diff --git a/tools/config/elk-winlogbeat.yml b/tools/config/elk-winlogbeat.yml
index 34417ce68..c745fbca1 100644
--- a/tools/config/elk-winlogbeat.yml
+++ b/tools/config/elk-winlogbeat.yml
@@ -94,6 +94,7 @@ fieldmappings:
     ProcessCommandLine: event_data.ProcessCommandLine
     ProcessName: event_data.ProcessName
     Properties: event_data.Properties
+    SecurityID: event_data.SecurityID
     ServiceFileName: event_data.ServiceFileName
     ServiceName: event_data.ServiceName
     ShareName: event_data.ShareName