@KE1980, Try listing all the actions blocked by WAF,
search * | where (action_s == "Blocked")
For matched/blocked requests by IP.
AzureDiagnostics | where ResourceProvider == "MICROSOFT.NETWORK" and Category == "ApplicationGatewayFirewallLog" | summarize count() by clientIp_s, bin(TimeGenerated, 1m) | render timechart
Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.