I just setup a Palo Alto firewall as an Event Source and created a Service in ClearPass using the new Event-Based Enforcement and I want to make sure it's been configured properly. I am seeing events come through in Access Tracker, so I assume the syslog tie-in to CPPM from Palo is working, but there isn't really any information in there. Also, one of the threats that shows up (OpenSSL TLS Heartbeat Information Disclosure Vulnerability - Reverse Heartbleed) doesn't seem like it is being sent to ClearPass despite the threat hitting the same Policy on Palo as the events that I am seeing come in. I have attached a screenshot of one of the events that I am seeing in Access Tracker.