From 6f3dc0039095139b196608910ad487cd1593ecf5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=B4mulo=20Farias?= <romulo.farias@elastic.co>
Date: Wed, 14 Aug 2024 14:52:30 +0200
Subject: [PATCH] Add generated files

---
 docs/fields/field-details.asciidoc            | 19 +++++++++++++++++++
 experimental/generated/beats/fields.ecs.yml   |  9 +++++++++
 experimental/generated/csv/fields.csv         |  1 +
 experimental/generated/ecs/ecs_flat.yml       | 14 ++++++++++++++
 experimental/generated/ecs/ecs_nested.yml     | 14 ++++++++++++++
 .../composable/component/related.json         |  4 ++++
 .../elasticsearch/legacy/template.json        |  4 ++++
 generated/beats/fields.ecs.yml                |  9 +++++++++
 generated/csv/fields.csv                      |  1 +
 generated/ecs/ecs_flat.yml                    | 14 ++++++++++++++
 generated/ecs/ecs_nested.yml                  | 14 ++++++++++++++
 .../composable/component/related.json         |  4 ++++
 generated/elasticsearch/legacy/template.json  |  4 ++++
 13 files changed, 111 insertions(+)

diff --git a/docs/fields/field-details.asciidoc b/docs/fields/field-details.asciidoc
index 31273d8c4..a9555fcd9 100644
--- a/docs/fields/field-details.asciidoc
+++ b/docs/fields/field-details.asciidoc
@@ -9060,6 +9060,25 @@ A concrete example is IP addresses, which can be under host, observer, source, d
 
