Exempt rulebase is mostly for fine-tuning your IDP policies. In particular,
it allows to remove false positives that happen frequently from the logs.
For example you see that between 1.1.1.1 and 2.2.2.2 an attack (say)
HTTP directory traversal happens very often, and after investigation
you decide that it is a false positive. You add the tuple
1.1.1.1 - 2.2.2.2 - <This-attack-object>
to the exempt database, and IDP does not catch these events anymore.