After reading the rule migration guide and other documents I’m confused as to why the auto-migrated rules are duplicates of the ones listed in custom rules.
If I create a new custom rule it doesn’t automatically add one to managed rules or seem to need it so why did the migrations do this?
Custom rules with skip enabled just seem to do the same thing.
To sum it up, the new rules essentially bring better performance, but everything you could do with the old ones you can do with the new and more.
Rules might have to be redone or you’ll end up with two sets of rules (old and new).
The managed rulesets themselves, you can’t add to them, you can enable/disable each individual rule from the ruleset and/or add exceptions in Security → WAF → Managed rules and change how aggressive they are.
If you have other managed rules there (other than exceptions), most likely you also have them inside one of the new rulesets or they have been discontinued or deemed outdated and replaced.