I am a comfortable user of Cloud Armor WAF for my GCP Application Loadbalancers. One thing that wants me shop for other WAF vendors is the traceability of blocked connection attempts. By design, Cloud Armor does not provide this for connections blocked due to Preconfigured or IP based deny rules. This was probably done with the intent of obscurity to non-compliant connection attempts, but this is hitting the adminstrators hard. 

Without uniquely traceable strings, adminstrators have to beat around the bush with other identifiers such as timestamps, IP addresses etc., which is cumbersome in a heavily used environment.

Given that this a standard feature of any WAF vendor in the market, I think its a very fair ask.