manual effort and eliminates unnecessary noise in the results.
Importing Auto Validation Rules
The Auto Validator operates based on special rules, which are easy to construct and modify. If you’re already a client of Whitespots, you’ve received a default set of rules along with your license. To import them:
- Go to the Auto Validator section.
- Click the
Importbutton. - Drag and drop the JSON file containing the validation rules.
- Click
Submit.
First Look at Auto Validation Rules
The default rule set we provide to our clients includes 169 validation rules. Let’s explore Auto Validator screen in the portal to understand how they work.
• The Active column allows you to enable or disable specific rules.
• In the Action column you can see what will happen to a vulnerability that matches the rule criteria (reject, confirm, etc)
• The Tags column contains tags associated with each rule.
• The Products column shows which products the rule applies to.
The Logic Behind Auto Validation Rules
Each rule is based on conditions defined in the Field and Value columns. For example:
bashValue: Binding Field: Description AND Value: Interface Field: Description
This means the rule will trigger only if both “Binding” and “Interface” are present in the description. If matched, the vulnerability will be moved to Rejected.
Another example:
bashValue: Entropy Field: Title AND Value: Reference Field: Description
In this case, the vulnerability will be rejected if “Entropy” appears in the title and “Reference” appears in the description.
These rules are designed to be generic — they don’t rely on specific filenames or URLs. The goal is to cover as many similar vulnerabilities as possible with a single rule.
If you want to filter out similar vulnerabilities in bulk, write the rule in a way that generalizes the pattern — don’t target a single instance.
Important note
When writing validation rules, take into account the order in which they are executed. We support processing the rules in the following priority order:
- Reject
- Risk accepts
- Do not change status
- Confirm rules
Periodic Execution of Rules
Above the list of rules, there is a setting called Launch Frequency (in seconds).
By default, it’s set to 60 seconds, but you can change it to any value you prefer.
We execute rules for newly added vulnerabilities as they appear in the portal.
When a new vulnerability enters the portal, we run it through the validation rules.
And then, at certain intervals, we run our validator through all vulnerabilities again.
Viewing Auto Validator Results
Once the rules are set up, enable the Auto Validator using the toggle switch at the top right of the section.
To view the results:
- Go to the Findings section.
- Apply filters as follows:
Under Automation, select Auto Verified by Rule.
This allows you to evaluate the effectiveness of your validation rules — which you can always customize or expand.