diff --git a/packages/aws/changelog.yml b/packages/aws/changelog.yml
index 6220697c65d..82d2a6a1204 100644
--- a/packages/aws/changelog.yml
+++ b/packages/aws/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "6.3.0"
+  changes:
+    - description: Removed ECS field definitions from CDR transform destinations, now covered by ecs@mappings component template. Renamed overridden ECS fields files to ecs-overridden.yml for awsconfig and awsinspector transforms.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/17552
 - version: "6.2.0"
   changes:
     - description: |
diff --git a/packages/aws/elasticsearch/transform/latest_cdr_misconfigurations/fields/ecs-overridden.yml b/packages/aws/elasticsearch/transform/latest_cdr_misconfigurations/fields/ecs-overridden.yml
new file mode 100644
index 00000000000..3450fd00b3f
--- /dev/null
+++ b/packages/aws/elasticsearch/transform/latest_cdr_misconfigurations/fields/ecs-overridden.yml
@@ -0,0 +1,10 @@
+# Define ECS constant fields as constant_keyword
+- name: cloud.provider
+  type: constant_keyword
+  external: ecs
+- name: event.kind
+  type: constant_keyword
+  external: ecs
+- name: observer.vendor
+  type: constant_keyword
+  external: ecs
diff --git a/packages/aws/elasticsearch/transform/latest_cdr_misconfigurations/fields/ecs.yml b/packages/aws/elasticsearch/transform/latest_cdr_misconfigurations/fields/ecs.yml
deleted file mode 100644
index f1d863098bb..00000000000
--- a/packages/aws/elasticsearch/transform/latest_cdr_misconfigurations/fields/ecs.yml
+++ /dev/null
@@ -1,154 +0,0 @@
-# Define ECS constant fields as constant_keyword
-- name: cloud.provider
-  type: constant_keyword
-- name: event.kind
-  type: constant_keyword
-- name: observer.vendor
-  type: constant_keyword
-# Define ECS fields for transform
-- name: cloud.account.id
-  external: ecs
-- name: cloud.availability_zone
-  external: ecs
-- name: cloud.instance.id
-  external: ecs
-- name: cloud.instance.name
-  external: ecs
-- name: cloud.machine.type
-  external: ecs
-- name: cloud.project.id
-  external: ecs
-- name: cloud.region
-  external: ecs
-- name: cloud.service.name
-  external: ecs
-- name: destination.domain
-  external: ecs
-- name: destination.ip
-  external: ecs
-- name: destination.port
-  external: ecs
-- name: ecs.version
-  external: ecs
-- name: event.action
-  external: ecs
-- name: event.agent_id_status
-  external: ecs
-- name: event.category
-  external: ecs
-- name: event.created
-  external: ecs
-- name: event.id
-  external: ecs
-- name: event.ingested
-  external: ecs
-- name: event.original
-  external: ecs
-- name: event.outcome
-  external: ecs
-- name: event.severity
-  external: ecs
-- name: event.type
-  external: ecs
-- name: host.id
-  external: ecs
-- name: host.ip
-  external: ecs
-- name: host.name
-  external: ecs
-- name: network.direction
-  external: ecs
-- name: network.protocol
-  external: ecs
-- name: orchestrator.cluster.id
-  external: ecs
-- name: orchestrator.cluster.name
-  external: ecs
-- name: orchestrator.cluster.version
-  external: ecs
-- name: orchestrator.cluster.url
-  external: ecs
-- name: orchestrator.resource.id
-  external: ecs
-- name: orchestrator.resource.name
-  external: ecs
-- name: orchestrator.resource.type
-  external: ecs
-- name: organization.name
-  external: ecs
-- name: process.end
-  external: ecs
-- name: process.executable
-  external: ecs
-- name: process.name
-  external: ecs
-- name: process.parent.pid
-  external: ecs
-- name: process.pid
-  external: ecs
-- name: process.start
-  external: ecs
-- name: rule.ruleset
-  external: ecs
-- name: related.hash
-  external: ecs
-- name: related.hosts
-  external: ecs
-- name: related.ip
-  external: ecs
-- name: related.user
-  external: ecs
-- name: source.domain
-  external: ecs
-- name: source.ip
-  external: ecs
-- name: source.mac
-  external: ecs
-- name: source.port
-  external: ecs
-- name: tags
-  external: ecs
-- name: threat.indicator.last_seen
-  external: ecs
-- name: threat.indicator.type
-  external: ecs
-- name: threat.enrichments
-  external: ecs
-- name: url.domain
-  external: ecs
-- name: url.extension
-  external: ecs
-- name: url.fragment
-  external: ecs
