aws waf Is there a way to set up alerts on WAF rules when BLOCKS from certain rule crosses a minimum threshold? Please advise then we shall discuss implementation.

Yes, WAF sends BlockedRequest metrics to CloudWatch. From CloudWatch you can then define alarms and actions to take when thresholds have been breached. See: Monitoring with Amazon CloudWatch.

The metric ** BlockedRequests** will be sent to CloudWatch for all the rules (Metric name = rule name) that are set to BLOCK and collectively for the whole Web ACL (Metric name = name of the Web ACL). Once a block action is performed, you can go to CloudWatch metrics console and navigate to the following: All ==> WAFV2 ==> Region, Rule, WebACL There you will be able to see the Metrics for the Web ACL and the rules. You can then create Alarms for the individual *** BlockedRequest*** metric for when a threshold is breached