diff --git a/custom_documentation/endpoint/data_stream/alerts/macos/macos_malicious_behavior_alert.yaml b/custom_documentation/endpoint/data_stream/alerts/macos/macos_malicious_behavior_alert.yaml
index 672fcbaca..c75966f1c 100644
--- a/custom_documentation/endpoint/data_stream/alerts/macos/macos_malicious_behavior_alert.yaml
+++ b/custom_documentation/endpoint/data_stream/alerts/macos/macos_malicious_behavior_alert.yaml
@@ -15,6 +15,10 @@ identification:
 fields:
   endpoint:
   - '@timestamp'
+  - Effective_process.entity_id
+  - Effective_process.executable
+  - Effective_process.name
+  - Effective_process.pid
   - Endpoint.policy.applied.artifacts.global.identifiers.name
   - Endpoint.policy.applied.artifacts.global.identifiers.sha256
   - Endpoint.policy.applied.artifacts.global.version
diff --git a/custom_documentation/endpoint/data_stream/file/macos/macos_file_delete.yaml b/custom_documentation/endpoint/data_stream/file/macos/macos_file_delete.yaml
index b5ec889d6..b8514fcb8 100644
--- a/custom_documentation/endpoint/data_stream/file/macos/macos_file_delete.yaml
+++ b/custom_documentation/endpoint/data_stream/file/macos/macos_file_delete.yaml
@@ -15,6 +15,10 @@ identification:
 fields:
   endpoint:
   - '@timestamp'
+  - Effective_process.entity_id
+  - Effective_process.executable
+  - Effective_process.name
+  - Effective_process.pid
   - agent.id
   - agent.type
   - agent.version
diff --git a/custom_documentation/endpoint/data_stream/file/macos/macos_file_extended_attributes_delete.yaml b/custom_documentation/endpoint/data_stream/file/macos/macos_file_extended_attributes_delete.yaml
index 2215a6ece..be2de56ac 100644
--- a/custom_documentation/endpoint/data_stream/file/macos/macos_file_extended_attributes_delete.yaml
+++ b/custom_documentation/endpoint/data_stream/file/macos/macos_file_extended_attributes_delete.yaml
@@ -15,6 +15,10 @@ identification:
 fields:
   endpoint:
   - '@timestamp'
+  - Effective_process.entity_id
+  - Effective_process.executable
+  - Effective_process.name
+  - Effective_process.pid
   - agent.id
   - agent.type
   - agent.version
diff --git a/custom_documentation/endpoint/data_stream/file/macos/macos_file_launch_daemon.yaml b/custom_documentation/endpoint/data_stream/file/macos/macos_file_launch_daemon.yaml
index 316b17979..9e2b8a8db 100644
--- a/custom_documentation/endpoint/data_stream/file/macos/macos_file_launch_daemon.yaml
+++ b/custom_documentation/endpoint/data_stream/file/macos/macos_file_launch_daemon.yaml
@@ -15,6 +15,10 @@ identification:
 fields:
   endpoint:
   - '@timestamp'
+  - Effective_process.entity_id
+  - Effective_process.executable
+  - Effective_process.name
+  - Effective_process.pid
   - Persistence.args
   - Persistence.keepalive
   - Persistence.name
diff --git a/custom_documentation/endpoint/data_stream/file/macos/macos_file_modification.yaml b/custom_documentation/endpoint/data_stream/file/macos/macos_file_modification.yaml
index 41138651d..a652c2f87 100644
--- a/custom_documentation/endpoint/data_stream/file/macos/macos_file_modification.yaml
+++ b/custom_documentation/endpoint/data_stream/file/macos/macos_file_modification.yaml
@@ -15,6 +15,10 @@ identification:
 fields:
   endpoint:
   - '@timestamp'
+  - Effective_process.entity_id
+  - Effective_process.executable
+  - Effective_process.name
+  - Effective_process.pid
   - agent.id
   - agent.type
   - agent.version
diff --git a/custom_documentation/endpoint/data_stream/file/macos/macos_file_mount.yaml b/custom_documentation/endpoint/data_stream/file/macos/macos_file_mount.yaml
index fdbcbb5f2..b066f39c3 100644
--- a/custom_documentation/endpoint/data_stream/file/macos/macos_file_mount.yaml
