It happens a few times that due to the Incaprule creation, the legitimate clients for example, Chrome etc., get misclassified as the Unknown bot or classified as a different client like Edge, etc gets blocked. It happen as the WAF couldn't classify the request correctly that leads to the misclassification of the client.
The Client classification process is somewhat complex and multi-staged. It is based on various values from each request like headers, TLS signatures, and fingerprints. Hence, it may take a few more requests for clients to be fully classified by Imperva WAF.
Num on Session filter will counts the number of requests received from the client before starting the classification process. Therefore, we need to add Num On Session Filter in the Incaprule to reduce the which will allow the request to get classified correctly as the first request was not classified correctly.
For example : we can see the below rule which caused the False Positives to the customer and by adding Num On Session filter the issue was resolved. The value of Num On Session differs from site to site as sometime the request takes more request to get classified correctly.
(ClientType != Browser;FeedFetcher;SearchBot;SiteHelper) & NumOnSession >= 12