diff --git a/uncoder-core/app/translator/core/models/field.py b/uncoder-core/app/translator/core/models/field.py
index 10b661b0..2576f93a 100644
--- a/uncoder-core/app/translator/core/models/field.py
+++ b/uncoder-core/app/translator/core/models/field.py
@@ -60,6 +60,11 @@ def value(self) -> Union[int, str, StrValue, list[Union[int, str, StrValue]]]:
             return self.values[0]
         return self.values
 
+    @value.setter
+    def value(self, new_value: Union[int, str, StrValue, list[Union[int, str, StrValue]]]) -> None:
+        self.values = []
+        self.__add_value(new_value)
+
     def __add_value(self, value: Optional[Union[int, str, StrValue, list, tuple]]) -> None:
         if value and isinstance(value, (list, tuple)):
             for v in value:
diff --git a/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/windows_registry_event.yml b/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/windows_registry_event.yml
index 86110049..04abb36b 100644
--- a/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/windows_registry_event.yml
+++ b/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/windows_registry_event.yml
@@ -28,4 +28,5 @@ field_mapping:
   ParentIntegrityLevel: causality_actor_process_integrity_level
   ParentLogonId: causality_actor_process_logon_id
   ParentProduct: causality_actor_process_signature_product
-  ParentCompany: causality_actor_process_signature_vendor
\ No newline at end of file
+  ParentCompany: causality_actor_process_signature_vendor
+  EventType: event_sub_type
\ No newline at end of file
diff --git a/uncoder-core/app/translator/platforms/palo_alto/renders/cortex_xsiam.py b/uncoder-core/app/translator/platforms/palo_alto/renders/cortex_xsiam.py
index 54f50916..ba673cd2 100644
--- a/uncoder-core/app/translator/platforms/palo_alto/renders/cortex_xsiam.py
+++ b/uncoder-core/app/translator/platforms/palo_alto/renders/cortex_xsiam.py
@@ -21,6 +21,9 @@
 
 from app.translator.const import DEFAULT_VALUE_TYPE
 from app.translator.core.custom_types.values import ValueType
+from app.translator.core.mapping import SourceMapping
+from app.translator.core.models.field import FieldValue, Keyword
+from app.translator.core.models.identifier import Identifier
 from app.translator.core.models.platform_details import PlatformDetails
 from app.translator.core.render import BaseQueryFieldValue, PlatformQueryRender
 from app.translator.core.str_value_manager import StrValue
@@ -34,6 +37,16 @@
 )
 from app.translator.platforms.palo_alto.str_value_manager import cortex_xql_str_value_manager
 
+SOURCE_MAPPING_TO_FIELD_VALUE_MAP = {
+    "windows_registry_event": {
+        "EventType": {
+            "SetValue": "REGISTRY_SET_VALUE",
+            "DeleteValue": "REGISTRY_DELETE_VALUE",
+            "CreateKey": "REGISTRY_CREATE_KEY",
+        }
+    }
+}
+
 
 class CortexXQLFieldValue(BaseQueryFieldValue):
     details: PlatformDetails = cortex_xql_query_details
@@ -173,6 +186,19 @@ def generate_prefix(self, log_source_signature: CortexXQLLogSourceSignature, fun
         functions_prefix = f"{functions_prefix} | " if functions_prefix else ""
         return f"{functions_prefix}{log_source_signature}"
 
+    def apply_token(self, token: Union[FieldValue, Keyword, Identifier], source_mapping: SourceMapping) -> str:
+        if isinstance(token, FieldValue):
+            field_name = token.field.source_name
+            if values_map := SOURCE_MAPPING_TO_FIELD_VALUE_MAP.get(source_mapping.source_id, {}).get(field_name):
+                values_to_update = []
+                for token_value in token.values:
+                    mapped_value: str = values_map.get(token_value, token_value)
+                    values_to_update.append(
+                        StrValue(value=mapped_value, split_value=mapped_value.split()) if mapped_value else token_value
+                    )
+                token.value = values_to_update
+        return super().apply_token(token=token, source_mapping=source_mapping)
+
     @staticmethod
     def _finalize_search_query(query: str) -> str:
         return f"| filter {query}" if query else ""

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml'>
<head>
<title>pFad - Phonifier reborn</title>
<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />
</head>
<body>
<h1>Pfad - The Proxy pFad of &#169; 2024 Garber Painting. All rights reserved.</h1>


<!-- Disclaimer -->
<p>Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.</p>
<br>
<p>Alternative Proxies:</p><p><a href="http://rainy.clevelandohioweatherforecast.com/php-proxy/index.php?q=https://patch-diff.githubusercontent.com/raw/UncoderIO/Uncoder_IO/pull/162.diff" target="_blank">Alternative Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/index.php?u=https://patch-diff.githubusercontent.com/raw/UncoderIO/Uncoder_IO/pull/162.diff" target="_blank">pFad Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/v3index.php?u=https://patch-diff.githubusercontent.com/raw/UncoderIO/Uncoder_IO/pull/162.diff" target="_blank">pFad v3 Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/v4index.php?u=https://patch-diff.githubusercontent.com/raw/UncoderIO/Uncoder_IO/pull/162.diff" target="_blank">pFad v4 Proxy</a></p></body>
</html>