We get alerts in the Routed DDoS at times that are not relevant, or do not have supporting data. See Case 00750423. In talking with the SOC, they are saying these were false positives, related to high bandwidth to a specific IP. Some of these show what the bandwidth is, but others don't depending on the length of the event.
Example: Alert 9999999 IPv4 Auto-Mitigation
We just need some supporting data to tell us this was a false-positive alert and why it was generated in the first place, without opening a case and talking with someone from F5's SOC. This is required to explain these Alerts to management.
Of course, the way these alerts are worded, it seems like something was done, due to the "Auto-Mitigation" keyword.