[FR] NON_DATASET_PACKAGE list & Data Source tag for Auditd_manager (#…

…3430) * [FR] Add Auditd_Manager to NON_DATASET_PACKAGE * Changed alphabetical order --------- Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com> Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> (cherry picked from commit a637bce)
elastic · Feb 19, 2024 · c98d9a1 · c98d9a1
1 parent 7152801
commit c98d9a1
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/detection_rules/schemas/definitions.py b/detection_rules/schemas/definitions.py
@@ -33,7 +33,7 @@
     "allow_sample": (Version.parse('8.6.0'), None),
     "elasticsearch_validate_optional_fields": (Version.parse('7.16.0'), None)
 }
-NON_DATASET_PACKAGES = ['apm', 'endpoint', 'system', 'windows', 'cloud_defend', 'network_traffic']
+NON_DATASET_PACKAGES = ['apm', 'auditd_manager', 'cloud_defend', 'endpoint', 'network_traffic', 'system', 'windows']
 NON_PUBLIC_FIELDS = {
     "related_integrations": (Version.parse('8.3.0'), None),
     "required_fields": (Version.parse('8.3.0'), None),
@@ -68,6 +68,7 @@
 EXPECTED_RULE_TAGS = [
     'Data Source: Active Directory',
     'Data Source: Amazon Web Services',
+    'Data Source: Auditd Manager',
     'Data Source: AWS',
     'Data Source: APM',
     'Data Source: Azure',