Correct firewall log names to be included in a Defender investigation package?

Hi - first time poster,

I work in a SecOps team using Defender for Endpoint. I noticed that when we collect an investigation package from a device in Defender that the firewall logs aren't being found. The advice on Microsoft Learn articles seems to be contradictory as to what firewalls should be named as:

https://learn.microsoft.com/en-us/defender-endpoint/respond-machine-alerts

FirewallExecutionLog.txt and pfirewall.log

The pfirewall.log file must exist in %windir%\system32\logfiles\firewall\pfirewall.log, so it's included in the investigation package. For more information on creating the firewall log file, see https://learn.microsoft.com/en-us/windows/security/operating-system-security/network-security/windows-firewall/configure-logging?tabs=intune.

This section implies for the firewall log to be collected it has to be called "pfirewall.log" but on the linked page it is recommended to change the log file names:

For each profile (Domain, Private, and Public) change the default log file name from %windir%\system32\logfiles\firewall\pfirewall.log to:

%windir%\system32\logfiles\firewall\pfirewall_Domain.log

%windir%\system32\logfiles\firewall\pfirewall_Private.log

%windir%\system32\logfiles\firewall\pfirewall_Public.log

We have tested the changed names and they are not found by the investigation package. Which one is recommended and is the logic used in the Defender investigation package correct?