A complex attack is when a visitor makes a request to your site that is specifically crafted to exploit your site or find a vulnerability they can later exploit. Firewall rules block these types of attacks.
Brute force attacks are username/password guessing attempts. These attacks intend to log in to your WordPress admin.
Blocklist blocks are the number of times an IP has been preemptively blocked from accessing your site altogether.
Are you using all three types to protect your site?