diff --git a/packages/netskope/changelog.yml b/packages/netskope/changelog.yml
index aee60ea7fc0..96b4332ddf8 100644
--- a/packages/netskope/changelog.yml
+++ b/packages/netskope/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.24.0"
+  changes:
+    - description: Add text multi-field to field netskope.alerts.breach.description
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/13977
 - version: "1.23.1"
   changes:
     - description: Ignore empty string values for some fields.
diff --git a/packages/netskope/data_stream/alerts/fields/fields.yml b/packages/netskope/data_stream/alerts/fields/fields.yml
index 3b057012d45..a8a2ff920dc 100644
--- a/packages/netskope/data_stream/alerts/fields/fields.yml
+++ b/packages/netskope/data_stream/alerts/fields/fields.yml
@@ -219,8 +219,11 @@
       fields:
         - name: description
           type: keyword
+          multi_fields:
+            - name: text
+              type: match_only_text
           description: |
-            N/A
+            Breach description for compromised credentials.
         - name: date
           type: double
           description: |
diff --git a/packages/netskope/data_stream/events/_dev/test/pipeline/test-events.log-expected.json b/packages/netskope/data_stream/events/_dev/test/pipeline/test-events.log-expected.json
index bf1bfe49a61..f5e9a715d48 100644
--- a/packages/netskope/data_stream/events/_dev/test/pipeline/test-events.log-expected.json
+++ b/packages/netskope/data_stream/events/_dev/test/pipeline/test-events.log-expected.json
@@ -2421,4 +2421,4 @@
             }
         }
     ]
-}
\ No newline at end of file
+}
diff --git a/packages/netskope/docs/README.md b/packages/netskope/docs/README.md
index dfcb3b29978..f611a4f52fd 100644
--- a/packages/netskope/docs/README.md
+++ b/packages/netskope/docs/README.md
@@ -115,7 +115,8 @@ Default port: _9021_
 | netskope.alerts.audit.type | The sub category in audit according to SaaS / IaaS apps. | keyword |
 | netskope.alerts.bin.timestamp | Applicable to only: Shared Credentials, Data Exfiltration, Bulk Anomaly types( Bulk Upload/Download/Delete) and Failed Login Anomaly type. Bin TimeStamp (is a window used that is used for certain types of anomalies - for breaking into several windows per day/hour). | long |
 | netskope.alerts.breach.date | Breach date for compromised credentials. | double |
-| netskope.alerts.breach.description | N/A | keyword |
+| netskope.alerts.breach.description | Breach description for compromised credentials. | keyword |
+| netskope.alerts.breach.description.text | Multi-field of `netskope.alerts.breach.description`. | match_only_text |
 | netskope.alerts.breach.id | Breach ID for compromised credentials. | keyword |
 | netskope.alerts.breach.media_references | Media references of breach. | keyword |
 | netskope.alerts.breach.score | Breach score for compromised credentials. | long |
diff --git a/packages/netskope/manifest.yml b/packages/netskope/manifest.yml
index 9e97d4e2047..d0c02b0cadc 100644
--- a/packages/netskope/manifest.yml
+++ b/packages/netskope/manifest.yml
@@ -1,7 +1,7 @@
 format_version: "3.0.3"
 name: netskope
 title: "Netskope"
-version: "1.23.1"
+version: "1.24.0"
 description: Collect logs from Netskope with Elastic Agent.
 type: integration
 categories: