Is there anyway to see what just one attack signature is blocking? Example: Policy has 1,2,3 user define attack signatures. Can I see what #2 is blocking? Maybe a log of it?
To filter all event logs with a particular Signature ID, navigate gui (this is v12.1.1):
Security ›› Event Logs : Application : Requests
"advanced filter" pulldown
"Search String" pulldown to "Signature ID"
Enter the "Signature ID" value