diff --git a/Citrix/citrix-adc/ingest/parser.yml b/Citrix/citrix-adc/ingest/parser.yml
index 9c6c377a7..6fead398e 100644
--- a/Citrix/citrix-adc/ingest/parser.yml
+++ b/Citrix/citrix-adc/ingest/parser.yml
@@ -90,7 +90,7 @@ pipeline:
           CIPHER_SUITE: '"?"?[\w\-\.]+"?"?'
 
   - name: set_audit_log_fields
-    filter: '{{not original.message.startswith("CEF")}}'
+    filter: '{{not original.message.startswith("CEF") and parse_audit_header.message.type not in ["AAATM"]}}'
 
   - name: set_connection_log_fields
     filter: "{{ parse_audit_header.message.type == 'TCP' }}"
@@ -105,7 +105,7 @@ pipeline:
     filter: "{{ parse_audit_header.message.type == 'SSLLOG' }}"
 
   - name: set_other_log_fields
-    filter: "{{ parse_audit_header.message.type not in ['SSLVPN', 'SSLLOG', 'TCP'] }}"
+    filter: "{{ parse_audit_header.message.type not in ['SSLVPN', 'SSLLOG', 'TCP', 'AAATM'] }}"
 
 stages:
   set_cef_header_fields:
@@ -113,17 +113,21 @@ stages:
       - set:
           event.kind: "alert"
           event.dataset: "alert"
+
       - set:
           observer.vendor: "{{parsed_event.message.DeviceVendor}}"
           observer.product: "{{parsed_event.message.DeviceProduct}}"
           observer.version: "{{parsed_event.message.DeviceVersion}}"
+
       - set:
           source.ip: "{{parsed_event.message.src}}"
           source.port: "{{parsed_event.message.spt}}"
+
       - set:
           event.reason: "{{parsed_event.message.msg}}"
           event.action: "{{parsed_event.message.act}}"
           event.category: ["network"]
+
       - set:
           url.original: "{{parsed_event.message.request}}"
       - set:
diff --git a/Citrix/citrix-adc/tests/test_aaatm.json b/Citrix/citrix-adc/tests/test_aaatm.json
index 8db673e24..abc914658 100644
--- a/Citrix/citrix-adc/tests/test_aaatm.json
+++ b/Citrix/citrix-adc/tests/test_aaatm.json
@@ -4,20 +4,12 @@
   },
   "expected": {
     "message": "09/29/2023:07:40:56 GMT ADC 0-PPE-1 : default AAATM Message 1111111111 0 :  \"AAA JSON-PARSE: ns_aaa_json_parser_StartElementHandler: NAME_VAL state, multi valued attribute start 'ConnectionId' seen\"",
-    "event": {
-      "category": [
-        "network"
-      ],
-      "code": "Message",
-      "dataset": "audit_aaatm",
-      "reason": "\"AAA JSON-PARSE: ns_aaa_json_parser_StartElementHandler: NAME_VAL state, multi valued attribute start 'ConnectionId' seen\"",
-      "type": [
-        "connection"
-      ]
-    },
-    "@timestamp": "2023-09-29T07:40:56Z",
-    "observer": {
-      "name": "ADC"
+    "sekoiaio": {
+      "intake": {
+        "parsing_warnings": [
+          "No fields extracted from original event"
+        ]
+      }
     }
   }
 }
\ No newline at end of file