-- name: url.full
-  external: ecs
-- name: url.original
-  external: ecs
-- name: url.password
-  external: ecs
-- name: url.path
-  external: ecs
-- name: url.port
-  external: ecs
-- name: url.query
-  external: ecs
-- name: url.registered_domain
-  external: ecs
-- name: url.scheme
-  external: ecs
-- name: url.subdomain
-  external: ecs
-- name: url.top_level_domain
-  external: ecs
-- name: url.username
-  external: ecs
-- name: user.id
-  external: ecs
-- name: user.name
-  external: ecs
-- name: vulnerability.id
-  external: ecs
-- name: vulnerability.reference
-  external: ecs
-- name: vulnerability.scanner.vendor
-  external: ecs
diff --git a/packages/aws/elasticsearch/transform/latest_cdr_misconfigurations_awsconfig/fields/ecs.yml b/packages/aws/elasticsearch/transform/latest_cdr_misconfigurations_awsconfig/fields/ecs-overridden.yml
similarity index 72%
rename from packages/aws/elasticsearch/transform/latest_cdr_misconfigurations_awsconfig/fields/ecs.yml
rename to packages/aws/elasticsearch/transform/latest_cdr_misconfigurations_awsconfig/fields/ecs-overridden.yml
index 2fe489ab9ed..919d43bfb69 100644
--- a/packages/aws/elasticsearch/transform/latest_cdr_misconfigurations_awsconfig/fields/ecs.yml
+++ b/packages/aws/elasticsearch/transform/latest_cdr_misconfigurations_awsconfig/fields/ecs-overridden.yml
@@ -1,3 +1,4 @@
+# Define ECS constant fields as constant_keyword
 - name: cloud.provider
   type: constant_keyword
   external: ecs
diff --git a/packages/aws/elasticsearch/transform/latest_cdr_vulnerabilities_awsinspector/fields/ecs.yml b/packages/aws/elasticsearch/transform/latest_cdr_vulnerabilities_awsinspector/fields/ecs-overridden.yml
similarity index 100%
rename from packages/aws/elasticsearch/transform/latest_cdr_vulnerabilities_awsinspector/fields/ecs.yml
rename to packages/aws/elasticsearch/transform/latest_cdr_vulnerabilities_awsinspector/fields/ecs-overridden.yml
diff --git a/packages/aws/manifest.yml b/packages/aws/manifest.yml
index 2ccdb3364ef..129d858fd6a 100644
--- a/packages/aws/manifest.yml
+++ b/packages/aws/manifest.yml
@@ -1,7 +1,7 @@
 format_version: 3.4.0
 name: aws
 title: AWS
-version: 6.2.0
+version: 6.3.0
 description: Collect logs and metrics from Amazon Web Services (AWS) with Elastic Agent.
 type: integration
 categories:
diff --git a/packages/aws_securityhub/changelog.yml b/packages/aws_securityhub/changelog.yml
index 07309ebda27..b3393961f30 100644
--- a/packages/aws_securityhub/changelog.yml
+++ b/packages/aws_securityhub/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "0.2.0"
+  changes:
+    - description: Removed ECS field definitions from CDR transform destinations, now covered by ecs@mappings component template. Renamed overridden ECS fields files to ecs-overridden.yml.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/17552
 - version: "0.1.0"
   changes:
     - description: Initial release.
diff --git a/packages/aws_securityhub/elasticsearch/transform/latest_cdr_vulnerabilities/fields/ecs.yml b/packages/aws_securityhub/elasticsearch/transform/latest_cdr_vulnerabilities/fields/ecs-overridden.yml
similarity index 100%
rename from packages/aws_securityhub/elasticsearch/transform/latest_cdr_vulnerabilities/fields/ecs.yml
rename to packages/aws_securityhub/elasticsearch/transform/latest_cdr_vulnerabilities/fields/ecs-overridden.yml
diff --git a/packages/aws_securityhub/elasticsearch/transform/latest_findings/fields/ecs.yml b/packages/aws_securityhub/elasticsearch/transform/latest_findings/fields/ecs-overridden.yml
similarity index 100%
rename from packages/aws_securityhub/elasticsearch/transform/latest_findings/fields/ecs.yml
rename to packages/aws_securityhub/elasticsearch/transform/latest_findings/fields/ecs-overridden.yml
diff --git a/packages/aws_securityhub/manifest.yml b/packages/aws_securityhub/manifest.yml
index e4902281567..8297685529e 100644
--- a/packages/aws_securityhub/manifest.yml
+++ b/packages/aws_securityhub/manifest.yml
@@ -1,7 +1,7 @@
 format_version: 3.5.0
 name: aws_securityhub
 title: "AWS Security Hub"
-version: 0.1.0
+version: 0.2.0
 source:
   license: "Elastic-2.0"
 description: Collect logs from AWS Security Hub with Elastic Agent.
