[New Rule] Kubernetes Pod Created with Sensitive hostPath Volume (#2094)

* [New Rule] Kubernetes Pod Created with Sensitive hostPath Volume

created new rule toml and updated non-ecs-schema with k8s fields

* Update rules/integrations/kubernetes/privilege_escalation_pod_created_with_sensitive_hospath_volume.toml

Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>
Co-authored-by: Jonhnathan <jonhnathancesar@gmail.com>
Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>

(cherry picked from commit c1486407aa)

detection_rules/etc/non-ecs-schema.json

@@ -61,6 +61,23 @@
   },
   "logs-kubernetes.*": {
     "kubernetes.audit.objectRef.resource": "keyword",
-    "kubernetes.audit.objectRef.subresource": "keyword"
+    "kubernetes.audit.objectRef.subresource": "keyword",
+    "kubernetes.audit.verb": "keyword",
+    "kubernetes.audit.user.username": "keyword",
+    "kubernetes.audit.impersonatedUser.username": "keyword",
+    "kubernetes.audit.annotations.authorization_k8s_io/decision": "keyword",
+    "kubernetes.audit.annotations.authorization_k8s_io/reason": "keyword",
+    "kubernetes.audit.user.groups": "text",
+    "kubernetes.audit.requestObject.spec.containers.securityContext.privileged": "boolean", 
+    "kubernetes.audit.requestObject.spec.containers.securityContext.allowPrivilegeEscalation": "boolean",
+    "kubernetes.audit.requestObject.spec.securityContext.runAsUser": "long",
+    "kubernetes.audit.requestObject.spec.containers.securityContext.runAsUser": "long",
+    "kubernetes.audit.requestObject.spec.hostPID": "boolean",
+    "kubernetes.audit.requestObject.spec.hostNetwork": "boolean",
+    "kubernetes.audit.requestObject.spec.hostIPC": "boolean",
+    "kubernetes.audit.requestObject.spec.volumes.hostPath.path": "keyword",
+    "kubernetes.audit.requestObject.spec.type": "keyword",
+    "kubernetes.audit.requestObject.rules.resources": "keyword",
+    "kubernetes.audit.requestObject.rules.verb": "keyword"
   }
 }