Should SOC monitor WAF alerts?

Hi all,

My management has decided that the SOC (me) should monitor WAF alerts in our SIEM (?). I just don't see the point or what can be done:

\- either the traffic has been blocked by the WAF and then no action is required

\- either the traffic went through, and if it is illegitimate, that means the WAF needs improvement, so then no monitoring action to take

Am I missing something?

action alerts blocked can cybersecurity don management monitor point siem soc traffic waf