diff --git a/packages/cloud_security_posture/changelog.yml b/packages/cloud_security_posture/changelog.yml
index 3cc1b25e950..9602846fa5c 100644
--- a/packages/cloud_security_posture/changelog.yml
+++ b/packages/cloud_security_posture/changelog.yml
@@ -18,6 +18,11 @@
 # 1.4.x - 8.9.x
 # 1.3.x - 8.8.x
 # 1.2.x - 8.7.x
+- version: "3.3.0-preview07"
+  changes:
+    - description: Removed ECS field definitions from misconfiguration transform, now covered by ecs@mappings component template on transform destination index templates.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/17552
 - version: "3.3.0-preview06"
   changes:
     - description: Add gcp_credentials_cloud_connector_id to GCP stream template and mark as secret
diff --git a/packages/cloud_security_posture/elasticsearch/transform/misconfiguration/fields/ecs.yml b/packages/cloud_security_posture/elasticsearch/transform/misconfiguration/fields/ecs.yml
deleted file mode 100644
index 9357395e2d5..00000000000
--- a/packages/cloud_security_posture/elasticsearch/transform/misconfiguration/fields/ecs.yml
+++ /dev/null
@@ -1,148 +0,0 @@
-- name: agent.ephemeral_id
-  external: ecs
-- name: agent.id
-  external: ecs
-- name: agent.name
-  external: ecs
-- name: agent.type
-  external: ecs
-- name: agent.version
-  external: ecs
-- name: ecs.version
-  external: ecs
-- name: event.agent_id_status
-  external: ecs
-- name: event.ingested
-  external: ecs
-- name: file.accessed
-  external: ecs
-- name: file.ctime
-  external: ecs
-- name: file.directory
-  external: ecs
-- name: file.extension
-  external: ecs
-- name: file.gid
-  external: ecs
-- name: file.group
-  external: ecs
-- name: file.inode
-  external: ecs
-- name: file.mode
-  external: ecs
-- name: file.mtime
-  external: ecs
-- name: file.name
-  external: ecs
-- name: file.owner
-  external: ecs
-- name: file.path
-  external: ecs
-- name: file.size
-  external: ecs
-- name: file.type
-  external: ecs
-- name: file.uid
-  external: ecs
-- name: host.architecture
-  external: ecs
-- name: host.hostname
-  external: ecs
-- name: host.ip
-  external: ecs
-- name: host.mac
-  external: ecs
-- name: host.name
-  external: ecs
-- name: host.os.family
-  external: ecs
-- name: host.os.full
-  external: ecs
-- name: host.os.kernel
-  external: ecs
-- name: host.os.name
-  external: ecs
-- name: host.os.platform
-  external: ecs
-- name: host.os.type
-  external: ecs
-- name: host.os.version
-  external: ecs
-- name: message
-  external: ecs
-- name: process.args
-  external: ecs
-- name: process.args_count
-  external: ecs
-- name: process.command_line
-  external: ecs
-- name: process.name
-  external: ecs
-- name: process.parent.pid
-  external: ecs
-- name: process.parent.start
-  external: ecs
-- name: process.pgid
-  external: ecs
-- name: process.pid
-  external: ecs
-- name: process.start
-  external: ecs
-- name: process.title
-  external: ecs
-- name: process.uptime
-  external: ecs
-- name: rule.description
-  external: ecs
-- name: rule.id
-  external: ecs
-- name: rule.name
-  external: ecs
-- name: rule.version
-  external: ecs
-- name: event.category
-  external: ecs
-- name: event.created
-  external: ecs
-- name: event.id
-  external: ecs
-- name: event.kind
-  external: ecs
