Add generated files

Author: romulets

docs/fields/field-details.asciidoc

@@ -9060,6 +9060,25 @@ A concrete example is IP addresses, which can be under host, observer, source, d
 
 // ===============================================================
 
+|
+[[field-related-entity]]
+<<field-related-entity, related.entity>>
+
+a| All the entity identifiers related to the document. If the document contains multiple entities, identifiers belonging to different entities will be present. Example identifiers include Cloud Resource Ids, ARNs, email addresses, or hostnames.
+
+type: keyword
+
+
+Note: this field should contain an array of values.
+
+
+
+
+
+| extended
+
+// ===============================================================
+
 |
 [[field-related-hash]]
 <<field-related-hash, related.hash>>

experimental/generated/beats/fields.ecs.yml

@@ -7864,6 +7864,15 @@
     type: group
     default_field: true
     fields:
+    - name: entity
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: All the entity identifiers related to the document. If the document
+        contains multiple entities, identifiers belonging to different entities will
+        be present. Example identifiers include Cloud Resource Ids, ARNs, email addresses,
+        or hostnames.
+      default_field: false
     - name: hash
       level: extended
       type: keyword

experimental/generated/csv/fields.csv

@@ -1016,6 +1016,7 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description
 8.12.0-dev+exp,true,registry,registry.key,keyword,core,,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe,Hive-relative path of keys.
 8.12.0-dev+exp,true,registry,registry.path,keyword,core,,HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe\Debugger,"Full path, including hive, key and value"
 8.12.0-dev+exp,true,registry,registry.value,keyword,core,,Debugger,Name of the value written.
+8.12.0-dev+exp,true,related,related.entity,keyword,extended,array,,All the entity identifiers
 8.12.0-dev+exp,true,related,related.hash,keyword,extended,array,,All the hashes seen on your event.
 8.12.0-dev+exp,true,related,related.hosts,keyword,extended,array,,All the host identifiers seen on your event.
 8.12.0-dev+exp,true,related,related.ip,ip,extended,array,,All of the IPs seen on your event.

experimental/generated/ecs/ecs_flat.yml

@@ -12796,6 +12796,20 @@ registry.value:
   normalize: []
   short: Name of the value written.
   type: keyword
+related.entity:
+  dashed_name: related-entity
+  description: All the entity identifiers related to the document. If the document
+    contains multiple entities, identifiers belonging to different entities will be
+    present. Example identifiers include Cloud Resource Ids, ARNs, email addresses,
+    or hostnames.
+  flat_name: related.entity
+  ignore_above: 1024
+  level: extended
+  name: entity
+  normalize:
+  - array
+  short: All the entity identifiers
+  type: keyword
 related.hash:
   dashed_name: related-hash
   description: All the hashes seen on your event. Populating this field, then using

experimental/generated/ecs/ecs_nested.yml

@@ -15226,6 +15226,20 @@ related:
     `related.ip`, you can then search for a given IP trivially, no matter where it
     appeared, by querying `related.ip:192.0.2.15`.'
   fields:
+    related.entity:
+      dashed_name: related-entity
+      description: All the entity identifiers related to the document. If the document
+        contains multiple entities, identifiers belonging to different entities will
+        be present. Example identifiers include Cloud Resource Ids, ARNs, email addresses,
+        or hostnames.
+      flat_name: related.entity
+      ignore_above: 1024
+      level: extended
+      name: entity
+      normalize:
+      - array
+      short: All the entity identifiers
+      type: keyword
     related.hash:
       dashed_name: related-hash
       description: All the hashes seen on your event. Populating this field, then

experimental/generated/elasticsearch/composable/component/related.json

@@ -8,6 +8,10 @@
       "properties": {
         "related": {
           "properties": {
+            "entity": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
             "hash": {
               "ignore_above": 1024,
               "type": "keyword"

experimental/generated/elasticsearch/legacy/template.json

@@ -4644,6 +4644,10 @@
       },
       "related": {
         "properties": {
+          "entity": {
+            "ignore_above": 1024,
+            "type": "keyword"
+          },
           "hash": {
             "ignore_above": 1024,
             "type": "keyword"

generated/beats/fields.ecs.yml

@@ -7814,6 +7814,15 @@
     type: group
     default_field: true
     fields:
+    - name: entity
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: All the entity identifiers related to the document. If the document
+        contains multiple entities, identifiers belonging to different entities will
+        be present. Example identifiers include Cloud Resource Ids, ARNs, email addresses,
+        or hostnames.
+      default_field: false
     - name: hash
       level: extended
       type: keyword

generated/csv/fields.csv

@@ -1009,6 +1009,7 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description
 8.12.0-dev,true,registry,registry.key,keyword,core,,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe,Hive-relative path of keys.
 8.12.0-dev,true,registry,registry.path,keyword,core,,HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe\Debugger,"Full path, including hive, key and value"
 8.12.0-dev,true,registry,registry.value,keyword,core,,Debugger,Name of the value written.
+8.12.0-dev,true,related,related.entity,keyword,extended,array,,All the entity identifiers
 8.12.0-dev,true,related,related.hash,keyword,extended,array,,All the hashes seen on your event.
 8.12.0-dev,true,related,related.hosts,keyword,extended,array,,All the host identifiers seen on your event.
 8.12.0-dev,true,related,related.ip,ip,extended,array,,All of the IPs seen on your event.

generated/ecs/ecs_flat.yml

@@ -12727,6 +12727,20 @@ registry.value:
   normalize: []
   short: Name of the value written.
   type: keyword
+related.entity:
+  dashed_name: related-entity
+  description: All the entity identifiers related to the document. If the document
+    contains multiple entities, identifiers belonging to different entities will be
+    present. Example identifiers include Cloud Resource Ids, ARNs, email addresses,
+    or hostnames.
+  flat_name: related.entity
+  ignore_above: 1024
+  level: extended
+  name: entity
+  normalize:
+  - array
+  short: All the entity identifiers
+  type: keyword
 related.hash:
   dashed_name: related-hash
   description: All the hashes seen on your event. Populating this field, then using