I had to recently create a new drop rule with internal Zone any to wan zone to IP list, this was after repeated ATP alerts from a Linux host attempting Botnet detected host ip connections, I know ATP will block anyway but to be sure I decided to create this top-level Drop rule with the IP list for which I will add Detected IP addresses into so it applies to all internal traffic attempting communication to the same detected ip addresses. It then made me think it would be handy if it were possible to include firewall rules in the current notification lists available i.e. hits on certain FW rules would generate additional notifications as well as the existing ATP alerts. I realise this may be redundant as ATP does notify already but this would be a fall-back line of defence of which notifications would be so handy to have Aswell.