-- name: event.sequence
-  external: ecs
-- name: event.outcome
-  external: ecs
-- name: event.type
-  external: ecs
-- name: orchestrator.type
-  external: ecs
-- name: orchestrator.cluster.id
-  external: ecs
-- name: orchestrator.cluster.name
-  external: ecs
-- name: orchestrator.cluster.version
-  external: ecs
-- name: orchestrator.resource.id
-  external: ecs
-- name: orchestrator.resource.name
-  external: ecs
-- name: orchestrator.resource.type
-  external: ecs
-- name: cloud.account.id
-  external: ecs
-- name: cloud.account.name
-  external: ecs
-- name: cloud.provider
-  external: ecs
-- name: cloud.region
-  external: ecs
-- name: user.name
-  external: ecs
-- name: user.id
-  external: ecs
-- name: user.effective.name
-  external: ecs
-- name: user.effective.id
-  external: ecs
-- name: observer.vendor
-  external: ecs
diff --git a/packages/cloud_security_posture/manifest.yml b/packages/cloud_security_posture/manifest.yml
index 1adbf3d1d3c..53e8626fe86 100644
--- a/packages/cloud_security_posture/manifest.yml
+++ b/packages/cloud_security_posture/manifest.yml
@@ -1,7 +1,7 @@
 format_version: 3.3.2
 name: cloud_security_posture
 title: "Security Posture Management"
-version: "3.3.0-preview06"
+version: "3.3.0-preview07"
 source:
   license: "Elastic-2.0"
 description: "Identify & remediate configuration risks in your Cloud infrastructure"
diff --git a/packages/google_scc/changelog.yml b/packages/google_scc/changelog.yml
index 4999bf1a152..39f40ae90bf 100644
--- a/packages/google_scc/changelog.yml
+++ b/packages/google_scc/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "2.3.0"
+  changes:
+    - description: Removed ECS field definitions from CDR transform destinations, now covered by ecs@mappings component template. Renamed overridden ECS fields files to ecs-overridden.yml.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/17552
 - version: "2.2.2"
   changes:
     - description: Remove duplicate security-solution-default tag references
diff --git a/packages/google_scc/elasticsearch/transform/latest_cdr_misconfigurations/fields/ecs.yml b/packages/google_scc/elasticsearch/transform/latest_cdr_misconfigurations/fields/ecs-overridden.yml
similarity index 100%
rename from packages/google_scc/elasticsearch/transform/latest_cdr_misconfigurations/fields/ecs.yml
rename to packages/google_scc/elasticsearch/transform/latest_cdr_misconfigurations/fields/ecs-overridden.yml
diff --git a/packages/google_scc/elasticsearch/transform/latest_cdr_vulnerabilities/fields/ecs.yml b/packages/google_scc/elasticsearch/transform/latest_cdr_vulnerabilities/fields/ecs-overridden.yml
similarity index 100%
rename from packages/google_scc/elasticsearch/transform/latest_cdr_vulnerabilities/fields/ecs.yml
rename to packages/google_scc/elasticsearch/transform/latest_cdr_vulnerabilities/fields/ecs-overridden.yml
diff --git a/packages/google_scc/manifest.yml b/packages/google_scc/manifest.yml
index 0b9fc127347..80422f4b573 100644
--- a/packages/google_scc/manifest.yml
+++ b/packages/google_scc/manifest.yml
@@ -1,7 +1,7 @@
 format_version: "3.2.3"
 name: google_scc
 title: Google Security Command Center
-version: "2.2.2"
+version: "2.3.0"
 description: Collect logs from Google Security Command Center with Elastic Agent.
