diff --git a/custom_documentation/doc/endpoint/file/linux/linux_file_create.md b/custom_documentation/doc/endpoint/file/linux/linux_file_create.md
index deca0f46..b7651bf3 100644
--- a/custom_documentation/doc/endpoint/file/linux/linux_file_create.md
+++ b/custom_documentation/doc/endpoint/file/linux/linux_file_create.md
@@ -28,6 +28,8 @@ This event is generated when a file is created.
 | event.outcome |
 | event.sequence |
 | event.type |
+| file.Ext.entropy |
+| file.Ext.header_bytes |
 | file.extension |
 | file.hash.sha256 |
 | file.name |
diff --git a/custom_documentation/doc/endpoint/file/linux/linux_file_delete.md b/custom_documentation/doc/endpoint/file/linux/linux_file_delete.md
index 7c710d1d..71ab69c8 100644
--- a/custom_documentation/doc/endpoint/file/linux/linux_file_delete.md
+++ b/custom_documentation/doc/endpoint/file/linux/linux_file_delete.md
@@ -28,6 +28,7 @@ This event is generated when a file is deleted.
 | event.outcome |
 | event.sequence |
 | event.type |
+| file.Ext.entropy |
 | file.extension |
 | file.name |
 | file.path |
diff --git a/custom_documentation/doc/endpoint/file/linux/linux_file_rename.md b/custom_documentation/doc/endpoint/file/linux/linux_file_rename.md
index 07f54c19..8040fd02 100644
--- a/custom_documentation/doc/endpoint/file/linux/linux_file_rename.md
+++ b/custom_documentation/doc/endpoint/file/linux/linux_file_rename.md
@@ -28,6 +28,8 @@ This event is generated when a file is renamed.
 | event.outcome |
 | event.sequence |
 | event.type |
+| file.Ext.entropy |
+| file.Ext.header_bytes |
 | file.Ext.original.extension |
 | file.Ext.original.name |
 | file.Ext.original.path |
diff --git a/custom_documentation/src/endpoint/data_stream/file/linux/linux_file_create.yaml b/custom_documentation/src/endpoint/data_stream/file/linux/linux_file_create.yaml
index bdd65d21..362a431d 100644
--- a/custom_documentation/src/endpoint/data_stream/file/linux/linux_file_create.yaml
+++ b/custom_documentation/src/endpoint/data_stream/file/linux/linux_file_create.yaml
@@ -33,6 +33,8 @@ fields:
   - event.outcome
   - event.sequence
   - event.type
+  - file.Ext.entropy
+  - file.Ext.header_bytes
   - file.extension
   - file.hash.sha256
   - file.name
diff --git a/custom_documentation/src/endpoint/data_stream/file/linux/linux_file_delete.yaml b/custom_documentation/src/endpoint/data_stream/file/linux/linux_file_delete.yaml
index a1faa639..42cc0080 100644
--- a/custom_documentation/src/endpoint/data_stream/file/linux/linux_file_delete.yaml
+++ b/custom_documentation/src/endpoint/data_stream/file/linux/linux_file_delete.yaml
@@ -33,6 +33,7 @@ fields:
   - event.outcome
   - event.sequence
   - event.type
+  - file.Ext.entropy
   - file.extension
   - file.name
   - file.path
diff --git a/custom_documentation/src/endpoint/data_stream/file/linux/linux_file_rename.yaml b/custom_documentation/src/endpoint/data_stream/file/linux/linux_file_rename.yaml
index 5e1ffd8b..a9fbcaae 100644
--- a/custom_documentation/src/endpoint/data_stream/file/linux/linux_file_rename.yaml
+++ b/custom_documentation/src/endpoint/data_stream/file/linux/linux_file_rename.yaml
@@ -33,6 +33,8 @@ fields:
   - event.outcome
   - event.sequence
   - event.type
+  - file.Ext.entropy
+  - file.Ext.header_bytes
   - file.Ext.original.extension
   - file.Ext.original.name
   - file.Ext.original.path