Add generated files

docs/fields/field-details.asciidoc

@@ -9060,6 +9060,25 @@ A concrete example is IP addresses, which can be under host, observer, source, d
 
 // ===============================================================
 
+|
+[[field-related-entity]]
+<<field-related-entity, related.entity>>
+
+a| All the entity identifiers related to the document. If the document contains multiple entities, identifiers belonging to different entities will be present. Example identifiers include Cloud Resource Ids, ARNs, email addresses, or hostnames.
+
+type: keyword
+
+
+Note: this field should contain an array of values.
+
+
+
+
+
+| extended
+
+// ===============================================================
+
 |
 [[field-related-hash]]
 <<field-related-hash, related.hash>>

experimental/generated/beats/fields.ecs.yml

@@ -7864,6 +7864,15 @@
  type: group
  default_field: true
  fields:
+ - name: entity
+ level: extended
+ type: keyword
+ ignore_above: 1024
+ description: All the entity identifiers related to the document. If the document
+ contains multiple entities, identifiers belonging to different entities will
+ be present. Example identifiers include Cloud Resource Ids, ARNs, email addresses,
+ or hostnames.
+ default_field: false
  - name: hash
  level: extended
  type: keyword

experimental/generated/csv/fields.csv

@@ -1016,6 +1016,7 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description
 8.12.0-dev+exp,true,registry,registry.key,keyword,core,,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe,Hive-relative path of keys.
 8.12.0-dev+exp,true,registry,registry.path,keyword,core,,HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe\Debugger,"Full path, including hive, key and value"
 8.12.0-dev+exp,true,registry,registry.value,keyword,core,,Debugger,Name of the value written.
+8.12.0-dev+exp,true,related,related.entity,keyword,extended,array,,All the entity identifiers
 8.12.0-dev+exp,true,related,related.hash,keyword,extended,array,,All the hashes seen on your event.
 8.12.0-dev+exp,true,related,related.hosts,keyword,extended,array,,All the host identifiers seen on your event.
 8.12.0-dev+exp,true,related,related.ip,ip,extended,array,,All of the IPs seen on your event.

experimental/generated/ecs/ecs_flat.yml

@@ -12796,6 +12796,20 @@ registry.value:
  normalize: []
  short: Name of the value written.
  type: keyword
+related.entity:
+ dashed_name: related-entity
+ description: All the entity identifiers related to the document. If the document
+ contains multiple entities, identifiers belonging to different entities will be
+ present. Example identifiers include Cloud Resource Ids, ARNs, email addresses,
+ or hostnames.
+ flat_name: related.entity
+ ignore_above: 1024
+ level: extended
+ name: entity
+ normalize:
+ - array
+ short: All the entity identifiers
+ type: keyword
 related.hash:
  dashed_name: related-hash
  description: All the hashes seen on your event. Populating this field, then using

experimental/generated/ecs/ecs_nested.yml

@@ -15226,6 +15226,20 @@ related:
  `related.ip`, you can then search for a given IP trivially, no matter where it
  appeared, by querying `related.ip:192.0.2.15`.'
  fields:
+ related.entity:
+ dashed_name: related-entity
+ description: All the entity identifiers related to the document. If the document
+ contains multiple entities, identifiers belonging to different entities will
+ be present. Example identifiers include Cloud Resource Ids, ARNs, email addresses,
+ or hostnames.
+ flat_name: related.entity
+ ignore_above: 1024
+ level: extended
+ name: entity
+ normalize:
+ - array
+ short: All the entity identifiers
+ type: keyword
  related.hash:
  dashed_name: related-hash
  description: All the hashes seen on your event. Populating this field, then

experimental/generated/elasticsearch/composable/component/related.json

@@ -8,6 +8,10 @@
  "properties": {
  "related": {
  "properties": {
+ "entity": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
  "hash": {
  "ignore_above": 1024,
  "type": "keyword"

experimental/generated/elasticsearch/legacy/template.json

@@ -4644,6 +4644,10 @@
  },
  "related": {
  "properties": {
+ "entity": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
  "hash": {
  "ignore_above": 1024,
  "type": "keyword"

generated/beats/fields.ecs.yml

@@ -7814,6 +7814,15 @@
  type: group
  default_field: true
  fields:
+ - name: entity
+ level: extended
+ type: keyword
+ ignore_above: 1024
+ description: All the entity identifiers related to the document. If the document
+ contains multiple entities, identifiers belonging to different entities will
+ be present. Example identifiers include Cloud Resource Ids, ARNs, email addresses,
+ or hostnames.
+ default_field: false
  - name: hash
  level: extended
  type: keyword

generated/csv/fields.csv

@@ -1009,6 +1009,7 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description
 8.12.0-dev,true,registry,registry.key,keyword,core,,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe,Hive-relative path of keys.
 8.12.0-dev,true,registry,registry.path,keyword,core,,HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe\Debugger,"Full path, including hive, key and value"
 8.12.0-dev,true,registry,registry.value,keyword,core,,Debugger,Name of the value written.
+8.12.0-dev,true,related,related.entity,keyword,extended,array,,All the entity identifiers
 8.12.0-dev,true,related,related.hash,keyword,extended,array,,All the hashes seen on your event.
 8.12.0-dev,true,related,related.hosts,keyword,extended,array,,All the host identifiers seen on your event.
 8.12.0-dev,true,related,related.ip,ip,extended,array,,All of the IPs seen on your event.

generated/ecs/ecs_flat.yml

@@ -12727,6 +12727,20 @@ registry.value:
  normalize: []
  short: Name of the value written.
  type: keyword
+related.entity:
+ dashed_name: related-entity
+ description: All the entity identifiers related to the document. If the document
+ contains multiple entities, identifiers belonging to different entities will be
+ present. Example identifiers include Cloud Resource Ids, ARNs, email addresses,
+ or hostnames.
+ flat_name: related.entity
+ ignore_above: 1024
+ level: extended
+ name: entity
+ normalize:
+ - array
+ short: All the entity identifiers
+ type: keyword
 related.hash:
  dashed_name: related-hash
  description: All the hashes seen on your event. Populating this field, then using

generated/ecs/ecs_nested.yml

@@ -15146,6 +15146,20 @@ related:
  `related.ip`, you can then search for a given IP trivially, no matter where it
  appeared, by querying `related.ip:192.0.2.15`.'
  fields:
+ related.entity:
+ dashed_name: related-entity
+ description: All the entity identifiers related to the document. If the document
+ contains multiple entities, identifiers belonging to different entities will
+ be present. Example identifiers include Cloud Resource Ids, ARNs, email addresses,
+ or hostnames.
+ flat_name: related.entity
+ ignore_above: 1024
+ level: extended
+ name: entity
+ normalize:
+ - array
+ short: All the entity identifiers
+ type: keyword
  related.hash:
  dashed_name: related-hash
  description: All the hashes seen on your event. Populating this field, then

generated/elasticsearch/composable/component/related.json

@@ -8,6 +8,10 @@
  "properties": {
  "related": {
  "properties": {
+ "entity": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
  "hash": {
  "ignore_above": 1024,
  "type": "keyword"

generated/elasticsearch/legacy/template.json

@@ -4602,6 +4602,10 @@
  },
  "related": {
  "properties": {
+ "entity": {
+ "ignore_above": 1024,
+ "type": "keyword"
+ },
  "hash": {
  "ignore_above": 1024,
  "type": "keyword"