Imperva recommendation
- When you Unselect a Good bot from a good bot list, the request from those good bots will be treated like a regular request which means it may or may not be blocked.
- To categorize further on the request level in terms of bot categories or type of bots then configure the WAF log integration to your SIEM solution.
(https://docs.imperva.com/bundle/cloud-application-security/page/settings/client-classification.htm)
- If you do not suspect customers to come from a particular client type then you can present those client types with Captcha to restrict only human traffic.
- Enabling the "Require all other suspected bots to pass additional challenges"
#CloudWAF(formerlyIncapsula)