diff --git a/salt/elasticfleet/files/integrations/endpoints-initial/windows-defender.json b/salt/elasticfleet/files/integrations/endpoints-initial/windows-defender.json
index 94bf4e3aa..ab7e0783f 100644
--- a/salt/elasticfleet/files/integrations/endpoints-initial/windows-defender.json
+++ b/salt/elasticfleet/files/integrations/endpoints-initial/windows-defender.json
@@ -11,11 +11,11 @@
     "winlogs-winlog": {
       "enabled": true,
       "streams": {
-        "winlog.winlog": {
+        "winlog.winlogs": {
           "enabled": true,
           "vars": {
             "channel": "Microsoft-Windows-Windows Defender/Operational",
-            "data_stream.dataset": "winlog.winlogs",
+            "data_stream.dataset": "winlog.winlog",
             "preserve_original_event": false,
             "providers": [],
             "ignore_older": "72h",