I am faced with the issue with SEIM 9.6 where PANOS SYSTEM rule didn't triggering
Ex: PANOS System user failed authentication is enable for pang Policy
But such failed events goes to "unknown event".
Other PANOS SYSTEM events such as "Login in" didn't shows at all.
PANOS CONFIG, PANOS TRAFFIC and so on are not affected.
Sounds like the ASP rule isn't matching either because the content match strings are not in the packet, or the regex is not being evaluated against the packets.
Eitherway, you should do the following;
Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center