diff --git a/tools/config/elk-windows.yml b/tools/config/elk-windows.yml
index cbca160eb..9c532f66d 100644
--- a/tools/config/elk-windows.yml
+++ b/tools/config/elk-windows.yml
@@ -52,6 +52,11 @@ logsources:
     service: printservice-admin
     conditions:
       EventLog: 'Microsoft-Windows-PrintService/Admin'
+  windows-printservice-operational:
+    product: windows
+    service: printservice-operational
+    conditions:
+      EventLog: 'Microsoft-Windows-PrintService/Operational'
   windows-smbclient-security:
     product: windows
     service: smbclient-security
diff --git a/tools/config/elk-winlogbeat-sp.yml b/tools/config/elk-winlogbeat-sp.yml
index b609bec65..80af860a9 100644
--- a/tools/config/elk-winlogbeat-sp.yml
+++ b/tools/config/elk-winlogbeat-sp.yml
@@ -52,6 +52,11 @@ logsources:
     service: printservice-admin
     conditions:
       log_name: 'Microsoft-Windows-PrintService/Admin'
+  windows-printservice-operational:
+    product: windows
+    service: printservice-operational
+    conditions:
+      log_name: 'Microsoft-Windows-PrintService/Operational'
   windows-smbclient-security:
     product: windows
     service: smbclient-security
diff --git a/tools/config/elk-winlogbeat.yml b/tools/config/elk-winlogbeat.yml
index 007c2ee26..8a9f000a0 100644
--- a/tools/config/elk-winlogbeat.yml
+++ b/tools/config/elk-winlogbeat.yml
@@ -52,6 +52,11 @@ logsources:
     service: printservice-admin
     conditions:
       log_name: 'Microsoft-Windows-PrintService/Admin'
+  windows-printservice-operational:
+    product: windows
+    service: printservice-operational
+    conditions:
+      log_name: 'Microsoft-Windows-PrintService/Operational'
   windows-smbclient-security:
     product: windows
     service: smbclient-security
diff --git a/tools/config/fireeye-helix.yml b/tools/config/fireeye-helix.yml
index c0950266f..1467124cc 100644
--- a/tools/config/fireeye-helix.yml
+++ b/tools/config/fireeye-helix.yml
@@ -76,6 +76,11 @@ logsources:
         service: printservice-admin
         conditions:
             channel: 'Microsoft-Windows-PrintService/Admin'
+    windows-printservice-operational:
+        product: windows
+        service: printservice-operational
+        conditions:
+            channel: 'Microsoft-Windows-PrintService/Operational'
     windows-smbclient-security:
         product: windows
         index: windows
diff --git a/tools/config/logpoint-windows.yml b/tools/config/logpoint-windows.yml
index e02b02afb..b821d23b8 100644
--- a/tools/config/logpoint-windows.yml
+++ b/tools/config/logpoint-windows.yml
@@ -52,6 +52,11 @@ logsources:
     service: printservice-admin
     conditions:
       event_source: 'Microsoft-Windows-PrintService/Admin'
+  windows-printservice-operational:
+    product: windows
+    service: printservice-operational
+    conditions:
+      event_source: 'Microsoft-Windows-PrintService/Operational'
   windows-smbclient-security:
     product: windows
     service: smbclient-security
diff --git a/tools/config/logstash-windows.yml b/tools/config/logstash-windows.yml
index 1d3232b90..f3387e076 100644
--- a/tools/config/logstash-windows.yml
+++ b/tools/config/logstash-windows.yml
@@ -73,6 +73,11 @@ logsources:
     service: printservice-admin
     conditions:
       Channel: 'Microsoft-Windows-PrintService/Admin'
+  windows-printservice-operational:
+    product: windows
+    service: printservice-operational
+    conditions:
+      Channel: 'Microsoft-Windows-PrintService/Operational'
   windows-smbclient-security:
     product: windows
     service: smbclient-security
diff --git a/tools/config/powershell-windows-all.yml b/tools/config/powershell-windows-all.yml
index 28727d567..a32dd3f82 100644
--- a/tools/config/powershell-windows-all.yml
+++ b/tools/config/powershell-windows-all.yml
@@ -79,6 +79,11 @@ logsources:
     service: printservice-admin
     conditions:
