This article explains the legacy version of
The purpose of an instance is to identify profiles which may be used to assess threats against production traffic. To this end, an instance:
Identifies how unwanted traffic, as defined by the above profile, will be handled.
Each detected threat is logged regardless of the action (i.e., block, custom response, redirect, or alert) defined within an instance.
Identifies whether the threats detected from an additional profile should be audited.
Threats detected by an audit profile may be tracked through the WAF Dashboard.
Use "Profile Type" to graph threats according to whether they were detected as a result of a production or audit profile.
Use the "Instance" and "Profile Type" filters to only display threats detected by a production or audit profile.
Auditing a profile that is already being applied to production traffic will cause the same threat to be logged twice.