====== TLS Syslog ======
====== High ======
PAN let WF cert expire 12th April 2020.
( subtype eq tls ) and ( severity eq high )
( eventid eq tls-X509-validation-failed ) and ( description contains ' Public Cloud Server certificate validation failed. Dest Addr: eu-panos.wildfire.paloaltonetworks.com, Reason: certificate has expired' )
====== Medium ======
( subtype eq tls ) and ( severity eq medium )
( eventid eq tls-session-establishment-failed ) and ( description contains 'Protocol major versions differ for 172.23.66.62: SSH-2.0-OpenSSH_12.1 vs. SSH-1.33-OpenSSH_5.0.' )
( eventid eq tls-session-establishment-failed ) and ( description contains 'Protocol major versions differ for 172.23.66.62: SSH-2.0-OpenSSH_12.1 vs. SSH-1.5-OpenSSH_5.0.' )
( eventid eq tls-session-establishment-failed ) and ( description contains 'Protocol major versions differ for 172.23.66.62: SSH-2.0-OpenSSH_12.1 vs. SSH-1.5-NmapNSE_1.0.' )
( eventid eq tls-session-establishment-failed ) and ( description contains 'Protocol major versions differ for 172.23.66.62: SSH-2.0-OpenSSH_12.1 vs. SSH-1.5-Nmap-SSH1-Hostkey.' )
( eventid eq tls-session-establishment-failed ) and ( description contains 'Protocol major versions differ for 172.23.66.62: SSH-2.0-OpenSSH_12.1 vs. SSH-9.9-OpenSSH_5.0.' )
====== Informational ======
( subtype eq tls ) and ( severity eq informational )
( eventid eq panorama-auth-success ) and ( description contains 'Client authentication successful PAN-OS ver: 8.1.14 Panorama ver:8.1.14 Client IP: 192.168.1.1 Server IP: 192.168.1.11 Client CN: 012233445566' )
( eventid eq panorama-auth-failure ) and ( description contains 'Retrieving rsa key of length 3072 from cryptod for HA SSH' )
( eventid eq tls-session-disconnected ) and ( description contains 'Device 013201013035-log-collection-ms-172.23.67.251-def disconnected from the server' )
( eventid eq tls-session-disconnected ) and ( description contains 'Device 013201013035 disconnected from the server' )