diff --git a/cypress/fixtures/integration_tests/rule/create_dns_rule.json b/cypress/fixtures/integration_tests/rule/create_dns_rule.json
index ae89e69da..5e38ab4bd 100644
--- a/cypress/fixtures/integration_tests/rule/create_dns_rule.json
+++ b/cypress/fixtures/integration_tests/rule/create_dns_rule.json
@@ -16,7 +16,7 @@
     }
   ],
   "log_source": "",
-  "detection": "selection:\n  DnsQuestionName:\n    - QWE\n    - ASD\n    - YXC\ncondition: selection",
+  "detection": "selection:\n  query:\n    - QWE\n    - ASD\n    - YXC\ncondition: selection",
   "level": "low",
   "false_positives": [
     {
diff --git a/public/pages/CreateDetector/components/ConfigureFieldMapping/containers/ConfigureFieldMapping.tsx b/public/pages/CreateDetector/components/ConfigureFieldMapping/containers/ConfigureFieldMapping.tsx
index 281225cd1..18ebf6f94 100644
--- a/public/pages/CreateDetector/components/ConfigureFieldMapping/containers/ConfigureFieldMapping.tsx
+++ b/public/pages/CreateDetector/components/ConfigureFieldMapping/containers/ConfigureFieldMapping.tsx
@@ -23,6 +23,7 @@ import { DetectorCreationStep } from '../../../models/types';
 import { GetFieldMappingViewResponse } from '../../../../../../server/models/interfaces';
 import FieldMappingService from '../../../../../services/FieldMappingService';
 import { MappingViewType } from '../components/RequiredFieldMapping/FieldMappingsTable';
+import { CreateDetectorRulesState } from '../../DefineDetector/components/DetectionRules/DetectionRules';
 
 export interface ruleFieldToIndexFieldMap {
   [fieldName: string]: string;
@@ -32,10 +33,11 @@ interface ConfigureFieldMappingProps extends RouteComponentProps {
   isEdit: boolean;
   detector: Detector;
   filedMappingService: FieldMappingService;
-  replaceFieldMappings: (mappings: FieldMapping[]) => void;
   fieldMappings: FieldMapping[];
-  updateDataValidState: (step: DetectorCreationStep, isValid: boolean) => void;
   loading: boolean;
+  enabledRules: CreateDetectorRulesState['allRules'];
+  updateDataValidState: (step: DetectorCreationStep, isValid: boolean) => void;
+  replaceFieldMappings: (mappings: FieldMapping[]) => void;
 }
 
 interface ConfigureFieldMappingState {
@@ -67,6 +69,17 @@ export default class ConfigureFieldMapping extends Component<
     this.getAllMappings();
   };
 
+  private getRuleFieldsForEnabledRules(): Set<string> {
+    const ruleFieldsForEnabledRules = new Set<string>();
+    this.props.enabledRules.forEach((rule) => {
+      rule._source.query_field_names.forEach((fieldname) => {
+        ruleFieldsForEnabledRules.add(fieldname.value);
+      });
+    });
+
+    return ruleFieldsForEnabledRules;
+  }
+
   getAllMappings = async () => {
     this.setState({ loading: true });
     const mappingsView = await this.props.filedMappingService.getMappingsView(
@@ -75,14 +88,31 @@ export default class ConfigureFieldMapping extends Component<
     );
     if (mappingsView.ok) {
       const existingMappings = { ...this.state.createdMappings };
+      const ruleFieldsForEnabledRules = this.getRuleFieldsForEnabledRules();
+      const unmappedRuleFields = new Set(mappingsView.response.unmapped_field_aliases);
+
       Object.keys(mappingsView.response.properties).forEach((ruleFieldName) => {
+        // Filter the mappings view to include only the rule fields for the enabled rules
+        if (!ruleFieldsForEnabledRules.has(ruleFieldName)) {
+          delete mappingsView.response.properties[ruleFieldName];
+          return;
+        }
+
         existingMappings[ruleFieldName] =
           this.state.createdMappings[ruleFieldName] ||
           mappingsView.response.properties[ruleFieldName].path;
       });
+      mappingsView.response.unmapped_field_aliases?.forEach((ruleFieldName) => {
+        if (!ruleFieldsForEnabledRules.has(ruleFieldName)) {
+          unmappedRuleFields.delete(ruleFieldName);
+        }
+      });
       this.setState({
         createdMappings: existingMappings,
-        mappingsData: mappingsView.response,
+        mappingsData: {
+          ...mappingsView.response,
+          unmapped_field_aliases: Array.from(unmappedRuleFields),
+        },
       });
       this.updateMappingSharedState(existingMappings);
     }
diff --git a/public/pages/CreateDetector/components/DefineDetector/components/DetectionRules/DetectionRules.tsx b/public/pages/CreateDetector/components/DefineDetector/components/DetectionRules/DetectionRules.tsx
index 6c8c60679..f31596a85 100644
--- a/public/pages/CreateDetector/components/DefineDetector/components/DetectionRules/DetectionRules.tsx
+++ b/public/pages/CreateDetector/components/DefineDetector/components/DetectionRules/DetectionRules.tsx
@@ -60,6 +60,7 @@ export const DetectionRules: React.FC<DetectionRulesProps> = ({
         logType: rule._source.category,
         name: rule._source.title,
         severity: rule._source.level,
+        ruleInfo: rule,
       })),
     [rulesState.allRules]
   );
diff --git a/public/pages/CreateDetector/containers/CreateDetector.tsx b/public/pages/CreateDetector/containers/CreateDetector.tsx
index 0ebd84224..90f3d71fa 100644
--- a/public/pages/CreateDetector/containers/CreateDetector.tsx
+++ b/public/pages/CreateDetector/containers/CreateDetector.tsx
@@ -320,6 +320,7 @@ export default class CreateDetector extends Component<CreateDetectorProps, Creat
             loading={false}
             filedMappingService={services.fieldMappingService}
             fieldMappings={this.state.fieldMappings}
+            enabledRules={this.state.rulesState.allRules.filter((rule) => rule.enabled)}
             replaceFieldMappings={this.replaceFieldMappings}
             updateDataValidState={this.updateDataValidState}
           />
diff --git a/server/models/interfaces/Rules.ts b/server/models/interfaces/Rules.ts
index a1e5e1d8b..89afa6bae 100644
--- a/server/models/interfaces/Rules.ts
+++ b/server/models/interfaces/Rules.ts
@@ -68,4 +68,5 @@ export type RuleSource = Rule & {
   rule: string;
   last_update_time: string;
   queries: { value: string }[];
+  query_field_names: { value: string }[];
 };