I am trying to put alarms in place to monitor blocked requests. I’m making use of several AWS Managed Rule Groups as part of my rules.
After looking at the AWS documentation for WAF metrics, I’m uncertain whether my alarm dimensions should be based on a rule, or a rule group.
The confusion stems from the rules themselves containing the managed rule groups. Should I provide the managed rule group or simply my rule which contains the managed rule group as the dimension for my cloudwatch metric alarms?