 // ===============================================================
 
+|
+[[field-related-entity]]
+<<field-related-entity, related.entity>>
+
+a| All the entity identifiers related to the document. If the document contains multiple entities, identifiers belonging to different entities will be present. Example identifiers include Cloud Resource Ids, ARNs, email addresses, or hostnames.
+
+type: keyword
+
+
+Note: this field should contain an array of values.
+
+
+
+
+
+| extended
+
+// ===============================================================
+
 |
 [[field-related-hash]]
 <<field-related-hash, related.hash>>
diff --git a/experimental/generated/beats/fields.ecs.yml b/experimental/generated/beats/fields.ecs.yml
index bc95a6db2..eb9742fe0 100644
--- a/experimental/generated/beats/fields.ecs.yml
+++ b/experimental/generated/beats/fields.ecs.yml
@@ -7864,6 +7864,15 @@
     type: group
     default_field: true
     fields:
+    - name: entity
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: All the entity identifiers related to the document. If the document
+        contains multiple entities, identifiers belonging to different entities will
+        be present. Example identifiers include Cloud Resource Ids, ARNs, email addresses,
+        or hostnames.
+      default_field: false
     - name: hash
       level: extended
       type: keyword
diff --git a/experimental/generated/csv/fields.csv b/experimental/generated/csv/fields.csv
index 292ac5f91..b1c3d350b 100644
--- a/experimental/generated/csv/fields.csv
+++ b/experimental/generated/csv/fields.csv
@@ -1016,6 +1016,7 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description
 8.12.0-dev+exp,true,registry,registry.key,keyword,core,,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe,Hive-relative path of keys.
 8.12.0-dev+exp,true,registry,registry.path,keyword,core,,HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe\Debugger,"Full path, including hive, key and value"
 8.12.0-dev+exp,true,registry,registry.value,keyword,core,,Debugger,Name of the value written.
+8.12.0-dev+exp,true,related,related.entity,keyword,extended,array,,All the entity identifiers
 8.12.0-dev+exp,true,related,related.hash,keyword,extended,array,,All the hashes seen on your event.
 8.12.0-dev+exp,true,related,related.hosts,keyword,extended,array,,All the host identifiers seen on your event.
 8.12.0-dev+exp,true,related,related.ip,ip,extended,array,,All of the IPs seen on your event.
diff --git a/experimental/generated/ecs/ecs_flat.yml b/experimental/generated/ecs/ecs_flat.yml
index 02b972886..ff20ac018 100644
--- a/experimental/generated/ecs/ecs_flat.yml
+++ b/experimental/generated/ecs/ecs_flat.yml
@@ -12796,6 +12796,20 @@ registry.value:
   normalize: []
   short: Name of the value written.
   type: keyword
+related.entity:
+  dashed_name: related-entity
+  description: All the entity identifiers related to the document. If the document
+    contains multiple entities, identifiers belonging to different entities will be
+    present. Example identifiers include Cloud Resource Ids, ARNs, email addresses,
+    or hostnames.
+  flat_name: related.entity
+  ignore_above: 1024
+  level: extended
+  name: entity
+  normalize:
+  - array
+  short: All the entity identifiers
+  type: keyword
 related.hash:
   dashed_name: related-hash
   description: All the hashes seen on your event. Populating this field, then using
diff --git a/experimental/generated/ecs/ecs_nested.yml b/experimental/generated/ecs/ecs_nested.yml
index f600ab293..ede3b3a04 100644
--- a/experimental/generated/ecs/ecs_nested.yml
+++ b/experimental/generated/ecs/ecs_nested.yml
@@ -15226,6 +15226,20 @@ related:
     `related.ip`, you can then search for a given IP trivially, no matter where it
     appeared, by querying `related.ip:192.0.2.15`.'
   fields:
+    related.entity:
+      dashed_name: related-entity
+      description: All the entity identifiers related to the document. If the document
+        contains multiple entities, identifiers belonging to different entities will
+        be present. Example identifiers include Cloud Resource Ids, ARNs, email addresses,
+        or hostnames.
+      flat_name: related.entity
+      ignore_above: 1024
+      level: extended
+      name: entity
+      normalize:
+      - array
+      short: All the entity identifiers
+      type: keyword
     related.hash:
       dashed_name: related-hash
       description: All the hashes seen on your event. Populating this field, then
diff --git a/experimental/generated/elasticsearch/composable/component/related.json b/experimental/generated/elasticsearch/composable/component/related.json
index 529fa9a35..2430ad0b2 100644
--- a/experimental/generated/elasticsearch/composable/component/related.json
+++ b/experimental/generated/elasticsearch/composable/component/related.json
@@ -8,6 +8,10 @@
       "properties": {
         "related": {
           "properties": {
+            "entity": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
             "hash": {
               "ignore_above": 1024,
               "type": "keyword"
diff --git a/experimental/generated/elasticsearch/legacy/template.json b/experimental/generated/elasticsearch/legacy/template.json
index 18386e190..b9a9e5604 100644
--- a/experimental/generated/elasticsearch/legacy/template.json
+++ b/experimental/generated/elasticsearch/legacy/template.json
@@ -4644,6 +4644,10 @@
       },
       "related": {
         "properties": {
+          "entity": {
+            "ignore_above": 1024,
+            "type": "keyword"
+          },
           "hash": {
             "ignore_above": 1024,
             "type": "keyword"
diff --git a/generated/beats/fields.ecs.yml b/generated/beats/fields.ecs.yml
index fa0007884..45cc56955 100644
--- a/generated/beats/fields.ecs.yml
+++ b/generated/beats/fields.ecs.yml
@@ -7814,6 +7814,15 @@
     type: group
     default_field: true
     fields:
+    - name: entity
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: All the entity identifiers related to the document. If the document
+        contains multiple entities, identifiers belonging to different entities will
+        be present. Example identifiers include Cloud Resource Ids, ARNs, email addresses,
+        or hostnames.
+      default_field: false
     - name: hash
       level: extended
       type: keyword
diff --git a/generated/csv/fields.csv b/generated/csv/fields.csv
index c31a8de31..8674a5fa1 100644
--- a/generated/csv/fields.csv
+++ b/generated/csv/fields.csv
@@ -1009,6 +1009,7 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description
 8.12.0-dev,true,registry,registry.key,keyword,core,,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe,Hive-relative path of keys.
 8.12.0-dev,true,registry,registry.path,keyword,core,,HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe\Debugger,"Full path, including hive, key and value"
 8.12.0-dev,true,registry,registry.value,keyword,core,,Debugger,Name of the value written.
+8.12.0-dev,true,related,related.entity,keyword,extended,array,,All the entity identifiers
 8.12.0-dev,true,related,related.hash,keyword,extended,array,,All the hashes seen on your event.
 8.12.0-dev,true,related,related.hosts,keyword,extended,array,,All the host identifiers seen on your event.
 8.12.0-dev,true,related,related.ip,ip,extended,array,,All of the IPs seen on your event.
diff --git a/generated/ecs/ecs_flat.yml b/generated/ecs/ecs_flat.yml
index 2022bddaf..1b1419148 100644
--- a/generated/ecs/ecs_flat.yml
+++ b/generated/ecs/ecs_flat.yml
@@ -12727,6 +12727,20 @@ registry.value:
   normalize: []
   short: Name of the value written.
   type: keyword
+related.entity:
+  dashed_name: related-entity
+  description: All the entity identifiers related to the document. If the document
+    contains multiple entities, identifiers belonging to different entities will be
+    present. Example identifiers include Cloud Resource Ids, ARNs, email addresses,
+    or hostnames.
+  flat_name: related.entity
+  ignore_above: 1024
+  level: extended
+  name: entity
+  normalize:
+  - array
+  short: All the entity identifiers
+  type: keyword
 related.hash:
   dashed_name: related-hash
   description: All the hashes seen on your event. Populating this field, then using
diff --git a/generated/ecs/ecs_nested.yml b/generated/ecs/ecs_nested.yml
index 8057eeed1..be1c4cebd 100644
--- a/generated/ecs/ecs_nested.yml
+++ b/generated/ecs/ecs_nested.yml
@@ -15146,6 +15146,20 @@ related:
     `related.ip`, you can then search for a given IP trivially, no matter where it
     appeared, by querying `related.ip:192.0.2.15`.'
   fields:
+    related.entity:
+      dashed_name: related-entity
+      description: All the entity identifiers related to the document. If the document
+        contains multiple entities, identifiers belonging to different entities will
+        be present. Example identifiers include Cloud Resource Ids, ARNs, email addresses,
+        or hostnames.
+      flat_name: related.entity
+      ignore_above: 1024
+      level: extended
+      name: entity
+      normalize:
+      - array
+      short: All the entity identifiers
+      type: keyword
     related.hash:
       dashed_name: related-hash
       description: All the hashes seen on your event. Populating this field, then
diff --git a/generated/elasticsearch/composable/component/related.json b/generated/elasticsearch/composable/component/related.json
index cac093b66..5dc640a08 100644
--- a/generated/elasticsearch/composable/component/related.json
+++ b/generated/elasticsearch/composable/component/related.json
@@ -8,6 +8,10 @@
       "properties": {
         "related": {
           "properties": {
+            "entity": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
             "hash": {
               "ignore_above": 1024,
               "type": "keyword"
diff --git a/generated/elasticsearch/legacy/template.json b/generated/elasticsearch/legacy/template.json
index a6b67033e..db3a79d72 100644
--- a/generated/elasticsearch/legacy/template.json
+++ b/generated/elasticsearch/legacy/template.json
@@ -4602,6 +4602,10 @@
       },
       "related": {
         "properties": {
+          "entity": {
+            "ignore_above": 1024,
+            "type": "keyword"
+          },
           "hash": {
             "ignore_above": 1024,
             "type": "keyword"