diff --git a/pkg/openSearch/osquery/boolQueryBuilder.go b/pkg/openSearch/osquery/boolQueryBuilder.go
index a4e1cef..a704a19 100644
--- a/pkg/openSearch/osquery/boolQueryBuilder.go
+++ b/pkg/openSearch/osquery/boolQueryBuilder.go
@@ -151,7 +151,7 @@ func (q *BoolQueryBuilder) AddFilterRequest(request *filter.Request) error {
 		if handler, ok := operatorMapping[field.Operator]; ok {
 			value := field.Value
 
-			if field.Operator == filter.CompareOperatorExists {
+			if field.Operator == filter.CompareOperatorExists || field.Operator == filter.CompareOperatorDoesNotExist {
 				value = "" // exists operator does not need a value, but for more consistent handling just pass a dummy value
 			}
 			if value == nil {
@@ -289,5 +289,9 @@ func defaultCompareOperators() []CompareOperator {
 			Operator: filter.CompareOperatorExists,
 			Handler:  HandleCompareOperatorExists, MustCondition: true,
 		},
+		{
+			Operator: filter.CompareOperatorDoesNotExist,
+			Handler:  HandleCompareOperatorExists, MustCondition: false,
+		},
 	}
 }
diff --git a/pkg/openSearch/osquery/boolQueryBuilder_test.go b/pkg/openSearch/osquery/boolQueryBuilder_test.go
index 713ace9..701a61e 100644
--- a/pkg/openSearch/osquery/boolQueryBuilder_test.go
+++ b/pkg/openSearch/osquery/boolQueryBuilder_test.go
@@ -608,6 +608,15 @@ func TestBoolQueryBuilder_AddFilterRequest(t *testing.T) {
 		wantDocuments: []ostesting.TestType{doc0, doc1, doc2},
 	})
 
+	// MustNotExists operator
+	addTest("operator must not Exists", testCase{
+		filterRequest: singleFilter(filter.RequestField{
+			Name:     "keywordOmitEmptyField",
+			Operator: filter.CompareOperatorDoesNotExist,
+		}),
+		wantDocuments: []ostesting.TestType{doc0},
+	})
+
 	// BetweenDates operator
 	addTest("operator BetweenDates (date time string)", testCase{
 		filterRequest: singleFilter(filter.RequestField{
diff --git a/pkg/query/filter/type.go b/pkg/query/filter/type.go
index e98d8ab..30c61ac 100644
--- a/pkg/query/filter/type.go
+++ b/pkg/query/filter/type.go
@@ -75,6 +75,7 @@ CompareOperator ENUM(
 	betweenDates
 
 	exists
+	doesNotExist
 
 	isEqualToRating
 	isNotEqualToRating
diff --git a/pkg/query/filter/type_enum.go b/pkg/query/filter/type_enum.go
index 7e884e7..d577071 100644
--- a/pkg/query/filter/type_enum.go
+++ b/pkg/query/filter/type_enum.go
@@ -183,6 +183,8 @@ const (
 	CompareOperatorBetweenDates CompareOperator = "betweenDates"
 	// CompareOperatorExists is a CompareOperator of type exists.
 	CompareOperatorExists CompareOperator = "exists"
+	// CompareOperatorDoesNotExist is a CompareOperator of type doesNotExist.
+	CompareOperatorDoesNotExist CompareOperator = "doesNotExist"
 	// CompareOperatorIsEqualToRating is a CompareOperator of type isEqualToRating.
 	CompareOperatorIsEqualToRating CompareOperator = "isEqualToRating"
 	// CompareOperatorIsNotEqualToRating is a CompareOperator of type isNotEqualToRating.
@@ -222,6 +224,7 @@ var _CompareOperatorNames = []string{
 	string(CompareOperatorAfterDate),
 	string(CompareOperatorBetweenDates),
 	string(CompareOperatorExists),
+	string(CompareOperatorDoesNotExist),
 	string(CompareOperatorIsEqualToRating),
 	string(CompareOperatorIsNotEqualToRating),
 	string(CompareOperatorIsLessThanRating),
@@ -272,6 +275,7 @@ var _CompareOperatorValue = map[string]CompareOperator{
 	"afterDate":                      CompareOperatorAfterDate,
 	"betweenDates":                   CompareOperatorBetweenDates,
 	"exists":                         CompareOperatorExists,
+	"doesNotExist":                   CompareOperatorDoesNotExist,
 	"isEqualToRating":                CompareOperatorIsEqualToRating,
 	"isNotEqualToRating":             CompareOperatorIsNotEqualToRating,
 	"isLessThanRating":               CompareOperatorIsLessThanRating,