diff --git a/salt/soc/files/soc/sigma_so_pipeline.yaml b/salt/soc/files/soc/sigma_so_pipeline.yaml
index 8314361f5..121bc06a6 100644
--- a/salt/soc/files/soc/sigma_so_pipeline.yaml
+++ b/salt/soc/files/soc/sigma_so_pipeline.yaml
@@ -106,3 +106,69 @@ transformations:
         - type: include_fields
           fields:
           - event.code
+    # Maps Windows + process_creation rules to endpoint process creation logs
+    - id: endpoint_process_create_windows_add-fields
+      type: add_condition
+      conditions:
+        event.category: 'process'
+        event.type: 'start'
+        host.os.type: 'windows'
+      rule_conditions:
+      - type: logsource
+        category: process_creation
+        product: windows
+    # Maps Linux + file_event rules to endpoint file creation logs
+    - id: endpoint_process_create_linux_add-fields
+      type: add_condition
+      conditions:
+        event.category: 'process'
+        event.type: 'start'
+        host.os.type: 'linux'
+      rule_conditions:
+      - type: logsource
+        category: process_creation
+        product: linux
+    # Maps macOS + file_event rules to endpoint file creation logs
+    - id: endpoint_process_create_macos_add-fields
+      type: add_condition
+      conditions:
+        event.category: 'process'
+        event.type: 'start'
+        host.os.type: 'macos'
+      rule_conditions:
+      - type: logsource
+        category: process_creation
+        product: macos
+    # Maps Windows + file_event rules to endpoint file creation logs
+    - id: endpoint_file_create_windows_add-fields
+      type: add_condition
+      conditions:
+        event.category: 'file'
+        event.type: 'creation'
+        host.os.type: 'windows'
+      rule_conditions:
+      - type: logsource
+        category: file_event
+        product: windows
+    # Maps Linux + file_event rules to endpoint file creation logs
+    - id: endpoint_file_create_linux_add-fields
+      type: add_condition
+      conditions:
+        event.category: 'file'
+        event.type: 'creation'
+        host.os.type: 'linux'
+      rule_conditions:
+      - type: logsource
+        category: file_event
+        product: linux
+    # Maps macOS + file_event rules to endpoint file creation logs
+    - id: endpoint_file_create_macos_add-fields
+      type: add_condition
+      conditions:
+        event.category: 'file'
+        event.type: 'creation'
+        host.os.type: 'macos'
+      rule_conditions:
+      - type: logsource
+        category: file_event
+        product: macos
\ No newline at end of file