Hi @spazzrabbit,
As you've identified, it sounds like your winlogbeat data is missing some required mappings. Since Elastic Security rules require ECS fields, the errors you're seeing are due to those missing mappings.
You mentioned you're using winlogbeat, which should contain these fields by default. Can I ask how you set up winlogbeat?
Most of these mappings come from the associated index templates that are created via e.g. winlogbeat setup
; it seems possible that those templates were not created before winlogbeat was started. Ingest pipelines is another aspect to examine, as those provide much of the winlogbeat data itself.
In general, this looks pretty similar to No event.category in Winlogbeat; I would suggest looking there for ideas as well.