Thanks for the reply!
I noted exactly what you said in my question above.
The problem with terminate is only source, destination, and service are used for terminate criteria.
From Junipers PR: "By default, rules in the IDP rulebase are not terminal, which means IDP examines all rules in the rulebase and executes all matches. You can specify that a rule is terminal; that is, if IDP encounters a match for the source, destination, and service specified in a terminal rule, it does not examine any subsequent rules for that connection."
So, If I just want to change the behavior of a single attack to drop-connection, no other rules for that source, destination, and service will be evaluated. If terminate would consider the attack type as criteria, it would resolve this. But I can't see that it does. I can lab it, but I have my doubts.
It seems like the only way to acheive this configuration is to ditch all the built-in attack groups with their recommended actions and build your own. I have no problem doing this, but it takes time and I would like to have accurate logs with small incremental changes.