Could it have something to do with this?
"app_proto":"failed"?
Since the events thats matches our rules have: "app_proto":"tls"
Could it have something to do with this?
"app_proto":"failed"?
Since the events thats matches our rules have: "app_proto":"tls"