diff --git a/detection_rules/etc/non-ecs-schema.json b/detection_rules/etc/non-ecs-schema.json
index 60fafb229..db6b7f23d 100644
--- a/detection_rules/etc/non-ecs-schema.json
+++ b/detection_rules/etc/non-ecs-schema.json
@@ -41,7 +41,8 @@
 	"PrivilegeList": "keyword", 
 	"AuthenticationPackageName" : "keyword", 
 	"TargetUserSid" : "keyword", 
-	"DnsHostName" : "keyword"
+	"DnsHostName" : "keyword",
+	"winlog.event_data.Status": "keyword"
       }
     },
     "winlog.logon.type": "keyword",