+++ b/custom_documentation/endpoint/data_stream/file/macos/macos_file_mount.yaml
@@ -15,6 +15,10 @@ identification:
 fields:
   endpoint:
   - '@timestamp'
+  - Effective_process.entity_id
+  - Effective_process.executable
+  - Effective_process.name
+  - Effective_process.pid
   - agent.id
   - agent.type
   - agent.version
diff --git a/custom_documentation/endpoint/data_stream/file/macos/macos_file_rename.yaml b/custom_documentation/endpoint/data_stream/file/macos/macos_file_rename.yaml
index 84cb5eacb..1065f7d37 100644
--- a/custom_documentation/endpoint/data_stream/file/macos/macos_file_rename.yaml
+++ b/custom_documentation/endpoint/data_stream/file/macos/macos_file_rename.yaml
@@ -15,6 +15,10 @@ identification:
 fields:
   endpoint:
   - '@timestamp'
+  - Effective_process.entity_id
+  - Effective_process.executable
+  - Effective_process.name
+  - Effective_process.pid
   - agent.id
   - agent.type
   - agent.version
diff --git a/custom_documentation/endpoint/data_stream/process/linux/linux_process_fork.yaml b/custom_documentation/endpoint/data_stream/process/linux/linux_process_fork.yaml
index e9f2e8dad..c16587994 100644
--- a/custom_documentation/endpoint/data_stream/process/linux/linux_process_fork.yaml
+++ b/custom_documentation/endpoint/data_stream/process/linux/linux_process_fork.yaml
@@ -75,6 +75,7 @@ fields:
   - process.args
   - process.args_count
   - process.command_line
+  - process.end
   - process.entity_id
   - process.entry_leader.args
   - process.entry_leader.args_count
@@ -105,6 +106,7 @@ fields:
   - process.entry_leader.working_directory
   - process.env_vars
   - process.executable
+  - process.exit_code
   - process.group.id
   - process.group.name
   - process.group_leader.args
diff --git a/package/endpoint/docs/custom_documentation/alerts/macos/macos_malicious_behavior_alert.md b/package/endpoint/docs/custom_documentation/alerts/macos/macos_malicious_behavior_alert.md
index 3c24bdd58..b77e715d9 100644
--- a/package/endpoint/docs/custom_documentation/alerts/macos/macos_malicious_behavior_alert.md
+++ b/package/endpoint/docs/custom_documentation/alerts/macos/macos_malicious_behavior_alert.md
@@ -10,6 +10,10 @@ This alert is generated when a Malicious Behavior alert occurs.
 | Field |
 |---|
 | @timestamp |
+| Effective_process.entity_id |
+| Effective_process.executable |
+| Effective_process.name |
+| Effective_process.pid |
 | Endpoint.policy.applied.artifacts.global.identifiers.name |
 | Endpoint.policy.applied.artifacts.global.identifiers.sha256 |
 | Endpoint.policy.applied.artifacts.global.version |
diff --git a/package/endpoint/docs/custom_documentation/file/macos/macos_file_delete.md b/package/endpoint/docs/custom_documentation/file/macos/macos_file_delete.md
index 86f8bcc24..a1c3122e8 100644
--- a/package/endpoint/docs/custom_documentation/file/macos/macos_file_delete.md
+++ b/package/endpoint/docs/custom_documentation/file/macos/macos_file_delete.md
@@ -10,6 +10,10 @@ This event is generated when a file is deleted.
 | Field |
 |---|
 | @timestamp |
+| Effective_process.entity_id |
+| Effective_process.executable |
+| Effective_process.name |
+| Effective_process.pid |
 | agent.id |
 | agent.type |
 | agent.version |
diff --git a/package/endpoint/docs/custom_documentation/file/macos/macos_file_extended_attributes_delete.md b/package/endpoint/docs/custom_documentation/file/macos/macos_file_extended_attributes_delete.md
index 3fa59446d..f11ae07e5 100644
--- a/package/endpoint/docs/custom_documentation/file/macos/macos_file_extended_attributes_delete.md
+++ b/package/endpoint/docs/custom_documentation/file/macos/macos_file_extended_attributes_delete.md
@@ -10,6 +10,10 @@ This event is generated when extended file attributes are deleted.
