diff --git a/CHANGELOG.next.md b/CHANGELOG.next.md
index 9613fb89e6..7beb417867 100644
--- a/CHANGELOG.next.md
+++ b/CHANGELOG.next.md
@@ -22,6 +22,7 @@ Thanks, you're awesome :-) -->
 * Advanced `process.io` and `process.tty` fields to GA. #2317
 * Added `threat.indicator.id`. #2324
 * Added `process.group` to generated schemas. #2335
+* Added `related.entity` field #2360
 
 #### Improvements
 
diff --git a/docs/fields/field-details.asciidoc b/docs/fields/field-details.asciidoc
index 23ae02e99a..5f1db39af5 100644
--- a/docs/fields/field-details.asciidoc
+++ b/docs/fields/field-details.asciidoc
@@ -9124,6 +9124,25 @@ A concrete example is IP addresses, which can be under host, observer, source, d
 
 // ===============================================================
 
+|
+[[field-related-entity]]
+<<field-related-entity, related.entity>>
+
+a| All the entity identifiers related to the document. If the document contains multiple entities, identifiers belonging to different entities will be present. Example identifiers include cloud resource IDs, ARNs, email addresses, or hostnames.
+
+type: keyword
+
+
+Note: this field should contain an array of values.
+
+
+
+
+
+| extended
+
+// ===============================================================
+
 |
 [[field-related-hash]]
 <<field-related-hash, related.hash>>
diff --git a/experimental/generated/beats/fields.ecs.yml b/experimental/generated/beats/fields.ecs.yml
index ee0ecb5e3b..2b0517df7f 100644
--- a/experimental/generated/beats/fields.ecs.yml
+++ b/experimental/generated/beats/fields.ecs.yml
@@ -7942,6 +7942,15 @@
     type: group
     default_field: true
     fields:
+    - name: entity
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: All the entity identifiers related to the document. If the document
+        contains multiple entities, identifiers belonging to different entities will
+        be present. Example identifiers include cloud resource IDs, ARNs, email addresses,
+        or hostnames.
+      default_field: false
     - name: hash
       level: extended
       type: keyword
diff --git a/experimental/generated/csv/fields.csv b/experimental/generated/csv/fields.csv
index be5ee33461..6509128e7c 100644
--- a/experimental/generated/csv/fields.csv
+++ b/experimental/generated/csv/fields.csv
@@ -1026,6 +1026,7 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description
 8.12.0-dev+exp,true,registry,registry.key,keyword,core,,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe,Hive-relative path of keys.
 8.12.0-dev+exp,true,registry,registry.path,keyword,core,,HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe\Debugger,"Full path, including hive, key and value"
 8.12.0-dev+exp,true,registry,registry.value,keyword,core,,Debugger,Name of the value written.
+8.12.0-dev+exp,true,related,related.entity,keyword,extended,array,,All the entity identifiers
 8.12.0-dev+exp,true,related,related.hash,keyword,extended,array,,All the hashes seen on your event.
 8.12.0-dev+exp,true,related,related.hosts,keyword,extended,array,,All the host identifiers seen on your event.
 8.12.0-dev+exp,true,related,related.ip,ip,extended,array,,All of the IPs seen on your event.
diff --git a/experimental/generated/ecs/ecs_flat.yml b/experimental/generated/ecs/ecs_flat.yml
index e529df5f93..c78d8ba96a 100644
--- a/experimental/generated/ecs/ecs_flat.yml
+++ b/experimental/generated/ecs/ecs_flat.yml
@@ -12933,6 +12933,20 @@ registry.value:
   normalize: []
   short: Name of the value written.
   type: keyword
+related.entity:
+  dashed_name: related-entity
+  description: All the entity identifiers related to the document. If the document
+    contains multiple entities, identifiers belonging to different entities will be
+    present. Example identifiers include cloud resource IDs, ARNs, email addresses,
+    or hostnames.
+  flat_name: related.entity
+  ignore_above: 1024
+  level: extended
+  name: entity
+  normalize:
+  - array
+  short: All the entity identifiers
+  type: keyword
 related.hash:
   dashed_name: related-hash
   description: All the hashes seen on your event. Populating this field, then using
diff --git a/experimental/generated/ecs/ecs_nested.yml b/experimental/generated/ecs/ecs_nested.yml
index f4a2844515..17596a0501 100644
--- a/experimental/generated/ecs/ecs_nested.yml
+++ b/experimental/generated/ecs/ecs_nested.yml
@@ -15400,6 +15400,20 @@ related:
     `related.ip`, you can then search for a given IP trivially, no matter where it
     appeared, by querying `related.ip:192.0.2.15`.'
   fields:
+    related.entity:
+      dashed_name: related-entity
+      description: All the entity identifiers related to the document. If the document
+        contains multiple entities, identifiers belonging to different entities will
+        be present. Example identifiers include cloud resource IDs, ARNs, email addresses,
+        or hostnames.
+      flat_name: related.entity
+      ignore_above: 1024
+      level: extended
+      name: entity
+      normalize:
+      - array
+      short: All the entity identifiers
+      type: keyword
     related.hash:
       dashed_name: related-hash
       description: All the hashes seen on your event. Populating this field, then
diff --git a/experimental/generated/elasticsearch/composable/component/related.json b/experimental/generated/elasticsearch/composable/component/related.json
index 529fa9a356..2430ad0b2c 100644
--- a/experimental/generated/elasticsearch/composable/component/related.json
+++ b/experimental/generated/elasticsearch/composable/component/related.json
@@ -8,6 +8,10 @@
       "properties": {
         "related": {
           "properties": {
+            "entity": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
             "hash": {
               "ignore_above": 1024,
               "type": "keyword"
diff --git a/experimental/generated/elasticsearch/legacy/template.json b/experimental/generated/elasticsearch/legacy/template.json