 type: integration
 categories:
diff --git a/packages/microsoft_defender_endpoint/changelog.yml b/packages/microsoft_defender_endpoint/changelog.yml
index 819d935dd11..34a003d4f68 100644
--- a/packages/microsoft_defender_endpoint/changelog.yml
+++ b/packages/microsoft_defender_endpoint/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "4.4.0"
+  changes:
+    - description: Removed ECS field definitions from CDR transform destinations, now covered by ecs@mappings component template. Renamed overridden ECS fields files to ecs-overridden.yml.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/17552
 - version: "4.3.1"
   changes:
     - description: Remove duplicate security-solution-default tag references
diff --git a/packages/microsoft_defender_endpoint/elasticsearch/transform/latest_action/fields/ecs.yml b/packages/microsoft_defender_endpoint/elasticsearch/transform/latest_action/fields/ecs.yml
deleted file mode 100644
index 845e7c71918..00000000000
--- a/packages/microsoft_defender_endpoint/elasticsearch/transform/latest_action/fields/ecs.yml
+++ /dev/null
@@ -1,28 +0,0 @@
-- external: ecs
-  name: event.action
-- external: ecs
-  name: event.created
-- external: ecs
-  name: event.id
-- external: ecs
-  name: event.outcome
-- external: ecs
-  name: file.hash.md5
-- external: ecs
-  name: file.hash.sha1
-- external: ecs
-  name: file.hash.sha256
-- external: ecs
-  name: host.hostname
-- external: ecs
-  name: host.id
-- external: ecs
-  name: host.name
-- external: ecs
-  name: related.hash
-- external: ecs
-  name: related.hosts
-- external: ecs
-  name: related.user
-- external: ecs
-  name: user.name
diff --git a/packages/microsoft_defender_endpoint/elasticsearch/transform/latest_cdr_vuln/fields/ecs.yml b/packages/microsoft_defender_endpoint/elasticsearch/transform/latest_cdr_vuln/fields/ecs-overridden.yml
similarity index 100%
rename from packages/microsoft_defender_endpoint/elasticsearch/transform/latest_cdr_vuln/fields/ecs.yml
rename to packages/microsoft_defender_endpoint/elasticsearch/transform/latest_cdr_vuln/fields/ecs-overridden.yml
diff --git a/packages/microsoft_defender_endpoint/manifest.yml b/packages/microsoft_defender_endpoint/manifest.yml
index 8c430086485..466793e052d 100644
--- a/packages/microsoft_defender_endpoint/manifest.yml
+++ b/packages/microsoft_defender_endpoint/manifest.yml
@@ -1,7 +1,7 @@
 format_version: "3.4.0"
 name: microsoft_defender_endpoint
 title: Microsoft Defender for Endpoint
-version: "4.3.1"
+version: "4.4.0"
 description: Collect logs from Microsoft Defender for Endpoint with Elastic Agent.
 categories:
   - security
diff --git a/packages/qualys_vmdr/changelog.yml b/packages/qualys_vmdr/changelog.yml
index 8ad97086533..f0da5fa21f6 100644
--- a/packages/qualys_vmdr/changelog.yml
+++ b/packages/qualys_vmdr/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "6.16.0"
+  changes:
+    - description: Removed ECS field definitions from CDR transform destinations, now covered by ecs@mappings component template. Renamed overridden ECS fields files to ecs-overridden.yml.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/17552
 - version: "6.15.1"
   changes:
     - description: Fix rate limit calculation.
diff --git a/packages/qualys_vmdr/elasticsearch/transform/latest_cdr_vulnerabilities/fields/ecs-overridden.yml b/packages/qualys_vmdr/elasticsearch/transform/latest_cdr_vulnerabilities/fields/ecs-overridden.yml
new file mode 100644
index 00000000000..cc61312ef72
--- /dev/null
+++ b/packages/qualys_vmdr/elasticsearch/transform/latest_cdr_vulnerabilities/fields/ecs-overridden.yml
@@ -0,0 +1,7 @@
+# Define ECS constant fields as constant_keyword
+- name: observer.vendor
+  type: constant_keyword
+  external: ecs
+- name: vulnerability.scanner.vendor
+  type: constant_keyword
