Inbound Anomaly Score itself isn’t a rule other than it takes the rules which were triggered in the OWASP ruleset and assigns it a score. based on your WAF settings if the request is anomalous ‘enouhg’ the request is denied. The OWASP score in your screenshot was 65. The JSON details will highlight which rules were triggered.
Without knowing what you’re creating an exception for vs. what is being triggered… I can only suggest you’ve used the wrong criteria.
Click the export event json in your first screenshot in this thread and review which rules are actually being triggered.