Just checked some older rules and noticed the "IPSEC NAT Traversal Port Activity" rule stopped working for us since we migrated our data from the panw module from filebeat-* to logs-panw.panos-* =>
https://www.elastic.co/guide/en/security/current/ipsec-nat-traversal-port-activity.html

Could the rule please get a small update so logs-panw.panos-* is added to the list of index patterns? The traffic data of our Palo Alto logs are a good datasource for this rule.

The query (event.dataset: network_traffic.flow or (event.category: (network or network_traffic))) and network.transport:udp and destination.port:4500 doesn't need to be changed.