add mapping for winlog

Mikaayenson · Mikaayenson · commit da685681b039 · 2025-09-08T11:07:52.000-05:00
diff --git a/detection_rules/etc/non-ecs-schema.json b/detection_rules/etc/non-ecs-schema.json
@@ -57,7 +57,8 @@
         "Status": "keyword",
         "EnabledPrivilegeList": "keyword",
         "Operation": "keyword",
-        "OperationType": "keyword"
+        "OperationType": "keyword",
+        "NewUACList": "keyword"
       }
     },
     "winlog.logon.type": "keyword",
