diff --git a/salt/elasticsearch/templates/component/so/dtc-ecs-mappings.json b/salt/elasticsearch/templates/component/so/dtc-ecs-mappings.json
index 347b9b5a8..de012d3fd 100644
--- a/salt/elasticsearch/templates/component/so/dtc-ecs-mappings.json
+++ b/salt/elasticsearch/templates/component/so/dtc-ecs-mappings.json
@@ -12,10 +12,11 @@
               "ignore_above": 1024,
               "type": "keyword",
               "fields": {
-                "text": {
-                  "type": "match_only_text"
+                "security": {
+                  "type": "text",
+                  "analyzer": "es_security_analyzer"
                 },
-                "keyword": {
+		"keyword": {
                   "type": "keyword"
                 }
               }