diff --git a/winlogbeat/winlogbeat.yml b/winlogbeat/winlogbeat.yml
index 9c178ca58030..37c0115287fa 100644
--- a/winlogbeat/winlogbeat.yml
+++ b/winlogbeat/winlogbeat.yml
@@ -23,6 +23,7 @@ winlogbeat.event_logs:
   - name: Security
   - name: System
   - name: Microsoft-Windows-Windows Defender/Operational
+    event_id: 1006, 1007, 1008, 1013, 1015, 1116, 1117, 1118, 1119, 5007, 5010, 5012
 
 #==================== Elasticsearch template setting ==========================