 | Field |
 |---|
 | @timestamp |
+| Effective_process.entity_id |
+| Effective_process.executable |
+| Effective_process.name |
+| Effective_process.pid |
 | agent.id |
 | agent.type |
 | agent.version |
diff --git a/package/endpoint/docs/custom_documentation/file/macos/macos_file_launch_daemon.md b/package/endpoint/docs/custom_documentation/file/macos/macos_file_launch_daemon.md
index da4570edf..3fa972670 100644
--- a/package/endpoint/docs/custom_documentation/file/macos/macos_file_launch_daemon.md
+++ b/package/endpoint/docs/custom_documentation/file/macos/macos_file_launch_daemon.md
@@ -10,6 +10,10 @@ This event includes information about a macOS Launch Daemon.
 | Field |
 |---|
 | @timestamp |
+| Effective_process.entity_id |
+| Effective_process.executable |
+| Effective_process.name |
+| Effective_process.pid |
 | Persistence.args |
 | Persistence.keepalive |
 | Persistence.name |
diff --git a/package/endpoint/docs/custom_documentation/file/macos/macos_file_modification.md b/package/endpoint/docs/custom_documentation/file/macos/macos_file_modification.md
index d6b5b470a..467547068 100644
--- a/package/endpoint/docs/custom_documentation/file/macos/macos_file_modification.md
+++ b/package/endpoint/docs/custom_documentation/file/macos/macos_file_modification.md
@@ -10,6 +10,10 @@ This event is generated when a file is modified.
 | Field |
 |---|
 | @timestamp |
+| Effective_process.entity_id |
+| Effective_process.executable |
+| Effective_process.name |
+| Effective_process.pid |
 | agent.id |
 | agent.type |
 | agent.version |
diff --git a/package/endpoint/docs/custom_documentation/file/macos/macos_file_mount.md b/package/endpoint/docs/custom_documentation/file/macos/macos_file_mount.md
index f5a0989ea..7e81acc3a 100644
--- a/package/endpoint/docs/custom_documentation/file/macos/macos_file_mount.md
+++ b/package/endpoint/docs/custom_documentation/file/macos/macos_file_mount.md
@@ -10,6 +10,10 @@ This event is generated when a file system is mounted.
 | Field |
 |---|
 | @timestamp |
+| Effective_process.entity_id |
+| Effective_process.executable |
+| Effective_process.name |
+| Effective_process.pid |
 | agent.id |
 | agent.type |
 | agent.version |
diff --git a/package/endpoint/docs/custom_documentation/file/macos/macos_file_rename.md b/package/endpoint/docs/custom_documentation/file/macos/macos_file_rename.md
index d9440fddd..d5e503ed3 100644
--- a/package/endpoint/docs/custom_documentation/file/macos/macos_file_rename.md
+++ b/package/endpoint/docs/custom_documentation/file/macos/macos_file_rename.md
@@ -10,6 +10,10 @@ This event is generated when a file is renamed.
 | Field |
 |---|
 | @timestamp |
+| Effective_process.entity_id |
+| Effective_process.executable |
+| Effective_process.name |
+| Effective_process.pid |
 | agent.id |
 | agent.type |
 | agent.version |
diff --git a/package/endpoint/docs/custom_documentation/process/linux/linux_process_fork.md b/package/endpoint/docs/custom_documentation/process/linux/linux_process_fork.md
index 01191a4d4..c04a8c9db 100644
--- a/package/endpoint/docs/custom_documentation/process/linux/linux_process_fork.md
+++ b/package/endpoint/docs/custom_documentation/process/linux/linux_process_fork.md
@@ -70,6 +70,7 @@ This event is generated when a new process is created using `fork()`.
 | process.args |
 | process.args_count |
 | process.command_line |
+| process.end |
 | process.entity_id |
 | process.entry_leader.args |
 | process.entry_leader.args_count |
@@ -100,6 +101,7 @@ This event is generated when a new process is created using `fork()`.
 | process.entry_leader.working_directory |
 | process.env_vars |
 | process.executable |
+| process.exit_code |
 | process.group.id |
 | process.group.name |
 | process.group_leader.args |