diff --git a/tools/sigma/backends/mdatp.py b/tools/sigma/backends/mdatp.py
index eb535835a..b9e1b82d9 100644
--- a/tools/sigma/backends/mdatp.py
+++ b/tools/sigma/backends/mdatp.py
@@ -160,6 +160,7 @@ class WindowsDefenderATPBackend(SingleTextQueryBackend):
                 "DeviceName": (self.id_mapping, self.default_value_mapping),
                 "EventType": ("ActionType", self.default_value_mapping),
                 "FileName": (self.id_mapping, self.default_value_mapping),
+                "OriginalFileName": ("OriginalFileName", self.default_value_mapping),
                 "Image": ("InitiatingProcessFolderPath", self.default_value_mapping),
                 "ImageLoaded": ("FolderPath", self.default_value_mapping),
                 "ParentCommandLine": ("InitiatingProcessCommandLine", self.default_value_mapping),