Hi @Testa ,
Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
I understand that you would like to create an alert using Azure WAF.
Custom rules are used for one-time hits and they do not understand pattern-attacks.
You can consider using Azure Bot Protection with WAF
You can enable a managed bot protection rule set for your WAF to block or log requests from known malicious IP addresses. The IP addresses are sourced from the Microsoft Threat Intelligence feed
This should help you with blocking any traffic from malicious IPs.
You can also consider using Rate Limiting if you are using Azure Front Door WAF,
Refer : https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-rate-limit
Please let me know if you have further queries on this.
Cheers,
Kapil