To add to what's already been said, the purpose of these out of the box rules is to detect common patterns within network traffic, e.g. many SYN packets = SYN scan type stuff. They also provide some insight into how events are normalized, if you look at those plus the authentication default rules which are similar.
That said, the default thresholds are likely low in many cases, and they may not be useful for you depending on what you want to monitor. You can tweak the thresholds pretty easily to make them fire less frequently, or just disable them if they aren't interesting. If they fire too often or you have a lot of network traffic, you could be impacting load on the appliance (or require more resources than you actually need).