index bc7f446065..c3e442ee00 100644
--- a/experimental/generated/elasticsearch/legacy/template.json
+++ b/experimental/generated/elasticsearch/legacy/template.json
@@ -4684,6 +4684,10 @@
       },
       "related": {
         "properties": {
+          "entity": {
+            "ignore_above": 1024,
+            "type": "keyword"
+          },
           "hash": {
             "ignore_above": 1024,
             "type": "keyword"
diff --git a/generated/beats/fields.ecs.yml b/generated/beats/fields.ecs.yml
index 3883c5b045..b721f7cc65 100644
--- a/generated/beats/fields.ecs.yml
+++ b/generated/beats/fields.ecs.yml
@@ -7892,6 +7892,15 @@
     type: group
     default_field: true
     fields:
+    - name: entity
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: All the entity identifiers related to the document. If the document
+        contains multiple entities, identifiers belonging to different entities will
+        be present. Example identifiers include cloud resource IDs, ARNs, email addresses,
+        or hostnames.
+      default_field: false
     - name: hash
       level: extended
       type: keyword
diff --git a/generated/csv/fields.csv b/generated/csv/fields.csv
index 8af3fac81a..c976f116d4 100644
--- a/generated/csv/fields.csv
+++ b/generated/csv/fields.csv
@@ -1019,6 +1019,7 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description
 8.12.0-dev,true,registry,registry.key,keyword,core,,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe,Hive-relative path of keys.
 8.12.0-dev,true,registry,registry.path,keyword,core,,HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe\Debugger,"Full path, including hive, key and value"
 8.12.0-dev,true,registry,registry.value,keyword,core,,Debugger,Name of the value written.
+8.12.0-dev,true,related,related.entity,keyword,extended,array,,All the entity identifiers
 8.12.0-dev,true,related,related.hash,keyword,extended,array,,All the hashes seen on your event.
 8.12.0-dev,true,related,related.hosts,keyword,extended,array,,All the host identifiers seen on your event.
 8.12.0-dev,true,related,related.ip,ip,extended,array,,All of the IPs seen on your event.
diff --git a/generated/ecs/ecs_flat.yml b/generated/ecs/ecs_flat.yml
index bad8611fa7..95d7013887 100644
--- a/generated/ecs/ecs_flat.yml
+++ b/generated/ecs/ecs_flat.yml
@@ -12864,6 +12864,20 @@ registry.value:
   normalize: []
   short: Name of the value written.
   type: keyword
+related.entity:
+  dashed_name: related-entity
+  description: All the entity identifiers related to the document. If the document
+    contains multiple entities, identifiers belonging to different entities will be
+    present. Example identifiers include cloud resource IDs, ARNs, email addresses,
+    or hostnames.
+  flat_name: related.entity
+  ignore_above: 1024
+  level: extended
+  name: entity
+  normalize:
+  - array
+  short: All the entity identifiers
+  type: keyword
 related.hash:
   dashed_name: related-hash
   description: All the hashes seen on your event. Populating this field, then using
diff --git a/generated/ecs/ecs_nested.yml b/generated/ecs/ecs_nested.yml
index a401fa7b0a..5491a7eb8d 100644
--- a/generated/ecs/ecs_nested.yml
+++ b/generated/ecs/ecs_nested.yml
@@ -15320,6 +15320,20 @@ related:
     `related.ip`, you can then search for a given IP trivially, no matter where it
     appeared, by querying `related.ip:192.0.2.15`.'
   fields:
+    related.entity:
+      dashed_name: related-entity
+      description: All the entity identifiers related to the document. If the document
+        contains multiple entities, identifiers belonging to different entities will
+        be present. Example identifiers include cloud resource IDs, ARNs, email addresses,
+        or hostnames.
+      flat_name: related.entity
+      ignore_above: 1024
+      level: extended
+      name: entity
+      normalize:
+      - array
+      short: All the entity identifiers
+      type: keyword
     related.hash:
       dashed_name: related-hash
       description: All the hashes seen on your event. Populating this field, then
diff --git a/generated/elasticsearch/composable/component/related.json b/generated/elasticsearch/composable/component/related.json
index cac093b662..5dc640a08f 100644
--- a/generated/elasticsearch/composable/component/related.json
+++ b/generated/elasticsearch/composable/component/related.json
@@ -8,6 +8,10 @@
       "properties": {
         "related": {
           "properties": {
+            "entity": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
             "hash": {
               "ignore_above": 1024,
               "type": "keyword"
diff --git a/generated/elasticsearch/legacy/template.json b/generated/elasticsearch/legacy/template.json
index 66b302cebd..9421e038ea 100644
--- a/generated/elasticsearch/legacy/template.json
+++ b/generated/elasticsearch/legacy/template.json
@@ -4642,6 +4642,10 @@
       },
       "related": {
         "properties": {
+          "entity": {
+            "ignore_above": 1024,
+            "type": "keyword"
+          },
           "hash": {
             "ignore_above": 1024,
             "type": "keyword"
diff --git a/schemas/related.yml b/schemas/related.yml
index b052fa3c00..ae4dd54e03 100644
--- a/schemas/related.yml
+++ b/schemas/related.yml
@@ -70,3 +70,15 @@
         identifiers include FQDNs, domain names, workstation names, or aliases.
       normalize:
         - array
+
+    - name: entity
+      level: extended
+      type: keyword
+      short: All the entity identifiers
+      description: >
+        All the entity identifiers related to the document. If the document
+        contains multiple entities, identifiers belonging to different entities
+        will be present. Example identifiers include cloud resource IDs, ARNs, email
+        addresses, or hostnames.
+      normalize:
+        - array
\ No newline at end of file