diff --git a/packages/cef/changelog.yml b/packages/cef/changelog.yml
index 21efa799eb9..832135f9ca0 100644
--- a/packages/cef/changelog.yml
+++ b/packages/cef/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "2.0.3"
+  changes:
+    - description: Format source.mac and destination.mac as per ECS.
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/3566
 - version: "2.0.2"
   changes:
     - description: Improve field documentation
diff --git a/packages/cef/data_stream/log/_dev/test/pipeline/test-trend-micro.json-expected.json b/packages/cef/data_stream/log/_dev/test/pipeline/test-trend-micro.json-expected.json
index 7e47e6fb443..bcb8d6f3d29 100644
--- a/packages/cef/data_stream/log/_dev/test/pipeline/test-trend-micro.json-expected.json
+++ b/packages/cef/data_stream/log/_dev/test/pipeline/test-trend-micro.json-expected.json
@@ -227,7 +227,7 @@
                     "region_name": "England"
                 },
                 "ip": "81.2.69.192",
-                "mac": "00:50:56:f5:7f:47",
+                "mac": "00-50-56-F5-7F-47",
                 "port": 80
             },
             "ecs": {
@@ -257,7 +257,7 @@
             },
             "source": {
                 "ip": "192.168.126.150",
-                "mac": "00:0c:29:eb:35:de",
+                "mac": "00-0C-29-EB-35-DE",
                 "port": 49617
             },
             "tags": [
@@ -375,7 +375,7 @@
                     "region_name": "England"
                 },
                 "ip": "81.2.69.144",
-                "mac": "00:50:56:f5:7f:47",
+                "mac": "00-50-56-F5-7F-47",
                 "port": 80
             },
             "ecs": {
@@ -409,7 +409,7 @@
             },
             "source": {
                 "ip": "192.168.126.150",
-                "mac": "00:0c:29:eb:35:de",
+                "mac": "00-0C-29-EB-35-DE",
                 "port": 49786
             },
             "tags": [
diff --git a/packages/cef/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/cef/data_stream/log/elasticsearch/ingest_pipeline/default.yml
index 8875ec06952..ab067960c57 100644
--- a/packages/cef/data_stream/log/elasticsearch/ingest_pipeline/default.yml
+++ b/packages/cef/data_stream/log/elasticsearch/ingest_pipeline/default.yml
@@ -106,6 +106,24 @@ processors:
       if: "ctx.cef?.device?.vendor == 'Check Point'"
   - community_id: {}
 
+  # Ensure source.mac and destination.mac are formatted to ECS specifications.
+  - gsub:
+      field: destination.mac
+      ignore_missing: true
+      pattern: '[:.]'
+      replacement: '-'
+  - gsub:
+      field: source.mac
+      ignore_missing: true
+      pattern: '[:.]'
+      replacement: '-'
+  - uppercase:
+      field: destination.mac
+      ignore_missing: true
+  - uppercase:
+      field: source.mac
+      ignore_missing: true
+
   #
   # Timestamp parsing.
   #
diff --git a/packages/cef/manifest.yml b/packages/cef/manifest.yml
index 747d66df2e7..5bcae7fa174 100644
--- a/packages/cef/manifest.yml
+++ b/packages/cef/manifest.yml
@@ -1,6 +1,6 @@
 name: cef
 title: CEF Logs
-version: 2.0.2
+version: "2.0.3"
 release: ga
 description: Collect logs from CEF Logs with Elastic Agent.
 type: integration