diff --git a/detection_rules/etc/non-ecs-schema.json b/detection_rules/etc/non-ecs-schema.json
index 447f3634c..d6f47d23b 100644
--- a/detection_rules/etc/non-ecs-schema.json
+++ b/detection_rules/etc/non-ecs-schema.json
@@ -56,5 +56,9 @@
   },
   "logs-windows.*": {
     "powershell.file.script_block_text": "text"
+  },
+  "logs-kubernetes.*": {
+    "kubernetes.audit.objectRef.resource": "keyword",
+    "kubernetes.audit.objectRef.subresource": "keyword"
   }
 }