elastic
diff --git a/‎detection_rules/etc/deprecated_rules.json‎
Lines changed: 5 additions & 0 deletions b/‎detection_rules/etc/deprecated_rules.json‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎detection_rules/etc/integration-manifests.json.gz‎
2.21 KB b/‎detection_rules/etc/integration-manifests.json.gz‎
2.21 KB
diff --git a/‎detection_rules/etc/integration-schemas.json.gz‎
38.9 KB b/‎detection_rules/etc/integration-schemas.json.gz‎
38.9 KB
diff --git a/‎detection_rules/etc/non-ecs-schema.json‎
Lines changed: 4 additions & 1 deletion b/‎detection_rules/etc/non-ecs-schema.json‎
Lines changed: 4 additions & 1 deletion
@@ -359,6 +359,11 @@
     "rule_name": "Potential Persistence via Cron Job",
     "stack_version": "7.14.0"
   },
+  "bc0c6f0d-dab0-47a3-b135-0925f0a333bc": {
+    "deprecation_date": "2025/11/21",
+    "rule_name": "Deprecated - AWS Root Login Without MFA",
+    "stack_version": "8.19"
+  },
   "c6474c34-4953-447a-903e-9fcb7b6661aa": {
     "deprecation_date": "2021/04/15",
     "rule_name": "IRC (Internet Relay Chat) Protocol Activity to the Internet",
 
@@ -145,7 +145,10 @@
     "kibana.alert.rule.threat.tactic.id": "keyword",
     "kibana.alert.workflow_status": "keyword",
     "kibana.alert.rule.rule_id": "keyword",
-    "kibana.alert.rule.name": "keyword"
+    "kibana.alert.rule.name": "keyword", 
+    "kibana.alert.risk_score": "long",
+    "kibana.alert.rule.type": "keyword",
+    "kibana.alert.rule.threat.tactic.name": "keyword"
   },
   "logs-google_workspace*": {
     "gsuite.admin": "keyword",