diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml
index 8b6bceef0..2d5881ffa 100644
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -561,7 +561,7 @@ soc:
         - process.executable
         - user.name
         - event.dataset
-      ':strelka:file':
+      ':strelka:':
         - soc_timestamp
         - file.name
         - file.size