diff --git a/packages/system/changelog.yml b/packages/system/changelog.yml
index c4966214943..0a22af1df0d 100644
--- a/packages/system/changelog.yml
+++ b/packages/system/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.66.1"
+  changes:
+    - description: For Windows security event logs, enrich group membership related events with an audit category and subcategory.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/12335
 - version: "1.66.0"
   changes:
     - description: Allow the usage of deprecated log input and support for stack 9.0
diff --git a/packages/system/data_stream/security/elasticsearch/ingest_pipeline/standard.yml b/packages/system/data_stream/security/elasticsearch/ingest_pipeline/standard.yml
index b7b223ae15e..7d407cf6818 100644
--- a/packages/system/data_stream/security/elasticsearch/ingest_pipeline/standard.yml
+++ b/packages/system/data_stream/security/elasticsearch/ingest_pipeline/standard.yml
@@ -1128,6 +1128,7 @@ processors:
         "0CCE921C-69AE-11D9-BED3-505054503030": ["Other Logon/Logoff Events","Logon/Logoff"]
         "0CCE9243-69AE-11D9-BED3-505054503030": ["Network Policy Server","Logon/Logoff"]
         "0CCE9247-69AE-11D9-BED3-505054503030": ["User / Device Claims","Logon/Logoff"]
+        "0CCE9249-69AE-11D9-BED3-505054503030": ["Group Membership","Logon/Logoff"]
         "0CCE921D-69AE-11D9-BED3-505054503030": ["File System","Object Access"]
         "0CCE921E-69AE-11D9-BED3-505054503030": ["Registry","Object Access"]
         "0CCE921F-69AE-11D9-BED3-505054503030": ["Kernel Object","Object Access"]
diff --git a/packages/system/manifest.yml b/packages/system/manifest.yml
index 22855fbfa90..9f00eee86f1 100644
--- a/packages/system/manifest.yml
+++ b/packages/system/manifest.yml
@@ -1,7 +1,7 @@
 format_version: 3.0.2
 name: system
 title: System
-version: "1.66.0"
+version: "1.66.1"
 description: Collect system logs and metrics from your servers with Elastic Agent.
 type: integration
 categories:
diff --git a/packages/windows/changelog.yml b/packages/windows/changelog.yml
index 8e966805057..a473d784b5d 100644
--- a/packages/windows/changelog.yml
+++ b/packages/windows/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "2.4.1"
+  changes:
+    - description: For Windows security event logs, enrich group membership related events with an audit category and subcategory.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/12335
 - version: "2.4.0"
   changes:
     - description: Improve pipeline script to parse fully rendered events correctly.
diff --git a/packages/windows/data_stream/forwarded/elasticsearch/ingest_pipeline/security.yml b/packages/windows/data_stream/forwarded/elasticsearch/ingest_pipeline/security.yml
index f7545e4b415..02f9f05876d 100644
--- a/packages/windows/data_stream/forwarded/elasticsearch/ingest_pipeline/security.yml
+++ b/packages/windows/data_stream/forwarded/elasticsearch/ingest_pipeline/security.yml
@@ -1036,6 +1036,7 @@ processors:
         "0CCE921C-69AE-11D9-BED3-505054503030": ["Other Logon/Logoff Events","Logon/Logoff"]
         "0CCE9243-69AE-11D9-BED3-505054503030": ["Network Policy Server","Logon/Logoff"]
         "0CCE9247-69AE-11D9-BED3-505054503030": ["User / Device Claims","Logon/Logoff"]
+        "0CCE9249-69AE-11D9-BED3-505054503030": ["Group Membership","Logon/Logoff"]
         "0CCE921D-69AE-11D9-BED3-505054503030": ["File System","Object Access"]
         "0CCE921E-69AE-11D9-BED3-505054503030": ["Registry","Object Access"]
         "0CCE921F-69AE-11D9-BED3-505054503030": ["Kernel Object","Object Access"]
diff --git a/packages/windows/manifest.yml b/packages/windows/manifest.yml
index 0eb2467b216..0b6ef156d12 100644
--- a/packages/windows/manifest.yml
+++ b/packages/windows/manifest.yml
@@ -1,6 +1,6 @@
 name: windows
 title: Windows
-version: 2.4.0
+version: 2.4.1
 description: Collect logs and metrics from Windows OS and services with Elastic Agent.
 type: integration
 categories: