diff --git a/tools/config/winlogbeat-modules-enabled.yml b/tools/config/winlogbeat-modules-enabled.yml
index 8bf9155f..dfc0ca9e 100644
--- a/tools/config/winlogbeat-modules-enabled.yml
+++ b/tools/config/winlogbeat-modules-enabled.yml
@@ -186,6 +186,8 @@ fieldmappings:
     ParentImage: process.parent.executable
     ParentCommandLine: process.parent.command_line
     ParentUser: winlog.event_data.ParentUser  #Sysmon 13.30
+    SourceUser: winlog.event_data.SourceUser  #Sysmon 13.30
+    TargetUser: winlog.event_data.TargetUser  #Sysmon 13.30
     TargetFilename: file.path
     CreationUtcTime: winlog.event_data.CreationUtcTime
     PreviousCreationUtcTime: winlog.event_data.PreviousCreationUtcTime