diff --git a/salt/elasticfleet/files/integrations/endpoints-initial/windows-defender.json b/salt/elasticfleet/files/integrations/endpoints-initial/windows-defender.json
index ac4394e62..94bf4e3aa 100644
--- a/salt/elasticfleet/files/integrations/endpoints-initial/windows-defender.json
+++ b/salt/elasticfleet/files/integrations/endpoints-initial/windows-defender.json
@@ -15,7 +15,7 @@
           "enabled": true,
           "vars": {
             "channel": "Microsoft-Windows-Windows Defender/Operational",
-            "data_stream.dataset": "winlog.winlog",
+            "data_stream.dataset": "winlog.winlogs",
             "preserve_original_event": false,
             "providers": [],
             "ignore_older": "72h",