When a Virtual Service on a LoadMaster exceeds the Web Application Firewall (WAF) event tolerance for the selected duration, WAF incident is generated in the Incidents center and a notification is sent to configured Communication channels. For further details on the WAF event tolerance settings, refer to the following section: Settings. These notifications can proactively inform you when there is a sudden surge in triggered WAF rules. This provides you with valuable insights and the ability to promptly respond to security events.

If some WAF events are being caused by false positives, you can tune the WAF rules and add rule exclusions to reduce the number of false positives. For further details, refer to the following section: WAF Rule Tuning.