diff --git a/CHANGELOG.next.md b/CHANGELOG.next.md
index 9613fb89e..7beb41786 100644
--- a/CHANGELOG.next.md
+++ b/CHANGELOG.next.md
@@ -22,6 +22,7 @@ Thanks, you're awesome :-) -->
 * Advanced `process.io` and `process.tty` fields to GA. #2317
 * Added `threat.indicator.id`. #2324
 * Added `process.group` to generated schemas. #2335
+* Added `related.entity` field #2360
 
 #### Improvements
 
diff --git a/docs/fields/field-details.asciidoc b/docs/fields/field-details.asciidoc
index 23ae02e99..5f1db39af 100644
--- a/docs/fields/field-details.asciidoc
+++ b/docs/fields/field-details.asciidoc
@@ -9124,6 +9124,25 @@ A concrete example is IP addresses, which can be under host, observer, source, d
 
 // ===============================================================
 
+|
+[[field-related-entity]]
+<<field-related-entity, related.entity>>
+
+a| All the entity identifiers related to the document. If the document contains multiple entities, identifiers belonging to different entities will be present. Example identifiers include cloud resource IDs, ARNs, email addresses, or hostnames.
+
+type: keyword
+
+
+Note: this field should contain an array of values.
+
+
+
+
+
+| extended
+
+// ===============================================================
+
 |
 [[field-related-hash]]
 <<field-related-hash, related.hash>>
diff --git a/experimental/generated/beats/fields.ecs.yml b/experimental/generated/beats/fields.ecs.yml
index ee0ecb5e3..2b0517df7 100644
--- a/experimental/generated/beats/fields.ecs.yml
+++ b/experimental/generated/beats/fields.ecs.yml
@@ -7942,6 +7942,15 @@
     type: group
     default_field: true
     fields:
+    - name: entity
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: All the entity identifiers related to the document. If the document
+        contains multiple entities, identifiers belonging to different entities will
+        be present. Example identifiers include cloud resource IDs, ARNs, email addresses,
+        or hostnames.
+      default_field: false
     - name: hash
       level: extended
       type: keyword
diff --git a/experimental/generated/csv/fields.csv b/experimental/generated/csv/fields.csv
index be5ee3346..6509128e7 100644
--- a/experimental/generated/csv/fields.csv
+++ b/experimental/generated/csv/fields.csv
@@ -1026,6 +1026,7 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description
 8.12.0-dev+exp,true,registry,registry.key,keyword,core,,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe,Hive-relative path of keys.
 8.12.0-dev+exp,true,registry,registry.path,keyword,core,,HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe\Debugger,"Full path, including hive, key and value"
 8.12.0-dev+exp,true,registry,registry.value,keyword,core,,Debugger,Name of the value written.
+8.12.0-dev+exp,true,related,related.entity,keyword,extended,array,,All the entity identifiers
 8.12.0-dev+exp,true,related,related.hash,keyword,extended,array,,All the hashes seen on your event.
 8.12.0-dev+exp,true,related,related.hosts,keyword,extended,array,,All the host identifiers seen on your event.
 8.12.0-dev+exp,true,related,related.ip,ip,extended,array,,All of the IPs seen on your event.
diff --git a/experimental/generated/ecs/ecs_flat.yml b/experimental/generated/ecs/ecs_flat.yml
index e529df5f9..c78d8ba96 100644
--- a/experimental/generated/ecs/ecs_flat.yml
+++ b/experimental/generated/ecs/ecs_flat.yml
@@ -12933,6 +12933,20 @@ registry.value:
   normalize: []
   short: Name of the value written.
   type: keyword
+related.entity:
+  dashed_name: related-entity
+  description: All the entity identifiers related to the document. If the document
+    contains multiple entities, identifiers belonging to different entities will be
+    present. Example identifiers include cloud resource IDs, ARNs, email addresses,
+    or hostnames.
+  flat_name: related.entity
+  ignore_above: 1024
+  level: extended
+  name: entity
+  normalize:
+  - array
+  short: All the entity identifiers
+  type: keyword
 related.hash:
   dashed_name: related-hash
   description: All the hashes seen on your event. Populating this field, then using
diff --git a/experimental/generated/ecs/ecs_nested.yml b/experimental/generated/ecs/ecs_nested.yml
index f4a284451..17596a050 100644
--- a/experimental/generated/ecs/ecs_nested.yml
+++ b/experimental/generated/ecs/ecs_nested.yml
@@ -15400,6 +15400,20 @@ related:
     `related.ip`, you can then search for a given IP trivially, no matter where it
     appeared, by querying `related.ip:192.0.2.15`.'
   fields:
+    related.entity:
+      dashed_name: related-entity
+      description: All the entity identifiers related to the document. If the document
+        contains multiple entities, identifiers belonging to different entities will
+        be present. Example identifiers include cloud resource IDs, ARNs, email addresses,
+        or hostnames.
+      flat_name: related.entity
+      ignore_above: 1024
+      level: extended
+      name: entity
+      normalize:
+      - array
+      short: All the entity identifiers
+      type: keyword
     related.hash:
       dashed_name: related-hash
       description: All the hashes seen on your event. Populating this field, then
diff --git a/experimental/generated/elasticsearch/composable/component/related.json b/experimental/generated/elasticsearch/composable/component/related.json
index 529fa9a35..2430ad0b2 100644
--- a/experimental/generated/elasticsearch/composable/component/related.json
+++ b/experimental/generated/elasticsearch/composable/component/related.json
@@ -8,6 +8,10 @@
       "properties": {
         "related": {
           "properties": {
+            "entity": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
             "hash": {
               "ignore_above": 1024,
               "type": "keyword"
diff --git a/experimental/generated/elasticsearch/legacy/template.json b/experimental/generated/elasticsearch/legacy/template.json
