diff --git a/tools/config/winlogbeat-modules-enabled.yml b/tools/config/winlogbeat-modules-enabled.yml
index dfc0ca9e9..d7ec0f095 100644
--- a/tools/config/winlogbeat-modules-enabled.yml
+++ b/tools/config/winlogbeat-modules-enabled.yml
@@ -155,22 +155,25 @@ fieldmappings:
     Image: process.executable
     FileVersion: 
         category=process_creation: process.pe.file_version
-        category=image_load: process.pe.file_version
+        category=image_load: file.pe.file_version
         default: winlog.event_data.FileVersion
     Description:
         category=process_creation: process.pe.description
-        category=image_load: process.pe.description
+        category=image_load: file.pe.description
         category=sysmon_error: winlog.event_data.Description
         default: winlog.event_data.Description
     Product:
         category=process_creation: process.pe.product
-        category=image_load: process.pe.product
+        category=image_load: file.pe.product
         default: winlog.event_data.Product
     Company: 
         category=process_creation: process.pe.company
-        category=image_load: process.pe.company
+        category=image_load: file.pe.company
         default: winlog.event_data.Company
-    OriginalFileName: process.pe.original_file_name
+    OriginalFileName: 
+        category=process_creation: process.pe.original_file_name
+        category=image_load: file.pe.original_file_name
+        default: winlog.event_data.OriginalFileName
     CommandLine: 
         category=process_creation: process.command_line
         service=security: process.command_line