diff --git a/salt/elasticfleet/files/integrations-dynamic/grid-nodes/import-zeek-logs.json b/salt/elasticfleet/files/integrations-dynamic/grid-nodes/import-zeek-logs.json
index dc94afbaa..feaebf60b 100644
--- a/salt/elasticfleet/files/integrations-dynamic/grid-nodes/import-zeek-logs.json
+++ b/salt/elasticfleet/files/integrations-dynamic/grid-nodes/import-zeek-logs.json
@@ -1,4 +1,4 @@
-{% from 'zeek/config.map.jinja' import ZEEKMERGED %}
+{% from 'elasticfleet/map.jinja' import ELASTICFLEETMERGED %}
 {%- raw -%}
 {
   "package": {
@@ -22,7 +22,7 @@
             "data_stream.dataset": "import",
             "tags": [],
             "processors": "- dissect:\n    tokenizer: \"/nsm/import/%{import.id}/zeek/logs/%{import.file}\"\n    field: \"log.file.path\"\n    target_prefix: \"\"\n- script:\n      lang: javascript\n      source: >\n        function process(event) {\n          var pl = event.Get(\"import.file\").slice(0,-4);\n          event.Put(\"@metadata.pipeline\", \"zeek.\" + pl);\n        }\n- add_fields:\n    target: event\n    fields:\n      category: network\n      module: zeek\n      imported: true\n- add_tags:\n    tags: \"ics\"\n    when:\n      regexp:\n        import.file: \"^bacnet*|^bsap*|^cip*|^cotp*|^dnp3*|^ecat*|^enip*|^modbus*|^opcua*|^profinet*|^s7comm*\"",
-            "custom": "exclude_files: [\"{%- endraw -%}{{ ZEEKMERGED.logging.excluded | join('|') }}{%- raw -%}.log$\"]\n"
+            "custom": "exclude_files: [\"{%- endraw -%}{{ ELASTICFLEETMERGED.logging.zeek.excluded | join('|') }}{%- raw -%}.log$\"]\n"
           }
         }
       }
diff --git a/salt/elasticfleet/files/integrations-dynamic/grid-nodes/zeek-logs.json b/salt/elasticfleet/files/integrations-dynamic/grid-nodes/zeek-logs.json
index 5e2ed4f9b..e2dd069ab 100644
--- a/salt/elasticfleet/files/integrations-dynamic/grid-nodes/zeek-logs.json
+++ b/salt/elasticfleet/files/integrations-dynamic/grid-nodes/zeek-logs.json
@@ -1,4 +1,4 @@
-{% from 'zeek/config.map.jinja' import ZEEKMERGED %}
+{% from 'elasticfleet/map.jinja' import ELASTICFLEETMERGED %}
 {%- raw -%}
 {
   "package": {
@@ -23,7 +23,7 @@
             "data_stream.dataset": "zeek",
             "tags": [],
             "processors": "- dissect:\n    tokenizer: \"/nsm/zeek/logs/current/%{pipeline}.log\"\n    field: \"log.file.path\"\n    trim_chars: \".log\"\n    target_prefix: \"\"\n- script:\n      lang: javascript\n      source: >\n        function process(event) {\n          var pl = event.Get(\"pipeline\");\n          event.Put(\"@metadata.pipeline\", \"zeek.\" + pl);\n        }\n- add_fields:\n    target: event\n    fields:\n      category: network\n      module: zeek\n- add_tags:\n    tags: \"ics\"\n    when:\n      regexp:\n        pipeline: \"^bacnet*|^bsap*|^cip*|^cotp*|^dnp3*|^ecat*|^enip*|^modbus*|^opcua*|^profinet*|^s7comm*\"",
-            "custom": "exclude_files: [\"{%- endraw -%}{{ ZEEKMERGED.logging.excluded | join('|') }}{%- raw -%}.log$\"]\n"
+            "custom": "exclude_files: [\"{%- endraw -%}{{ ELASTICFLEETMERGED.logging.zeek.excluded | join('|') }}{%- raw -%}.log$\"]\n"
           }
         }
       }
diff --git a/salt/elasticfleet/soc_elasticfleet.yaml b/salt/elasticfleet/soc_elasticfleet.yaml
index e8bf03ad1..80b3a22b5 100644
--- a/salt/elasticfleet/soc_elasticfleet.yaml
+++ b/salt/elasticfleet/soc_elasticfleet.yaml
@@ -3,6 +3,12 @@ elasticfleet:
     description: You can enable or disable Elastic Fleet.
     advanced: True
     helpLink: elastic-fleet.html
+  logging:
+    zeek:
+      excluded:
+        description: This is a list of Zeek logs that are excluded from being shipped through the data processing pipeline. If you remove a log from this list, Elastic Agent will attempt to process it. If an ingest node pipeline is not available to process the logs, you may experience errors.
+        forcedType: "[]string"
+        helpLink: zeek.html 
   config:
     server:
       endpoints_enrollment:
diff --git a/salt/zeek/soc_zeek.yaml b/salt/zeek/soc_zeek.yaml
index 2b8bb3969..b1d0d7f7f 100644
--- a/salt/zeek/soc_zeek.yaml
+++ b/salt/zeek/soc_zeek.yaml
@@ -2,11 +2,6 @@ zeek:
   enabled:
     description: You can enable or disable ZEEK on all sensors or a single sensor.
     helpLink: zeek.html
-  logging:
-    excluded:
-      description: This is a list of Zeek logs that are excluded from being shipped through the data processing pipeline. If you remove a log from this list, Elastic Agent will attempt to process it. If an ingest node pipeline is not available to process the logs, you may experience errors.
-      forcedType: "[]string"
-      helpLink: zeek.html
   config:
     local:
       load: