From 66926a8fa2113e8dca9b6a682ef00b52bc4b9225 Mon Sep 17 00:00:00 2001
From: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Date: Fri, 13 Aug 2021 21:24:02 -0400
Subject: [PATCH] Add signal.original_event.reason to signal_extra_fields for
 insertion into old indices (#108594) (#108615)

Co-authored-by: Marshall Main <55718608+marshallmain@users.noreply.github.com>
---
 .../routes/index/signal_extra_fields.json                 | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/signal_extra_fields.json b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/signal_extra_fields.json
index 7bc20fd540b9b..32c084f927d7b 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/signal_extra_fields.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/signal_extra_fields.json
@@ -43,6 +43,14 @@
           }
         }
       },
+      "original_event": {
+        "type": "object",
+        "properties": {
+          "reason": {
+            "type": "keyword"
+          }
+        }
+      },
       "reason": {
         "type": "keyword"
       },