+  external: ecs
diff --git a/packages/qualys_vmdr/elasticsearch/transform/latest_cdr_vulnerabilities/fields/ecs.yml b/packages/qualys_vmdr/elasticsearch/transform/latest_cdr_vulnerabilities/fields/ecs.yml
deleted file mode 100644
index f2ec54bf13f..00000000000
--- a/packages/qualys_vmdr/elasticsearch/transform/latest_cdr_vulnerabilities/fields/ecs.yml
+++ /dev/null
@@ -1,108 +0,0 @@
-# Define ECS constant fields as constant_keyword
-- name: observer.vendor
-  type: constant_keyword
-  external: ecs
-- name: vulnerability.scanner.vendor
-  type: constant_keyword
-  external: ecs
-# Other ECS fields
-- name: agent.ephemeral_id
-  external: ecs
-- name: agent.id
-  external: ecs
-- name: agent.name
-  external: ecs
-- name: agent.type
-  external: ecs
-- name: agent.version
-  external: ecs
-- name: cloud.account.id
-  external: ecs
-- name: cloud.account.name
-  external: ecs
-- name: cloud.availability_zone
-  external: ecs
-- name: cloud.instance.id
-  external: ecs
-- name: cloud.instance.name
-  external: ecs
-- name: cloud.machine.type
-  external: ecs
-- name: cloud.project.id
-  external: ecs
-- name: cloud.project.name
-  external: ecs
-- name: cloud.provider
-  external: ecs
-- name: cloud.region
-  external: ecs
-- name: cloud.service.name
-  external: ecs
-- name: ecs.version
-  external: ecs
-- name: event.agent_id_status
-  external: ecs
-- name: event.category
-  external: ecs
-- name: event.id
-  external: ecs
-- name: event.ingested
-  external: ecs
-- name: event.kind
-  external: ecs
-- name: event.type
-  external: ecs
-- name: host.domain
-  external: ecs
-- name: host.hostname
-  external: ecs
-- name: host.id
-  external: ecs
-- name: host.ip
-  external: ecs
-- name: host.name
-  external: ecs
-- name: host.os.full
-  external: ecs
-- name: host.os.platform
-  external: ecs
-- name: host.os.type
-  external: ecs
-- name: package.name
-  external: ecs
-- name: package.version
-  external: ecs
-- name: related.hosts
-  external: ecs
-- name: related.ip
-  external: ecs
-- name: tags
-  external: ecs
-- name: threat.framework
-  external: ecs
-- name: threat.tactic.id
-  external: ecs
-- name: threat.tactic.name
-  external: ecs
-- name: threat.technique.id
-  external: ecs
-- name: threat.technique.name
-  external: ecs
-- name: vulnerability.category
-  external: ecs
-- name: vulnerability.classification
-  external: ecs
-- name: vulnerability.description
-  external: ecs
-- name: vulnerability.enumeration
-  external: ecs
-- name: vulnerability.id
-  external: ecs
-- name: vulnerability.reference
-  external: ecs
-- name: vulnerability.score.base
-  external: ecs
-- name: vulnerability.score.version
-  external: ecs
-- name: vulnerability.severity
-  external: ecs
diff --git a/packages/qualys_vmdr/manifest.yml b/packages/qualys_vmdr/manifest.yml
index 36cbff5b4be..fe4c55e1b90 100644
--- a/packages/qualys_vmdr/manifest.yml
+++ b/packages/qualys_vmdr/manifest.yml
@@ -1,7 +1,7 @@
 format_version: "3.4.0"
 name: qualys_vmdr
 title: Qualys VMDR
-version: "6.15.1"
+version: "6.16.0"
 description: Collect data from Qualys VMDR platform with Elastic Agent.
 type: integration
 categories:
diff --git a/packages/rapid7_insightvm/changelog.yml b/packages/rapid7_insightvm/changelog.yml
index b2a74b98c3b..832ba78952d 100644
--- a/packages/rapid7_insightvm/changelog.yml
+++ b/packages/rapid7_insightvm/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "2.6.0"
+  changes:
+    - description: Removed ECS field definitions from CDR transform destinations, now covered by ecs@mappings component template. Renamed overridden ECS fields files to ecs-overridden.yml.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/17552
 - version: "2.5.1"
   changes:
     - description: Remove duplicated field definitions in transform.
