1. From OrgvDC, navigate to Edges and click on the edge gateway where the virtual service is created
   
   
   
   
   
   
2. Click on virtual services and click on the virtual service . From the virtual service window, navigate to WAF and edit one of the signature groups. In this example, we will edit 'CRS_402_Additional_Rules' and deactivate on of the rules
   
   
   
   
   Note: Overridden signature count is 0 by default
   
   
3. From the edit signature window, click on the ellipsis next to rule  'Desync attack detected'  and deactivate 
   
   
   
   
   
4. Once the rule is deactivated, we can see the overridden signature reported as 1. Revert the changes by activating the rule and the  overridden signature count remains 1
   
   
   
   
   
5. To correlate API response, login to NSX Avi portal and navigate to Templates --> WAF, WAF Policy. 
   
   a. Launch browser developer tools by following steps 1-3 here for respective browsers - How to collect a HAR log file for troubleshooting
   b. Edit the WAF policy associated with the virtual service. In this example, we will edit the policy associated with test virtual service:
   
   
   
   c. From the browser developer tool loads, select the following API and navigate to response tab:
   
   
   
   Note: The parameter 'crs_overrides' is not present by default and is only listed in the API response when any changes are performed on the signature group. 

VMware Cloud Director 
NSX Advanced Load Balancer (Avi)

 VCD derives the reported value from the 'crs_overrides' parameter returned in API response from NSX AVI

This is expected as VCD derives the reported value from the 'crs_overrides' parameter, as provided in the API response from NSX AVI.
Reverting changes on the signature group does not remove the 'crs_overrides' parameter from NSX Avi's API response and as a reason overridden signature count remains 1.