diff --git a/tools/config/winlogbeat.yml b/tools/config/winlogbeat.yml
index 4b13103dd..4f2b45371 100644
--- a/tools/config/winlogbeat.yml
+++ b/tools/config/winlogbeat.yml
@@ -112,6 +112,7 @@ fieldmappings:
   ObjectName: winlog.event_data.ObjectName
   ObjectType: winlog.event_data.ObjectType
   ObjectValueName: winlog.event_data.ObjectValueName
+  OriginalFileName: winlog.event_data.OriginalFileName
   ParentCommandLine: winlog.event_data.ParentCommandLine
   ParentProcessName: winlog.event_data.ParentProcessName
   ParentImage: winlog.event_data.ParentImage