diff --git a/tools/config/ecs-cloudtrail.yml b/tools/config/ecs-cloudtrail.yml
index cde889b20..a3ea6851b 100644
--- a/tools/config/ecs-cloudtrail.yml
+++ b/tools/config/ecs-cloudtrail.yml
@@ -1,4 +1,4 @@
-title: Elastic Common Schema mapping for cloudtrail logs
+title: Elastic Common Schema and Elastic Exported Fields mapping for AWS CloudTrail logs
 order: 20
 backends:
   - es-qs
@@ -43,7 +43,7 @@ fieldmappings:
   userIdentity.userName: user.name
   vpcEndpointId: aws.cloudtrail.vpc_endpoint_id 
 overrides:
-  - field: event_outcome
+  - field: event.outcome
     value: failure
     regexes: 
       - (\(aws.cloudtrail.error_message.keyword:.* event.action:\"ConsoleLogin\"\))
@@ -53,4 +53,4 @@ overrides:
       - (\(event.action:\"ConsoleLogin\".* aws.cloudtrail.error_message.keyword:\*\))
       - (\(event.action:\"ConsoleLogin\".* aws.cloudtrail.error_code.keyword:\*\))
       - (\(aws.cloudtrail.response_elements.keyword:\*Failure\*.* aws.cloudtrail.error_message.keyword:\*\))
-      - (\(aws.cloudtrail.response_elements.keyword:\*Failure\*.* aws.cloudtrail.error_code.keyword:\*\))
\ No newline at end of file
+      - (\(aws.cloudtrail.response_elements.keyword:\*Failure\*.* aws.cloudtrail.error_code.keyword:\*\))