diff --git a/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/default.yml b/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/default.yml
index 81d9dcc8..f6b25023 100644
--- a/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/default.yml
+++ b/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/default.yml
@@ -77,6 +77,7 @@ field_mapping:
   OldTargetUserName: xdm.target.user.username
   UserPrincipalName: xdm.source.user.username
   DestAddress: xdm.target.ipv4
+  SubjectAccountName: xdm.source.user.username
   SubjectUserName: xdm.source.user.username
   SubjectUserSid: xdm.source.user.identifier
   SourceAddr: xdm.source.ipv4
@@ -117,7 +118,6 @@ field_mapping:
   method: xdm.network.http.method
   notice.user_agent: xdm.network.http.browser
   hasIdentity: xdm.source.user.identity_type
-  SubjectAccountName: xdm.source.user.username
   ComputerName: xdm.source.host.hostname
   ExternalSeverity: xdm.alert.severity
   SourceMAC: xdm.source.host.mac_addresses
diff --git a/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/windows_security.yml b/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/windows_security.yml
index 42fe9a54..59a56f71 100644
--- a/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/windows_security.yml
+++ b/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/windows_security.yml
@@ -7,7 +7,8 @@ default_log_source:
 field_mapping:
   EventID: action_evtlog_event_id
   Provider_Name: provider_name
-
+  SubjectAccountName: actor_effective_username
+  
 raw_log_fields:
   ParentImage: regex
   AccessMask: regex
diff --git a/uncoder-core/app/translator/mappings/platforms/qradar/windows_security.yml b/uncoder-core/app/translator/mappings/platforms/qradar/windows_security.yml
index 20883e94..7d01b97e 100644
--- a/uncoder-core/app/translator/mappings/platforms/qradar/windows_security.yml
+++ b/uncoder-core/app/translator/mappings/platforms/qradar/windows_security.yml
@@ -130,6 +130,9 @@ field_mapping:
   NewValue: NewValue
   Source: Source
   Status: Status
+  SubjectAccountName: 
+    - Subject Account Name
+    - SubjectAccountName
   SubjectDomainName: SubjectDomainName
   SubjectUserName: Target Username
   SubjectUserSid: SubjectUserSid
@@ -171,5 +174,4 @@ field_mapping:
   UserID: UserID
   ParentProcessName: Parent Process Name
   Service: Service
-  hasIdentity: hasIdentity
-  SubjectAccountName: SubjectAccountName
\ No newline at end of file
+  hasIdentity: hasIdentity
\ No newline at end of file