My value for auto blocking is 2 in 24 hours, block for 17 hours, permanently block after 2 - very broad. Do you have a suggestion to be more efficient on the system? Anything I can do to limit the auto block notifications that resulted from 404 attempts? I didn't see that - hopefully you can add it. I still log and review logs, but getting 50 messages of auto block is noisy and I fear a real notice will get lost.
Attaching a screen shot of the graph showing the WAF exceptions. Of those show, 99% are 404.