diff --git a/salt/soc/files/soc/sigma_so_pipeline.yaml b/salt/soc/files/soc/sigma_so_pipeline.yaml
index a1c4d6d62..54ce83eff 100644
--- a/salt/soc/files/soc/sigma_so_pipeline.yaml
+++ b/salt/soc/files/soc/sigma_so_pipeline.yaml
@@ -15,4 +15,34 @@ transformations:
         src_ip: destination.ip.keyword
         src_port: source.port
         dst_ip: destination.ip.keyword
-        dst_port: destination.port
\ No newline at end of file
+        dst_port: destination.port       
+    - id: hashes_process-creation
+      type: field_name_mapping
+      mapping:
+        winlog.event_data.sha256: process.hash.sha256
+        winlog.event_data.sha1: process.hash.sha1
+        winlog.event_data.md5: process.hash.md5
+      rule_conditions:
+      - type: logsource
+        product: windows
+        category: process_creation
+    - id: hashes_image-load
+      type: field_name_mapping
+      mapping:
+        winlog.event_data.sha256: dll.hash.sha256
+        winlog.event_data.sha1: dll.hash.sha1
+        winlog.event_data.md5: dll.hash.md5
+      rule_conditions:
+      - type: logsource
+        product: windows
+        category: image_load
+    - id: hashes_driver-load
+      type: field_name_mapping
+      mapping:
+        winlog.event_data.sha256: dll.hash.sha256
+        winlog.event_data.sha1: dll.hash.sha1
+        winlog.event_data.md5: dll.hash.md5
+      rule_conditions:
+      - type: logsource
+        product: windows
+        category: driver_load
\ No newline at end of file