diff --git a/promtail-config.yaml b/promtail-config.yaml
index 349b52f..8af16fd 100644
--- a/promtail-config.yaml
+++ b/promtail-config.yaml
@@ -17,3 +17,14 @@ scrape_configs:
       - json:
           expressions:
             level: levelText
+  - job_name: security
+    windows_event:
+      eventlog_name: "Security"
+      bookmark_path: "./bookmark.xml"
+      xpath_query: "*"
+      labels:
+        job: security
+    pipeline_stages:
+      - json:
+          expressions:
+            level: levelText