document related.entity field

Author: kubasobon

packages/gcp/data_stream/audit/fields/fields.yml

@@ -113,6 +113,13 @@
             - name: policyType
               type: keyword
               description: "Indicates the type of the policy."
+    - name: related.entity
+      description: |
+        A collection of all entity identifiers associated with the document.
+        If the document  contains multiple entities, identifiers for each will be included.
+        Example identifiers include (but not limited to) cloud resource IDs, email addresses,
+        and hostnames.
+      type: keyword
     - name: request
       type: flattened
     - name: request_metadata

packages/gcp/docs/audit.md

@@ -77,7 +77,7 @@ Please refer to the following [document](https://www.elastic.co/guide/en/ecs/cur
 | host.os.codename | OS codename, if any. | keyword |
 | input.type | Input type | keyword |
 | log.offset | Log offset | long |
-
+| related.entity | A collection of all entity identifiers associated with the document. If the document  contains multiple entities, identifiers for each will be included. Example identifiers include (but not limited to) cloud resource IDs, email addresses, and hostnames. | keyword |
 
 An example event for `audit` looks as following:
 
@@ -203,4 +203,4 @@ An example event for `audit` looks as following:
         "version": "71.0."
     }
 }
-```
+```