diff --git a/packages/rapid7_insightvm/elasticsearch/transform/latest_cdr_vulnerabilities/fields/ecs-overridden.yml b/packages/rapid7_insightvm/elasticsearch/transform/latest_cdr_vulnerabilities/fields/ecs-overridden.yml
new file mode 100644
index 00000000000..cc61312ef72
--- /dev/null
+++ b/packages/rapid7_insightvm/elasticsearch/transform/latest_cdr_vulnerabilities/fields/ecs-overridden.yml
@@ -0,0 +1,7 @@
+# Define ECS constant fields as constant_keyword
+- name: observer.vendor
+  type: constant_keyword
+  external: ecs
+- name: vulnerability.scanner.vendor
+  type: constant_keyword
+  external: ecs
diff --git a/packages/rapid7_insightvm/elasticsearch/transform/latest_cdr_vulnerabilities/fields/ecs.yml b/packages/rapid7_insightvm/elasticsearch/transform/latest_cdr_vulnerabilities/fields/ecs.yml
deleted file mode 100644
index 578eddb08f6..00000000000
--- a/packages/rapid7_insightvm/elasticsearch/transform/latest_cdr_vulnerabilities/fields/ecs.yml
+++ /dev/null
@@ -1,98 +0,0 @@
-# Define ECS constant fields as constant_keyword
-- name: observer.vendor
-  type: constant_keyword
-  external: ecs
-- name: vulnerability.scanner.vendor
-  type: constant_keyword
-  external: ecs
-# Other ECS fields
-- name: agent.ephemeral_id
-  external: ecs
-- name: agent.id
-  external: ecs
-- name: agent.name
-  external: ecs
-- name: agent.type
-  external: ecs
-- name: agent.version
-  external: ecs
-- name: ecs.version
-  external: ecs
-- name: error.code
-  external: ecs
-- name: error.id
-  external: ecs
-- name: error.message
-  external: ecs
-- name: event.agent_id_status
-  external: ecs
-- name: event.category
-  external: ecs
-- name: event.created
-  external: ecs
-- name: event.id
-  external: ecs
-- name: event.ingested
-  external: ecs
-- name: event.kind
-  external: ecs
-- name: event.original
-  external: ecs
-- name: event.severity
-  external: ecs
-- name: event.type
-  external: ecs
-- name: host.architecture
-  external: ecs
-- name: host.hostname
-  external: ecs
-- name: host.id
-  external: ecs
-- name: host.ip
-  external: ecs
-- name: host.mac
-  external: ecs
-- name: host.name
-  external: ecs
-- name: host.os.family
-  external: ecs
-- name: host.os.full
-  external: ecs
-- name: host.os.name
-  external: ecs
-- name: host.os.platform
-  external: ecs
-- name: host.os.type
-  external: ecs
-- name: host.os.version
-  external: ecs
-- name: host.type
-  external: ecs
-- name: host.risk.static_score
-  external: ecs
-- name: observer.product
-  external: ecs
-- name: related.hosts
-  external: ecs
-- name: related.ip
-  external: ecs
-- name: tags
-  external: ecs
-- name: vulnerability.category
-  external: ecs
-- name: vulnerability.classification
-  external: ecs
-- name: vulnerability.description
-  external: ecs
-- name: vulnerability.enumeration
-  external: ecs
-- name: vulnerability.id
-  external: ecs
-- name: vulnerability.reference
-  external: ecs
-- name: vulnerability.score.base
-  external: ecs
-- name: vulnerability.score.version
-  external: ecs
-- name: vulnerability.severity
-  external: ecs
diff --git a/packages/rapid7_insightvm/manifest.yml b/packages/rapid7_insightvm/manifest.yml
index 3dd0eab0639..636adef1204 100644
--- a/packages/rapid7_insightvm/manifest.yml
+++ b/packages/rapid7_insightvm/manifest.yml
@@ -1,7 +1,7 @@
 format_version: "3.4.0"
 name: rapid7_insightvm
 title: Rapid7 InsightVM
-version: "2.5.1"
+version: "2.6.0"
 source:
   license: "Elastic-2.0"
 description: Collect logs from Rapid7 InsightVM with Elastic Agent.
diff --git a/packages/tenable_io/changelog.yml b/packages/tenable_io/changelog.yml
index ddabda18180..579f1d38693 100644
--- a/packages/tenable_io/changelog.yml
+++ b/packages/tenable_io/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "4.9.0"
+  changes:
+    - description: Removed ECS field definitions from CDR transform destinations, now covered by ecs@mappings component template. Renamed overridden ECS fields files to ecs-overridden.yml.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/17552
 - version: "4.8.0"
   changes:
     - description: Add support for new ratings object in asset data stream and vulnerability scoring metrics in vulnerability data stream.
