So I have some questions here that to me at least are confusing. I really hope someone can clear these questions up.

1)What is the purpose of having thousands of disabled rules. It seems IPS should be all on for rules otherwise what's the point? I mean if a rule is disabled then a traffic flow related to that disabled rule cannot be detected so it defeats the purpose of IPS does it not??? This threat could therefore go not noticed and unattended.

2) Most outbound traffic is HTTPS so  since this is encrypted IPS cannot scan inspect without an SSL policy correct?  Same with file based policies. Seems like alot of work to go through and dev all these capabilities when these same capabilities cannot act upon the most generated traffic flow which is HTTPS 

3) How would one even know what disabled rules to enable in the first place if there are thousands of them???

4) Why not just set a default IPS policy for the entire Access Control Rule set rather than individual rules?

5) How can I test an IPS rule to ensure it is working and that firepower is dropping it while inline?

6) Is it normal to not have any IPS events generated when applying Security Over Connectivity cause I see no events at all.