elastic
diff --git a/‎custom_schemas/custom_endpoint.yml‎
Lines changed: 18 additions & 0 deletions b/‎custom_schemas/custom_endpoint.yml‎
Lines changed: 18 additions & 0 deletions
diff --git a/‎generated/policy/ecs/ecs_flat.yml‎
Lines changed: 30 additions & 0 deletions b/‎generated/policy/ecs/ecs_flat.yml‎
Lines changed: 30 additions & 0 deletions
diff --git a/‎generated/policy/ecs/subset/policy/ecs_flat.yml‎
Lines changed: 30 additions & 0 deletions b/‎generated/policy/ecs/subset/policy/ecs_flat.yml‎
Lines changed: 30 additions & 0 deletions
diff --git a/‎generated/policy/elasticsearch/7/template.json‎
Lines changed: 13 additions & 0 deletions b/‎generated/policy/elasticsearch/7/template.json‎
Lines changed: 13 additions & 0 deletions
diff --git a/‎package/endpoint/data_stream/policy/fields/fields.yml‎
Lines changed: 17 additions & 0 deletions b/‎package/endpoint/data_stream/policy/fields/fields.yml‎
Lines changed: 17 additions & 0 deletions
diff --git a/‎schemas/v1/policy/policy.yaml‎
Lines changed: 30 additions & 0 deletions b/‎schemas/v1/policy/policy.yaml‎
Lines changed: 30 additions & 0 deletions
@@ -153,6 +153,24 @@
  but not a simple sum of the actions
  short: the overall status of malware
 
+ - name: policy.applied.response.configurations.memory_protection
+ level: custom
+ type: object
+ description: overall memory_protection configuration and status of the applied policy
+
+ - name: policy.applied.response.configurations.memory_protection.concerned_actions
+ level: custom
+ type: keyword
+ description: all actions that were taken for memory_protection
+
+ - name: policy.applied.response.configurations.memory_protection.status
+ level: custom
+ type: keyword
+ description: >
+ the overall status of memory_protection, this is correlated to the status of concerned actions
+ but not a simple sum of the actions
+ short: the overall status of memory_protection
+
  - name: policy.applied.response.configurations.streaming
  level: custom
  type: object
 
@@ -242,6 +242,23 @@
  ignore_above: 1024
  description: the overall status of malware, this is correlated to the status of concerned actions but not a simple sum of the actions
  default_field: false
+ - name: policy.applied.response.configurations.memory_protection
+ level: custom
+ type: object
+ description: overall memory_protection configuration and status of the applied policy
+ default_field: false
+ - name: policy.applied.response.configurations.memory_protection.concerned_actions
+ level: custom
+ type: keyword
+ ignore_above: 1024
+ description: all actions that were taken for memory_protection
+ default_field: false
+ - name: policy.applied.response.configurations.memory_protection.status
+ level: custom
+ type: keyword
+ ignore_above: 1024
+ description: the overall status of memory_protection, this is correlated to the status of concerned actions but not a simple sum of the actions
+ default_field: false
  - name: policy.applied.response.configurations.ransomware.concerned_actions
  level: custom
  type: keyword