still confused on Explicit Entities Learning

Sorry about the delayed response! So "Add All Entities" (which is called "Always" in v13), will result in a learning suggestion for every entity for which a request has been detected in traffic. This means you will see a suggestion to add a URL or other entity explicitly, which means "by name" to your policy. The problem as you've stated is that this can cause quite a bit of work. So we invented "Selective." This means you will not see a suggestion to add an entity explicitly if a request for it has been detected in traffic--unless the request differs from the attributes or violation types that are specified for said entity in its wildcard. My guess is that the number of learning suggestions you will see for URLs using Selective learning mode will be far less than if using Add All Entities. The trick is to make sure that the attributes/violations for the URL wildcard are general enough that they are sensible for all of the URLs in your application. So, when a request for a URL is much different than what is in your wildcard (thus making that URL an outlier), you should see a learning suggestion to add that one, weird URL explicitly to your policy. You can speed up the process by adding URLs you know you don't want clients to access to the disallowed URLs list.