diff --git a/salt/elasticsearch/defaults.yaml b/salt/elasticsearch/defaults.yaml
index 56ac2475c..7a9364148 100644
--- a/salt/elasticsearch/defaults.yaml
+++ b/salt/elasticsearch/defaults.yaml
@@ -3230,6 +3230,8 @@ elasticsearch:
         template:
           settings:
             index:
+              lifecycle:
+                name: so-logs-cisco_secure_email_gateway.log-logs
               number_of_replicas: 0
       policy:
         phases:
@@ -10462,6 +10464,8 @@ elasticsearch:
         template:
           settings:
             index:
+              lifecycle:
+                name: so-logs-rapid7_threat_command.alert-logs
               number_of_replicas: 0
       policy:
         phases:
@@ -10506,6 +10510,8 @@ elasticsearch:
         template:
           settings:
             index:
+              lifecycle:
+                name: so-logs-rapid7_threat_command.ioc-logs
               number_of_replicas: 0
       policy:
         phases:
@@ -10550,6 +10556,8 @@ elasticsearch:
         template:
           settings:
             index:
+              lifecycle:
+                name: so-logs-rapid7_threat_command.vulnerability-logs
               number_of_replicas: 0
       policy:
         phases: