diff --git a/etc/non-ecs-schema.json b/etc/non-ecs-schema.json
index 736363dbd..ce139364c 100644
--- a/etc/non-ecs-schema.json
+++ b/etc/non-ecs-schema.json
@@ -9,5 +9,12 @@
   },
   "winlogbeat-*": {
     "winlog.event_data.OriginalFileName": "keyword"
+  },
+  "filebeat-*": {
+    "zoom": {
+      "meeting": {
+        "password": "keyword"
+      }
+    }
   }
 }
diff --git a/rules/cross-platform/initial_access_zoom_meeting_with_no_passcode.toml b/rules/cross-platform/initial_access_zoom_meeting_with_no_passcode.toml
index af0b5739b..d86867afd 100644
--- a/rules/cross-platform/initial_access_zoom_meeting_with_no_passcode.toml
+++ b/rules/cross-platform/initial_access_zoom_meeting_with_no_passcode.toml
@@ -1,8 +1,7 @@
 [metadata]
 creation_date = "2020/09/14"
 ecs_version = ["1.6.0"]
-maturity = "development"
-query_schema_validation = false
+maturity = "production"
 updated_date = "2020/10/26"
 
 [rule]
@@ -38,8 +37,8 @@ tags = [
 type = "query"
 
 query = '''
-event.type:creation and event.module:zoom and event.dataset:zoom.webhook
- and event.action:meeting.created and not zoom.meeting.password:*
+event.type:creation and event.module:zoom and event.dataset:zoom.webhook and
+  event.action:meeting.created and not zoom.meeting.password:*
 '''