diff --git a/config/processors/syslog_security_symantec.endpoint.conf b/config/processors/syslog_security_symantec.endpoint.conf
index 1a302e96..c3f5e0b6 100644
--- a/config/processors/syslog_security_symantec.endpoint.conf
+++ b/config/processors/syslog_security_symantec.endpoint.conf
@@ -410,7 +410,7 @@ filter {
     rename => {"[sepm][Source]" => "[log][logger]"}
     rename => {"[sepm][Disposition]" => "[error][type]"}
     rename => {"[sepm][Event Type]" => "[event][category]"}
-    remove_field => ["[log][date_time]", "[event][created]", "[received][date_time]", "actual_msg"]
+    remove_field => ["[log][date_time]", "[received][date_time]", "actual_msg"]
   }
   if [rule][id] {
     mutate {
@@ -468,7 +468,7 @@ filter {
 
   if [event][start] {
     date {
-      match => ["[event][start]" , "yyyy-MM-dd HH:mm:ss"]
+      match => ["[event][start]", "ISO8601", "yyyy-MM-dd HH:mm:ss", "MMM dd HH:mm:ss"]
       timezone => "GMT"
       locale => "en"
       target => "[event][start]"
@@ -482,7 +482,7 @@ filter {
   }
   if [event][end] {
     date {
-      match => ["[event][end]" , "yyyy-MM-dd HH:mm:ss"]
+      match => ["[event][end]", "ISO8601", "yyyy-MM-dd HH:mm:ss", "MMM dd HH:mm:ss"]
       timezone => "GMT"
       locale => "en"
       target => "[event][end]"