diff --git a/artifacts/definitions/Linux/Events/TrackProcesses.yaml b/artifacts/definitions/Linux/Events/TrackProcesses.yaml
index c9335ef8b77..765be94f516 100644
--- a/artifacts/definitions/Linux/Events/TrackProcesses.yaml
+++ b/artifacts/definitions/Linux/Events/TrackProcesses.yaml
@@ -45,11 +45,11 @@ sources:
           SELECT * FROM watch_ebpf(events=["sched_process_exit", "sched_process_exec"])
         }, query={
           SELECT * FROM switch(a={
-            SELECT System.ProcessID AS id,
-                    System.ParentProcessID AS parent_id,
+            SELECT System.HostProcessID AS id,
+                    System.HostParentProcessID AS parent_id,
                     "start" AS update_type,
-                    dict(Pid=System.ProcessID,
-                         Ppid=System.ParentProcessID,
+                    dict(Pid=System.HostProcessID,
+                         Ppid=System.HostParentProcessID,
                          Name=System.ProcessName,
                          Username=System.UserID,
                          Exe=EventData.cmdpath,
@@ -60,7 +60,7 @@ sources:
             FROM scope()
             WHERE System.EventName =~ "exec"
           }, end={
-            SELECT System.ProcessID AS id,
+            SELECT System.HostProcessID AS id,
                    NULL AS parent_id,
                    "exit" AS update_type,
                    dict() AS data,