WAF Administrative Rules

Hello Cloudflare Community!,
I’m checking all the rules of cloudflare and, I have activated some groups, however if I go to some of the rules, there are some that by default are not activated, for example some injection attacks in the Special group.

Where can I find information on the why of this, and be sure that I have the exact rules correct for my app?