If i add my custom indices in data sources on elastic security
then how should i map field in ecs
Hey there @aditi_salunke -- welcome to the community! 
So when adding custom indices you'll want to use the Elastic Security ECS field reference as a guide for what fields are used in Elastic Security, and for help with the mapping I highly recommend checking out this blog post (for beats), this webinar for both beats/external events and the ecs-mapper tool.
Hope this is helpful, and look forward to hearing your feedback in using Elastic Security! 
Cheers!
Garrett
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.