diff --git a/ecs/vulnerability-detector/fields/template-settings-legacy.json b/ecs/vulnerability-detector/fields/template-settings-legacy.json
index 21ee9e7a850fc..5f3135175c9af 100644
--- a/ecs/vulnerability-detector/fields/template-settings-legacy.json
+++ b/ecs/vulnerability-detector/fields/template-settings-legacy.json
@@ -13,7 +13,23 @@
       },
       "number_of_shards": "1",
       "number_of_replicas": "0",
-      "refresh_interval": "2s"
+      "refresh_interval": "2s",
+      "query.default_field": [
+        "base.tags",
+        "agent.id",
+        "ecs.version",
+        "event.id",
+        "event.module",
+        "event.severity",
+        "host.os.family",
+        "host.os.full.text",
+        "host.os.version",
+        "package.name",
+        "package.version",
+        "vulnerability.id",
+        "vulnerability.description.text",
+        "vulnerability.severity"
+      ]
     }
   }
 }
\ No newline at end of file
diff --git a/ecs/vulnerability-detector/fields/template-settings.json b/ecs/vulnerability-detector/fields/template-settings.json
index bf2dcb4216aff..48e2b051599e8 100644
--- a/ecs/vulnerability-detector/fields/template-settings.json
+++ b/ecs/vulnerability-detector/fields/template-settings.json
@@ -14,7 +14,23 @@
         },
         "number_of_shards": "1",
         "number_of_replicas": "0",
-        "refresh_interval": "2s"
+        "refresh_interval": "2s",
+        "query.default_field": [
+          "base.tags",
+          "agent.id",
+          "ecs.version",
+          "event.id",
+          "event.module",
+          "event.severity",
+          "host.os.family",
+          "host.os.full.text",
+          "host.os.version",
+          "package.name",
+          "package.version",
+          "vulnerability.id",
+          "vulnerability.description.text",
+          "vulnerability.severity"
+        ]
       }
     }
   }