Here is what we found and what was done to resolve the situation.  No guarantees that your situation is the same, but if not it might give you some additional ideas to pursue:

My local VAR (not SE, sorry about the confusion) dug into the device settings and found that in the case of the Cisco VPN concentrator that it was configured to "Log unknown syslog events" in the "Support Generic Syslogs" section of the device profile.  This resulted in the erroneous interpretation of logs that were coming from the device that could not be parsed using the data source model.  These events created an auto generated event in the profile as well.

By changing the setting to "Do nothing" and enabling the Logging function so that we would continue to capture whatever logs did come from the device, we were able to eliminate the nuisance log errors.

We made similar changes for the Imprivata appliance as well.

These changes were done on Friday afternoon and since that time we have not logged any "future" events.

Thanks..

I will see if that helps.

Suddenly I have found that if I change the data source's property time zone to grinwich GMT+00 jn SIEM, the events began correctly display in SIEM. So I conclude the main reason was time zone misconfiguration, which relatively linked with such kind of situation when ther is no proper choise of time zone neither in siem nor firewall enterprise.

This was answered long ago with KB article that finally came out. The standard is to set all the devices within the SIEM to UTC (GMT Dublin) . Sorry I wasn't online to give you feed back. Could have saved you a bunch of work.

Pepelepuu, could you please share me the link of your mention KB article? Thanks in advance.