Bump zoom rule to production (#427)

etc/non-ecs-schema.json

@@ -9,5 +9,12 @@
   },
   "winlogbeat-*": {
     "winlog.event_data.OriginalFileName": "keyword"
+  },
+  "filebeat-*": {
+    "zoom": {
+      "meeting": {
+        "password": "keyword"
+      }
+    }
   }
 }

rules/cross-platform/initial_access_zoom_meeting_with_no_passcode.toml

@@ -1,8 +1,7 @@
 [metadata]
 creation_date = "2020/09/14"
 ecs_version = ["1.6.0"]
-maturity = "development"
-query_schema_validation = false
+maturity = "production"
 updated_date = "2020/10/26"
 
 [rule]
@@ -38,8 +37,8 @@ tags = [
 type = "query"
 
 query = '''
-event.type:creation and event.module:zoom and event.dataset:zoom.webhook
- and event.action:meeting.created and not zoom.meeting.password:*
+event.type:creation and event.module:zoom and event.dataset:zoom.webhook and
+  event.action:meeting.created and not zoom.meeting.password:*
 '''