diff --git a/docs/reference/field-ref.asciidoc b/docs/reference/field-ref.asciidoc index 0a215f6c9f..eb95040920 100644 --- a/docs/reference/field-ref.asciidoc +++ b/docs/reference/field-ref.asciidoc @@ -7,6 +7,8 @@ This section lists {ecs-ref}[Elastic Common Schema] (ECS) fields used by {elasti IMPORTANT: We recommend you use {agent} integrations or {beats} to ship your data to {elastic-sec}. {agent} integrations and Beat modules (for example, {filebeat-ref}/filebeat-modules.html[{filebeat} modules]) are ECS-compliant, which means data they ship to {elastic-sec} will automatically populate the relevant ECS fields. If you plan to use a custom implementation to map your data to ECS fields (see {ecs-ref}/ecs-converting.html[how to map data to ECS]), ensure the <> are populated. Ideally, all relevant ECS fields should be populated as well. +For detailed information about which ECS fields can appear in documents generated by {elastic-endpoint}, refer to the https://github.com/elastic/endpoint-package/tree/main/custom_documentation/doc/endpoint[Endpoint event documentation]. + [float] [[siem-always-required-fields]] == Always required fields