Update Custom Documentation

It has been requested that we update our custom documentation.  The current docs only list the possible fields a message may contain.  We should provide at the very least descriptions along with the fields.


Related:
https://github.com/elastic/security-team/issues/4420
https://github.com/elastic/endpoint-dev/issues/15989