       LogName: 'Microsoft-Windows-PrintService/Admin'
+  windows-printservice-operational:
+    product: windows
+    service: printservice-operational
+    conditions:
+      LogName: 'Microsoft-Windows-PrintService/Operational'
   windows-smbclient-security:
     product: windows
     service: smbclient-security
diff --git a/tools/config/powershell.yml b/tools/config/powershell.yml
index dfe2cc204..11db7be04 100644
--- a/tools/config/powershell.yml
+++ b/tools/config/powershell.yml
@@ -93,6 +93,11 @@ logsources:
     service: printservice-admin
     conditions:
       LogName: 'Microsoft-Windows-PrintService/Admin'
+  windows-printservice-operational:
+    product: windows
+    service: printservice-operational
+    conditions:
+      LogName: 'Microsoft-Windows-PrintService/Operational'
   windows-smbclient-security:
     product: windows
     service: smbclient-security
diff --git a/tools/config/splunk-windows.yml b/tools/config/splunk-windows.yml
index 18f065c5d..6422899d6 100644
--- a/tools/config/splunk-windows.yml
+++ b/tools/config/splunk-windows.yml
@@ -89,6 +89,11 @@ logsources:
     service: printservice-admin
     conditions:
       source: 'Microsoft-Windows-PrintService/Admin'
+  windows-printservice-operational:
+    product: windows
+    service: printservice-operational
+    conditions:
+      source: 'Microsoft-Windows-PrintService/Operational'
   windows-smbclient-security:
     product: windows
     service: smbclient-security
diff --git a/tools/config/sumologic.yml b/tools/config/sumologic.yml
index 285ef0273..7dea87df9 100644
--- a/tools/config/sumologic.yml
+++ b/tools/config/sumologic.yml
@@ -76,6 +76,11 @@ logsources:
     service: printservice-admin
     conditions:
       EventChannel: 'Microsoft-Windows-PrintService/Admin'
+  windows-printservice-operational:
+    product: windows
+    service: printservice-operational
+    conditions:
+      EventChannel: 'Microsoft-Windows-PrintService/Operational'
   windows-smbclient-security:
     product: windows
     service: smbclient-security
diff --git a/tools/config/thor.yml b/tools/config/thor.yml
index 394839ec5..0dbaf0330 100644
--- a/tools/config/thor.yml
+++ b/tools/config/thor.yml
@@ -200,7 +200,12 @@ logsources:
     product: windows
     service: smbclient-security
     sources:
-      - "Microsoft-Windows-SmbClient/Security"
+      - "WinEventLog:Microsoft-Windows-SmbClient/Security"
+  windows-printservice-operational:
+    product: windows
+    service: printservice-operational
+    sources:
+      - "WinEventLog:Microsoft-Windows-PrintService/Operational"
   windows-applocker:
     product: windows
     service: applocker
diff --git a/tools/config/winlogbeat-modules-enabled.yml b/tools/config/winlogbeat-modules-enabled.yml
index 8634d69c4..64191fbe3 100644
--- a/tools/config/winlogbeat-modules-enabled.yml
+++ b/tools/config/winlogbeat-modules-enabled.yml
@@ -60,6 +60,11 @@ logsources:
     service: printservice-admin
     conditions:
       winlog.channel: 'Microsoft-Windows-PrintService/Admin'
+  windows-printservice-operational:
+    product: windows
+    service: printservice-operational
+    conditions:
+      winlog.channel: 'Microsoft-Windows-PrintService/Operational'
   windows-smbclient-security:
     product: windows
     service: smbclient-security
diff --git a/tools/config/winlogbeat.yml b/tools/config/winlogbeat.yml
index ebb8f13e2..525261c3e 100644
--- a/tools/config/winlogbeat.yml
+++ b/tools/config/winlogbeat.yml
@@ -59,6 +59,11 @@ logsources:
     service: printservice-admin
     conditions:
       winlog.channel: 'Microsoft-Windows-PrintService/Admin'
+  windows-printservice-operational:
+    product: windows
+    service: printservice-operational
+    conditions:
+      winlog.channel: 'Microsoft-Windows-PrintService/Operational'
   windows-smbclient-security:
     product: windows
     service: smbclient-security