alert message about intrustion

i got this by email (this is one, i have many more) Message meets Alert condition The following intrusion was observed: "Linksys.Routers.Administrative.Console.Authentication.Bypass". date=2017-10-13 time=15:07:31 devname=XXX devid=XXXX logid="0419016384" type="utm" subtype="ips" eventtype="signature" level="alert" vd="XXX" logtime=1507896450 severity="high" srcip=191.180.88.52 srccountry="Brazil" dstip=192.168.100.171 srcintf="XXXX" srcintfrole="wan" dstintf="TestingLAN-2037" dstintfrole="lan" policyid=96 sessionid=17583157 action="detected" proto=6 service="HTTP" attack="Linksys.Routers.Administrative.Console.Authentication.Bypass" srcport=36532 dstport=80 hostname="XXXX" direction="outgoing" attackid=44582 profile="default" ref="http://www.fortinet.com/ids/VID44582" incidentserialno=848384263 msg="backdoor: Linksys.Routers.Administrative.Console.Authentication.Bypass," crscore=30 crlevel="high"  i have 2 questions for it 1. does this mean that the threat was just "spotted" or is it blocked? this policy is attached with "high security" ips profile that states this severity as blocked by default 2. as you can see, the source country is brazil

this is my first firewall rule :

set name "Blocked Countries"

        set uuid 58cfcbac-9bfd-51e7-91c5-d54383633417

        set srcintf "any"

        set dstintf "any"

        set srcaddr "Blocked Countries" "Blocked Addresses"

        set dstaddr "all"

        set schedule "always"

        set service "ALL"

        set logtraffic all

    next

first rule in sequence 

am i missing something? how can this traffic been spotted on this alert when it was supposed to be stopped by the first firewall policy? brazil is one of the countries of "blocked countries" group

thank you