ok what about this consideration ?

The agents are old.

WindowLogAgents 4.1 or possibly some other 4.x

Please confirm if this needs to be dealt with first is this an impedance?

1)  do I upgrade first  to 7.1.11 to maintain version alignment with SIEM 7.1.3 I feel that may be an imperative.

2) are there ANY Configuration settings on the Endpoint log agent config files that could be impeding this?

3) on the collector?

do we make all our client upgrade to 7.1.11 is this imperative?

Protocol Mismatch

• FortiSIEM 7.x uses updated agent communication protocols, event formats, and TLS handling that older agents (4.x) don’t support properly.

1. Security Gaps

   • 4.1.5 is from ~2018, meaning:

     • Outdated TLS support

     • No modern cert pinning

     • Potential agent spoofing

     • Lacks bug fixes for event collection reliability

2. Event Format Changes

   • FortiSIEM changed how it parses and packages Windows Event Logs starting in 6.x

   • Agents on 4.x may fail to send:

     • Security logs (Event ID 4625, 4672, 4768, etc.)

     • Task Scheduler/Service/Registry logs

     • Custom parser fields

3. Agent Stability

   • Old agents often silently die, hang, or fail to reconnect after reboot

   • FortiSIEM doesn’t always report this well unless heartbeat monitoring is configured