diff --git a/packages/windows/changelog.yml b/packages/windows/changelog.yml
index 3445847cc5d..5b9eb7b6ce3 100644
--- a/packages/windows/changelog.yml
+++ b/packages/windows/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.7.0"
+  changes:
+    - description: Add provider name check to forwarded/security conditional.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/2527
 - version: "1.6.0"
   changes:
     - description: Expose winlog input language option.
diff --git a/packages/windows/data_stream/forwarded/elasticsearch/ingest_pipeline/default.yml b/packages/windows/data_stream/forwarded/elasticsearch/ingest_pipeline/default.yml
index 07acd4eefdc..6a274d1d5a7 100644
--- a/packages/windows/data_stream/forwarded/elasticsearch/ingest_pipeline/default.yml
+++ b/packages/windows/data_stream/forwarded/elasticsearch/ingest_pipeline/default.yml
@@ -3,7 +3,7 @@ description: Pipeline for Windows forwarded Event Logs
 processors:
   - pipeline:
       name: '{{ IngestPipeline "security" }}'
-      if: ctx?.winlog?.channel != null && ctx?.winlog?.channel == "Security"
+      if: ctx?.winlog?.channel != null && ctx?.winlog?.channel == "Security" && ctx?.winlog?.provider_name != null && ["Microsoft-Windows-Eventlog", "Microsoft-Windows-Security-Auditing"].contains(ctx?.winlog?.provider_name)
   - pipeline:
       name: '{{ IngestPipeline "powershell" }}'
       if: ctx?.winlog?.channel != null && ctx?.winlog?.channel == "Windows PowerShell"
diff --git a/packages/windows/manifest.yml b/packages/windows/manifest.yml
index c6ac19b98d0..131693a117d 100644
--- a/packages/windows/manifest.yml
+++ b/packages/windows/manifest.yml
@@ -1,6 +1,6 @@
 name: windows
 title: Windows
-version: 1.6.0
+version: 1.7.0
 description: Collect logs and metrics from Windows OS and services with Elastic Agent.
 type: integration
 categories: