diff --git a/deployment-apps/Splunk_TA_microsoft_ad_FW_Other/default/eventtypes.conf b/deployment-apps/Splunk_TA_microsoft_ad_FW_Other/default/eventtypes.conf
index 344c663d..978e5de3 100644
--- a/deployment-apps/Splunk_TA_microsoft_ad_FW_Other/default/eventtypes.conf
+++ b/deployment-apps/Splunk_TA_microsoft_ad_FW_Other/default/eventtypes.conf
@@ -51,3 +51,6 @@ search = eventtype=admon objectCategory="*CN=Computer*"
 [admon-user]
 search = eventtype=admon objectCategory="*CN=Person*"
 
+[wineventlog_windows]
+search = eventtype=wineventlog_application OR eventtype=wineventlog_system OR eventtype=wineventlog_security OR eventtype=wineventlog-ds OR eventtype=wineventlog-dfs OR eventtype=wineventlog-keymanagement OR eventtype=wineventlog-filereplication OR eventtype=wineventlog-dns
+#tags = os windows