In your case you have many attempts against ajax from users like Heavymetal or Cryptoph. Are they legitimate users? If so add com_ajax as exception into the XSS filter (Waf configuration -> Filter exceptions -> XSS tab).
as you suggested below ----
- Check the task to be launched by the cron ( Configuration -> Cron configuration). Be sure that there is a single task (permissions or integrity) in the "Scheduled task(s)" field. I always recommend to set this value to "only check integrity", as we will be alerted if any single character if changed in any file.
- If you do set the cron enabled to launch a file integrity scan, then you can do several things to reduce the amount of resources needed by the scan. Just go to Global configuration -> Tuning tab and set the "Scan only executable files" to "Yes". Also from File integrity tab set the "Include exceptions into database field" to "No".
--- What if we enable the cron again and set to weekly with the below settings ( will it only scan the latest updated files only? ) -
- Configuration -> Cron configuration - set this value to "only check integrity"
- Global configuration -> Tuning tab - set the "Scan only executable files" to "Yes". '
- File integrity tab set the "Include exceptions into database field" to "No"