From 51ba4175e20f3357d966a6fbb3b128c6251e3bd5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=B4mulo=20Farias?= <romulo.farias@elastic.co>
Date: Wed, 14 Aug 2024 13:54:07 +0200
Subject: [PATCH] Add `related.entities` field

---
 schemas/related.yml | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/schemas/related.yml b/schemas/related.yml
index b052fa3c00..a7631a1f63 100644
--- a/schemas/related.yml
+++ b/schemas/related.yml
@@ -70,3 +70,15 @@
         identifiers include FQDNs, domain names, workstation names, or aliases.
       normalize:
         - array
+
+    - name: entity
+      level: extended
+      type: keyword
+      short: All the entity identifiers
+      description: >
+        All the entity identifiers related to the document. If the document
+        contains multiple entities, identifiers belonging to different entities
+        will be present. Example identifiers include Cloud Resource Ids, ARNs, email
+        addresses, or hostnames.
+      normalize:
+        - array
\ No newline at end of file