diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml
index d672d1dad..7204027fc 100644
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -995,7 +995,7 @@ soc:
         -  tds.header_type
         -  log.id.uid
         -  event.dataset
-      ':endpoint:endpoint_x_events_x_process':
+      ':endpoint:events_x_process':
         -  soc_timestamp
         -  event.dataset
         -  host.name