diff --git a/tools/config/splunk-windows.yml b/tools/config/splunk-windows.yml
index d97c89690..32844030b 100644
--- a/tools/config/splunk-windows.yml
+++ b/tools/config/splunk-windows.yml
@@ -111,7 +111,7 @@ logsources:
     product: windows
     service: codeintegrity-operational
     conditions:
-      source: 'Microsoft-Windows-CodeIntegrity/Operational'
+      source: 'WinEventLog:Microsoft-Windows-CodeIntegrity/Operational'
   windows-smbclient-security:
     product: windows
     service: smbclient-security
@@ -126,11 +126,11 @@ logsources:
     product: windows
     service: firewall-as
     conditions:
-      source: 'Microsoft-Windows-Windows Firewall With Advanced Security/Firewall'
+      source: 'WinEventLog:Microsoft-Windows-Windows Firewall With Advanced Security/Firewall'
   windows-bits-client:
     product: windows
     service: bits-client
     conditions:
-      source: 'Microsoft-Windows-Bits-Client/Operational' 
+      source: 'WinEventLog:Microsoft-Windows-Bits-Client/Operational' 
 fieldmappings:
   EventID: EventCode