First of all, thank you for your answer.

For example, I get an email every time that there is a security intelligence event. Let`s say that I´m receiving a lot of emails because an event coming from an IP x.x.x.x

If I create a rule in the first ACP line denying the traffic to this IP over port 80 and 443, I will not receive any more SI event emails because L3/L4 rules in the ACP come first than SI.

If I create a rule in the first ACP line denying the traffic to this IP and HTTP (Application, not port), I will receive the same emails because L7 rules come after SI.

If I have only 1 rule it´s clear but, What happens when I have 10 more rules before that one? All L3/4 rules are processed first and then L7 (Then the ACP secuence is broken)?, the traffic goes from lina to snort in every rule beeing processed every time by SI? 
How it works? I don´t get it.

Security Intelligence (SI) inspection comes before any Access Control Policy (ACP) entries - whether they are configured as L3/L4 or Application aware. Prefilter rules come before SI - are you thinking about those instead? If prefilter rule is set to Trust the flow it bypasses Snort altogether (SI and ACP and everything else) via the "Fastpath". In any case the behavior is always deterministic and the ACP rule sequence is not broken. Rules are processed from the top down with first match ending the process (except where the action is "monitor"in which case the subsequent rules are also evaluated for a match).

See this more detailed reference:

@Marvin Rhoads what type of analysis can the Firepower IPS perform on encrypted traffic? Based on the image you shared, it looks like it's mandatory for the intrusion policy to work, to have an SSL policy configured. Is it possible to apply any Snort rules on encrypted traffic whatsoever?