diff --git a/packages/tenable_io/elasticsearch/transform/latest_cdr_vulnerabilities/fields/ecs.yml b/packages/tenable_io/elasticsearch/transform/latest_cdr_vulnerabilities/fields/ecs.yml
deleted file mode 100644
index 8830fcceff6..00000000000
--- a/packages/tenable_io/elasticsearch/transform/latest_cdr_vulnerabilities/fields/ecs.yml
+++ /dev/null
@@ -1,79 +0,0 @@
-# Other ECS fields
-- name: agent.id
-  external: ecs
-- name: agent.name
-  external: ecs
-- name: agent.type
-  external: ecs
-- name: agent.version
-  external: ecs
-- name: ecs.version
-  external: ecs
-- name: error.code
-  external: ecs
-- name: error.id
-  external: ecs
-- name: error.message
-  external: ecs
-- name: event.agent_id_status
-  external: ecs
-- name: event.category
-  external: ecs
-- name: event.created
-  external: ecs
-- name: event.id
-  external: ecs
-- name: event.ingested
-  external: ecs
-- name: event.kind
-  external: ecs
-- name: event.original
-  external: ecs
-- name: event.type
-  external: ecs
-- name: host.domain
-  external: ecs
-- name: host.hostname
-  external: ecs
-- name: host.id
-  external: ecs
-- name: host.ip
-  external: ecs
-- name: host.mac
-  external: ecs
-- name: host.name
-  external: ecs
-- name: host.os.full
-  external: ecs
-- name: host.os.platform
-  external: ecs
-- name: host.os.type
-  external: ecs
-- name: related.hosts
-  external: ecs
-- name: related.ip
-  external: ecs
-- name: tags
-  external: ecs
-- name: vulnerability.category
-  external: ecs
-- name: vulnerability.classification
-  external: ecs
-- name: vulnerability.description
-  external: ecs
-- name: vulnerability.enumeration
-  external: ecs
-- name: vulnerability.id
-  external: ecs
-- name: vulnerability.reference
-  external: ecs
-- name: vulnerability.report_id
-  external: ecs
-- name: vulnerability.score.base
-  external: ecs
-- name: vulnerability.score.temporal
-  external: ecs
-- name: vulnerability.score.version
-  external: ecs
-- name: vulnerability.severity
-  external: ecs
diff --git a/packages/tenable_io/manifest.yml b/packages/tenable_io/manifest.yml
index f34bd15f8e8..899ce967035 100644
--- a/packages/tenable_io/manifest.yml
+++ b/packages/tenable_io/manifest.yml
@@ -1,7 +1,7 @@
 format_version: "3.4.0"
 name: tenable_io
 title: Tenable Vulnerability Management
-version: "4.8.0"
+version: "4.9.0"
 description: Collect logs from Tenable Vulnerability Management with Elastic Agent.
 type: integration
 categories:
diff --git a/packages/wiz/changelog.yml b/packages/wiz/changelog.yml
index b976c04ff80..b3e81d94e56 100644
--- a/packages/wiz/changelog.yml
+++ b/packages/wiz/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "4.1.0"
+  changes:
+    - description: Removed ECS field definitions from misconfiguration transform, now covered by ecs@mappings component template on transform destination index templates.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/17552
 - version: "4.0.0"
   changes:
     - description: | 
diff --git a/packages/wiz/elasticsearch/transform/latest_cdr_misconfigurations/fields/ecs.yml b/packages/wiz/elasticsearch/transform/latest_cdr_misconfigurations/fields/ecs.yml
deleted file mode 100644
index 4cb860dea83..00000000000
--- a/packages/wiz/elasticsearch/transform/latest_cdr_misconfigurations/fields/ecs.yml
+++ /dev/null
@@ -1,34 +0,0 @@
-- name: event.created
-  external: ecs
-- name: cloud.account.id
-  external: ecs
-- name: cloud.account.name
-  external: ecs
-- name: cloud.region
-  external: ecs
-- name: cloud.provider
-  external: ecs
-- name: cloud.service.name
-  external: ecs
-- name: user.name
-  external: ecs
-- name: user.id
-  external: ecs
-- name: host.name
-  external: ecs
-- name: event.id
-  external: ecs
-- name: event.kind
-  external: ecs
-- name: event.outcome
-  external: ecs
-- name: event.category
-  external: ecs
-- name: event.type
-  external: ecs
-- name: observer.vendor
-  external: ecs
-- name: message
-  external: ecs
-- name: ecs.version
-  external: ecs
diff --git a/packages/wiz/manifest.yml b/packages/wiz/manifest.yml
index 972e49d87cf..21193688f6a 100644
--- a/packages/wiz/manifest.yml
+++ b/packages/wiz/manifest.yml
@@ -1,7 +1,7 @@
 format_version: 3.3.2
 name: wiz
 title: Wiz
-version: "4.0.0"
+version: "4.1.0"
 description: Collect logs from Wiz with Elastic Agent.
 type: integration
 categories:
@@ -15,7 +15,7 @@ categories:
   - siem
 conditions:
   kibana:
-    version: "~8.16.6 || ~8.17.4 || ^8.18.0 || ^9.0.0"
+    version: "^8.19.0 || ^9.1.0"
   elastic:
     subscription: "basic"
 screenshots: