From 984f2a6fbf70b0afd7944552ef201d5d3de91c78 Mon Sep 17 00:00:00 2001
From: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com>
Date: Mon, 19 Feb 2024 09:37:02 +0100
Subject: [PATCH] [FR] NON_DATASET_PACKAGE list & Data Source tag for
 Auditd_manager (#3430)

* [FR] Add Auditd_Manager to NON_DATASET_PACKAGE

* Changed alphabetical order

---------

Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com>
Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>

(cherry picked from commit a637bcec3886cbc4a708c59e63731c92b901a318)
---
 detection_rules/schemas/definitions.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/detection_rules/schemas/definitions.py b/detection_rules/schemas/definitions.py
index 38aa943fa..c7cb973ef 100644
--- a/detection_rules/schemas/definitions.py
+++ b/detection_rules/schemas/definitions.py
@@ -33,7 +33,7 @@ ELASTICSEARCH_EQL_FEATURES = {
     "allow_sample": (Version.parse('8.6.0'), None),
     "elasticsearch_validate_optional_fields": (Version.parse('7.16.0'), None)
 }
-NON_DATASET_PACKAGES = ['apm', 'endpoint', 'system', 'windows', 'cloud_defend', 'network_traffic']
+NON_DATASET_PACKAGES = ['apm', 'auditd_manager', 'cloud_defend', 'endpoint', 'network_traffic', 'system', 'windows']
 NON_PUBLIC_FIELDS = {
     "related_integrations": (Version.parse('8.3.0'), None),
     "required_fields": (Version.parse('8.3.0'), None),
@@ -68,6 +68,7 @@ TIMELINE_TEMPLATES: Final[dict] = {
 EXPECTED_RULE_TAGS = [
     'Data Source: Active Directory',
     'Data Source: Amazon Web Services',
+    'Data Source: Auditd Manager',
     'Data Source: AWS',
     'Data Source: APM',
     'Data Source: Azure',