diff --git a/schemas/process.yml b/schemas/process.yml
index 9b42a21d4a..91dd677074 100644
--- a/schemas/process.yml
+++ b/schemas/process.yml
@@ -202,6 +202,28 @@
       description: >
         Thread name.
 
+    - name: thread.capabilities.permitted
+      level: extended
+      type: keyword
+      short: Array of capabilities a thread could assume.
+      description: >
+        This is a limiting superset for the effective capabilities that the
+        thread may assume.
+      example: "[\"CAP_BPF\", \"CAP_SYS_ADMIN\"]"
+      normalize:
+        - array
+
+    - name: thread.capabilities.effective
+      level: extended
+      type: keyword
+      short: Array of capabilities used for permission checks.
+      description: >
+        This is the set of capabilities used by the kernel to perform permission
+        checks for the thread.
+      example: "[\"CAP_BPF\", \"CAP_SYS_ADMIN\"]"
+      normalize:
+        - array
+
     - name: start
       level: extended
       type: date