Catch exceptions in the process waf job, use symbols for actions, Don't create a rule which matches a supernet rule.

app/jobs/process_waf_event_job.rb

@@ -79,6 +79,7 @@ class ProcessWafEventJob < ApplicationJob
             Rails.logger.debug "Network processing took #{((Time.current - network_start) * 1000).round(2)}ms"
           rescue => e
             Rails.logger.warn "Failed to process network range for event #{event.id}: #{e.message}"
+            Sentry.capture_exception(e)
           end
         elsif event.ip_address.present?
           Rails.logger.warn "Event #{event.id} has IP but no network_range_id (private IP?)"

app/models/waf_policy.rb

@@ -152,9 +152,16 @@ validate :targets_must_be_array
   def create_rule_for_network_range(network_range)
     return nil unless matches_network_range?(network_range)
 
+    # Check for existing supernet rules before attempting to create
+    if network_range.supernet_rules.any?
+      supernet = network_range.supernet_rules.first
+      Rails.logger.debug "Skipping rule creation for #{network_range.cidr} - covered by supernet rule ##{supernet.id} (#{supernet.network_range.cidr})"
+      return nil
+    end
+
     rule = Rule.create!(
       waf_rule_type: 'network',
-      waf_action: policy_action,
+      waf_action: policy_action.to_sym,
       network_range: network_range,
       waf_policy: self,
       user: user,
@@ -203,7 +210,7 @@ validate :targets_must_be_array
 
       rule = Rule.create!(
         waf_rule_type: 'path_pattern',
-        waf_action: policy_action,
+        waf_action: policy_action.to_sym,
         waf_policy: self,
         user: user,
         source: "policy",