To answer one question:
"If i click learn on each false positive and the accept it, will that make policy treat this type of request legal in future or only this request from that IP in that moment?"
The policy will treat the request as legal going forward for all requests. Sometimes there is some scope on this action, like "disable on parameters" which would only disable it if matched on a parameter(but not a header, or uri) Also if you have specific parameters/url's defined it can be applied to only those, and not to everything(wildcard parameter if it exists)