WAF is set to Alert, not block. We are witnessing thousands of XSS and SQL injection attacks. How do I know if some have really succeeded?

I am rather inexperienced with the WAF and the events / alerts that it generates. I wonder how can I find out if any of these successes has been achieved? For example, in the past 24 hours, we have seen more than 50,000 alerts / events from 941330 (basic set of rules). I know this event (and others) has a strong propensity for false positives, but before I start blocking, I want to better understand what is happening and what has been successful.