diff --git a/roles/wazuh/ansible-filebeat/templates/filebeat.yml.j2 b/roles/wazuh/ansible-filebeat/templates/filebeat.yml.j2
index 8e6287ec..202af578 100644
--- a/roles/wazuh/ansible-filebeat/templates/filebeat.yml.j2
+++ b/roles/wazuh/ansible-filebeat/templates/filebeat.yml.j2
@@ -53,6 +53,15 @@ output.elasticsearch:
   #pipeline: geoip
   indices:
     - index: 'wazuh-alerts-3.x-%{+yyyy.MM.dd}'
+{% if filebeat_xpack_security %}
+  username: {{ elasticsearch_user }}
+  password: {{ elasticsearch_password }}
+  protocol: https
+  ssl.certificate_authorities: 
+    - {{node_certs_destination}}/ca.crt
+  ssl.certificate: "{{node_certs_destination}}/{{ filebeat_node_name }}.crt" 
+  ssl.key: "{{node_certs_destination}}/{{ filebeat_node_name }}.key"
+{% endif %}
 
 # Optional. Send events to Logstash instead of Elasticsearch
 #output.logstash.hosts: ["YOUR_LOGSTASH_SERVER_IP:5000"]
\ No newline at end of file