diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/entity_store/routes/entities/list.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/entity_store/routes/entities/list.ts
index 82f90e75816b3..fc76fdffae834 100644
--- a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/entity_store/routes/entities/list.ts
+++ b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/entity_store/routes/entities/list.ts
@@ -4,16 +4,6 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
-
-/*
- * NOTICE: Do not edit this file manually.
- * This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
- *
- * info:
- *   title: List Entity Store engines
- *   version: 1
- */
-
 import type { IKibanaResponse, Logger } from '@kbn/core/server';
 import { buildSiemResponse } from '@kbn/lists-plugin/server/routes/utils';
 import { transformError } from '@kbn/securitysolution-es-utils';
@@ -79,6 +69,16 @@ export const listEntitiesRoute = (
             sortOrder,
           });
 
+          // just override the entity field with the normalized fields
+          records.forEach((record) => {
+            const result = buildNormalizedFields(record.entity, [
+              'behaviors',
+              'lifecycle',
+              'attributes',
+            ]);
+            record.entity = { ...record.entity, ...result };
+          });
+
           telemetry.reportEBT(ENTITY_STORE_API_CALL_EVENT, {
             endpoint: request.route.path,
           });
@@ -106,3 +106,19 @@ export const listEntitiesRoute = (
       }
     );
 };
+
+function buildNormalizedFields(obj: Record<string, unknown>, properties: string[]) {
+  // only use properties whose val is an object, skip them if undefined or some other type
+  const hasObjVal = (p: string) =>
+    obj[p] !== null && typeof obj[p] === 'object' && !Array.isArray(obj[p]);
+  const entries = properties
+    .filter(hasObjVal)
+    .map((p) => [p, toLowercaseKeys(obj[p] as Record<string, unknown>)]);
+  return Object.fromEntries(entries);
+}
+
+function toLowercaseKeys(obj: Record<string, unknown>): Record<string, unknown> {
+  // iterate to rebuild the sub object with the lowercase keys.
+  // No need for checking if it appears in the old sub or to `delete`
+  return Object.fromEntries(Object.entries(obj).map(([k, v]) => [k.toLowerCase(), v]));
+}