specifically "apparmor" CVE: CVE-2016-1585

I've created this custom rule, but it doesn't seem to work as I keep seeing the alert. Can someone help me to find out what I'm doing wrong?:
<group name="
vulnerability-detector">
<rule id="120001" level="0">
<if_sid>23506</if_sid>
<list field="vulnerability.cve" lookup="match_key">/var/ossec/etc/lists/vuln-whitelist</list>
<group>vulnerability-detector</group>
<description>Whitelist</description>
</rule>
</group>/var/ossec/etc/lists/vuln-whitelist:
CVE-2016-1585:NOTE:
I have added the appropriate configuration to ossec.conf:
<list>etc/lists/vuln-whitelist</list>
Any ideas?