Today we encounter a number of hits on our WAF. Investigating those issues is possible but often the errors are related to the body that's added to the request. The only way to investigate the issues at this moment is by allowing the WAF rule, let the "blocked" message through to the end application, investigate there the body and determine if we keep the rule disabled or re-enable it.
This can be done a lot faster (and more secure) by allowing the possibility to track/log the body of requests sent over the WAF. possible limited to a small period of time and/or only blocked calls