diff --git a/use-cases/tls.md b/use-cases/tls.md
deleted file mode 100644
index c47849d204..0000000000
--- a/use-cases/tls.md
+++ /dev/null
@@ -1,20 +0,0 @@
-## TLS use case
-
-You can store TLS-related metadata under `tls.`, when appropriate.
-
-
-### <a name="tls"></a> TLS fields
-
-
-| Field  | Description  | Level  | Type  | Example  |
-|---|---|---|---|---|
-| [source.ip](../README.md#source.ip)  | IP address of the source.<br/>Can be one or multiple IPv4 or IPv6 addresses. | core | ip | `10.1.1.10` |
-| [destination.ip](../README.md#destination.ip)  | IP address of the destination.<br/>Can be one or multiple IPv4 or IPv6 addresses. | core | ip | `5.5.5.5` |
-| [destination.port](../README.md#destination.port)  | Port of the destination. | core | long | `443` |
-| [tls.version](../README.md#tls.version)  | TLS version. | extended | keyword | `TLSv1.2` |
-| <a name="tls.certificates"></a>*tls.certificates* | *An array of certificates.* | (use case) | keyword |  |
-| <a name="tls.servername"></a>*tls.servername* | *Server name requested by the client.* | (use case) | keyword | `localhost` |
-| <a name="tls.ciphersuite"></a>*tls.ciphersuite* | *Name of the cipher used for the communication.* | (use case) | keyword | `ECDHE-ECDSA-AES-128-CBC-SHA` |
-
-
-
diff --git a/use-cases/tls.yml b/use-cases/tls.yml
deleted file mode 100644
index 81621ec839..0000000000
--- a/use-cases/tls.yml
+++ /dev/null
@@ -1,45 +0,0 @@
-name: tls
-title: TLS
-description: >
-  You can store TLS-related metadata under `tls.`, when appropriate.
-
-fields:
-- name: source
-  fields:
-  - name: ip
-    example: 10.1.1.10
-
-- name: destination
-  fields:
-  - name: ip
-    example: 5.5.5.5
-
-  - name: port
-    example: 443
-
-- name: tls
-  fields:
-    - name: version
-      type: keyword
-      description: >
-        TLS version.
-      example: TLSv1.2
-
-    - name: certificates
-      type: keyword
-      description: >
-        An array of certificates.
-      ignore_above: -1
-      doc_values: false
-
-    - name: servername
-      type: keyword
-      description: >
-        Server name requested by the client.
-      example: localhost
-
-    - name: ciphersuite
-      type: keyword
-      description: >
-        Name of the cipher used for the communication.
-      example: ECDHE-ECDSA-AES-128-CBC-SHA