From 514df3656db8fd2d17a99fdb55d31f0c5ace94c4 Mon Sep 17 00:00:00 2001
From: Mika Ayenson <mika.ayenson@elastic.co>
Date: Wed, 21 Sep 2022 13:22:20 -0400
Subject: [PATCH] updating non-ecs-schema to match content on main

---
 detection_rules/etc/non-ecs-schema.json | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/detection_rules/etc/non-ecs-schema.json b/detection_rules/etc/non-ecs-schema.json
index 6d2691150..e8a40512d 100644
--- a/detection_rules/etc/non-ecs-schema.json
+++ b/detection_rules/etc/non-ecs-schema.json
@@ -43,6 +43,8 @@
         "PrivilegeList": "keyword", 
         "AuthenticationPackageName" : "keyword", 
         "TargetUserSid" : "keyword", 
+        "DnsHostName" : "keyword",
+        "LogonProcessName": "keyword",
         "DnsHostName" : "keyword", 
         "TaskName": "keyword", 
         "Status": "keyword"
@@ -83,6 +85,10 @@
     "kubernetes.audit.requestObject.spec.volumes.hostPath.path": "keyword",
     "kubernetes.audit.requestObject.spec.type": "keyword",
     "kubernetes.audit.requestObject.rules.resources": "keyword",
-    "kubernetes.audit.requestObject.rules.verb": "keyword"
+    "kubernetes.audit.requestObject.rules.verb": "keyword",
+    "kubernetes.audit.objectRef.namespace": "keyword",
+    "kubernetes.audit.objectRef.serviceAccountName": "keyword",
+    "kubernetes.audit.requestObject.spec.serviceAccountName": "keyword",
+    "kubernetes.audit.responseStatus.reason": "keyword"
   }
 }