Hello Joshy, your scenario is exactly why the Real Traffic Policy Builder method was invented for initial policy creation, as Arnaud said. If you are concerned about the vulnerability of transparent mode, you can leave the current policy in blocking mode, but also ensure that whatever entities are triggering violations are in staging mode (especially attack signatures), and also ensure that you have a wildcard in place for file types, parameters, and URLs. For many manual policies, it is not unusual for admins to interpret numerous violations. It's a balance of how easy you want your management work to be versus how comprehensive you want the security policy to be. Hopefully you will not have too many new entities to deal with. The goal is not to block valid requests. How many new violations do you have?