diff --git a/salt/common/tools/sbin/so-import-evtx b/salt/common/tools/sbin/so-import-evtx
index 9e640beaa..274a2835d 100755
--- a/salt/common/tools/sbin/so-import-evtx
+++ b/salt/common/tools/sbin/so-import-evtx
@@ -41,13 +41,16 @@ function evtx2es() {
   EVTX=$1
   HASH=$2
   
+  ES_PW=$(lookup_pillar "auth:users:so_elastic_user:pass" "elasticsearch")
+  ES_USER=$(lookup_pillar "auth:users:so_elastic_user:user" "elasticsearch")
+
   docker run --rm \
     -v "$EVTX:/tmp/$RUNID.evtx" \
     --entrypoint evtx2es \
     {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-pcaptools:{{ VERSION }} \
     --host {{ MANAGERIP }} --scheme https \
     --index so-beats-$INDEX_DATE --pipeline import.wel \
-    --login {{ES_USER}} --pwd {{ES_PW}} \
+    --login $ES_USER --pwd $ES_PW \
     "/tmp/$RUNID.evtx" 1>/dev/null 2>/dev/null
 
   docker run --rm \