diff --git a/salt/curator/files/action/logs-system-auth-syslog-close.yaml b/salt/curator/files/action/logs-system-auth-syslog-close.yaml
index 52ddb5eb5..f71ffacb5 100644
--- a/salt/curator/files/action/logs-system-auth-syslog-close.yaml
+++ b/salt/curator/files/action/logs-system-auth-syslog-close.yaml
@@ -3,7 +3,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.
 
-{%- set cur_close_days = CURATORMERGED['logs-import-so'].close %}
+{%- set cur_close_days = CURATORMERGED['logs-system-auth-default'].close %}
 actions:
   1:
     action: close
@@ -17,7 +17,7 @@ actions:
     filters:
     - filtertype: pattern
       kind: regex 
-      value: '^(.ds-logs-import-so.*)$'
+      value: '^(.ds-logs-system.auth-default.*)$'
     - filtertype: age
       source: name
       direction: older