diff --git a/salt/soc/files/soc/sigma_so_pipeline.yaml b/salt/soc/files/soc/sigma_so_pipeline.yaml
index 121bc06a6..df8b2709a 100644
--- a/salt/soc/files/soc/sigma_so_pipeline.yaml
+++ b/salt/soc/files/soc/sigma_so_pipeline.yaml
@@ -106,69 +106,23 @@ transformations:
         - type: include_fields
           fields:
           - event.code
-    # Maps Windows + process_creation rules to endpoint process creation logs
+    # Maps process_creation rules to endpoint process creation logs
+    # This is an OS-agnostic mapping, to account for logs that don't specify source OS
     - id: endpoint_process_create_windows_add-fields
       type: add_condition
       conditions:
         event.category: 'process'
         event.type: 'start'
-        host.os.type: 'windows'
       rule_conditions:
       - type: logsource
         category: process_creation
-        product: windows
-    # Maps Linux + file_event rules to endpoint file creation logs
-    - id: endpoint_process_create_linux_add-fields
-      type: add_condition
-      conditions:
-        event.category: 'process'
-        event.type: 'start'
-        host.os.type: 'linux'
-      rule_conditions:
-      - type: logsource
-        category: process_creation
-        product: linux
-    # Maps macOS + file_event rules to endpoint file creation logs
-    - id: endpoint_process_create_macos_add-fields
-      type: add_condition
-      conditions:
-        event.category: 'process'
-        event.type: 'start'
-        host.os.type: 'macos'
-      rule_conditions:
-      - type: logsource
-        category: process_creation
-        product: macos
-    # Maps Windows + file_event rules to endpoint file creation logs
-    - id: endpoint_file_create_windows_add-fields
+    # Maps file_event rules to endpoint file creation logs
+    # This is an OS-agnostic mapping, to account for logs that don't specify source OS
+    - id: endpoint_file_create_add-fields
       type: add_condition
       conditions:
         event.category: 'file'
         event.type: 'creation'
-        host.os.type: 'windows'
       rule_conditions:
       - type: logsource
-        category: file_event
-        product: windows
-    # Maps Linux + file_event rules to endpoint file creation logs
-    - id: endpoint_file_create_linux_add-fields
-      type: add_condition
-      conditions:
-        event.category: 'file'
-        event.type: 'creation'
-        host.os.type: 'linux'
-      rule_conditions:
-      - type: logsource
-        category: file_event
-        product: linux
-    # Maps macOS + file_event rules to endpoint file creation logs
-    - id: endpoint_file_create_macos_add-fields
-      type: add_condition
-      conditions:
-        event.category: 'file'
-        event.type: 'creation'
-        host.os.type: 'macos'
-      rule_conditions:
-      - type: logsource
-        category: file_event
-        product: macos
\ No newline at end of file
+        category: file_event
\ No newline at end of file