index bc7f44606..c3e442ee0 100644
--- a/experimental/generated/elasticsearch/legacy/template.json
+++ b/experimental/generated/elasticsearch/legacy/template.json
@@ -4684,6 +4684,10 @@
       },
       "related": {
         "properties": {
+          "entity": {
+            "ignore_above": 1024,
+            "type": "keyword"
+          },
           "hash": {
             "ignore_above": 1024,
             "type": "keyword"
diff --git a/generated/beats/fields.ecs.yml b/generated/beats/fields.ecs.yml
index 3883c5b04..b721f7cc6 100644
--- a/generated/beats/fields.ecs.yml
+++ b/generated/beats/fields.ecs.yml
@@ -7892,6 +7892,15 @@
     type: group
     default_field: true
     fields:
+    - name: entity
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: All the entity identifiers related to the document. If the document
+        contains multiple entities, identifiers belonging to different entities will
+        be present. Example identifiers include cloud resource IDs, ARNs, email addresses,
+        or hostnames.
+      default_field: false
     - name: hash
       level: extended
       type: keyword
diff --git a/generated/csv/fields.csv b/generated/csv/fields.csv
index 8af3fac81..c976f116d 100644
--- a/generated/csv/fields.csv
+++ b/generated/csv/fields.csv
@@ -1019,6 +1019,7 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description
 8.12.0-dev,true,registry,registry.key,keyword,core,,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe,Hive-relative path of keys.
 8.12.0-dev,true,registry,registry.path,keyword,core,,HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe\Debugger,"Full path, including hive, key and value"
 8.12.0-dev,true,registry,registry.value,keyword,core,,Debugger,Name of the value written.
+8.12.0-dev,true,related,related.entity,keyword,extended,array,,All the entity identifiers
 8.12.0-dev,true,related,related.hash,keyword,extended,array,,All the hashes seen on your event.
 8.12.0-dev,true,related,related.hosts,keyword,extended,array,,All the host identifiers seen on your event.
 8.12.0-dev,true,related,related.ip,ip,extended,array,,All of the IPs seen on your event.
diff --git a/generated/ecs/ecs_flat.yml b/generated/ecs/ecs_flat.yml
index bad8611fa..95d701388 100644
--- a/generated/ecs/ecs_flat.yml
+++ b/generated/ecs/ecs_flat.yml
@@ -12864,6 +12864,20 @@ registry.value:
   normalize: []
   short: Name of the value written.
   type: keyword
+related.entity:
+  dashed_name: related-entity
+  description: All the entity identifiers related to the document. If the document
+    contains multiple entities, identifiers belonging to different entities will be
+    present. Example identifiers include cloud resource IDs, ARNs, email addresses,
+    or hostnames.
+  flat_name: related.entity
+  ignore_above: 1024
+  level: extended
+  name: entity
+  normalize:
+  - array
+  short: All the entity identifiers
+  type: keyword
 related.hash:
   dashed_name: related-hash
   description: All the hashes seen on your event. Populating this field, then using
diff --git a/generated/ecs/ecs_nested.yml b/generated/ecs/ecs_nested.yml
index a401fa7b0..5491a7eb8 100644
--- a/generated/ecs/ecs_nested.yml
+++ b/generated/ecs/ecs_nested.yml
@@ -15320,6 +15320,20 @@ related:
     `related.ip`, you can then search for a given IP trivially, no matter where it
     appeared, by querying `related.ip:192.0.2.15`.'
   fields:
+    related.entity:
+      dashed_name: related-entity
+      description: All the entity identifiers related to the document. If the document
+        contains multiple entities, identifiers belonging to different entities will
+        be present. Example identifiers include cloud resource IDs, ARNs, email addresses,
+        or hostnames.
+      flat_name: related.entity
+      ignore_above: 1024
+      level: extended
+      name: entity
+      normalize:
+      - array
+      short: All the entity identifiers
+      type: keyword
     related.hash:
       dashed_name: related-hash
       description: All the hashes seen on your event. Populating this field, then
diff --git a/generated/elasticsearch/composable/component/related.json b/generated/elasticsearch/composable/component/related.json
index cac093b66..5dc640a08 100644
--- a/generated/elasticsearch/composable/component/related.json
+++ b/generated/elasticsearch/composable/component/related.json
@@ -8,6 +8,10 @@
       "properties": {
         "related": {
           "properties": {
+            "entity": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
             "hash": {
               "ignore_above": 1024,
               "type": "keyword"
diff --git a/generated/elasticsearch/legacy/template.json b/generated/elasticsearch/legacy/template.json
index 66b302ceb..9421e038e 100644
--- a/generated/elasticsearch/legacy/template.json
+++ b/generated/elasticsearch/legacy/template.json
@@ -4642,6 +4642,10 @@
       },
       "related": {
         "properties": {
+          "entity": {
+            "ignore_above": 1024,
+            "type": "keyword"
+          },
           "hash": {
             "ignore_above": 1024,
             "type": "keyword"
diff --git a/schemas/related.yml b/schemas/related.yml
index b052fa3c0..ae4dd54e0 100644
--- a/schemas/related.yml
+++ b/schemas/related.yml
@@ -70,3 +70,15 @@
         identifiers include FQDNs, domain names, workstation names, or aliases.
       normalize:
         - array
+
+    - name: entity
+      level: extended
+      type: keyword
+      short: All the entity identifiers
+      description: >
+        All the entity identifiers related to the document. If the document
+        contains multiple entities, identifiers belonging to different entities
+        will be present. Example identifiers include cloud resource IDs, ARNs, email
+        addresses, or hostnames.
+      normalize:
+        - array
\ No newline at end of file