Update toggle description

Author: romulets

packages/aws/data_stream/cloudtrail/manifest.yml

@@ -170,7 +170,7 @@ streams:
         show_user: true
         title: Actor and Target Entity Mapping
         description: >
-          Maps actor and target entity identifiers relative to an event into designated fields (`actor.entity.id` for the acting entity and `target.entity.id` for the affected entity/entities). All identifiers, regardless of role, are captured in the `related.entity` field.
+          Maps actor and target entity identifiers relative to an event into designated fields (`actor.entity.id` for the acting entity and `target.entity.id` for the affected entity/entities). All identifiers, regardless of role, are captured in the `related.entity` field.This introduces additional ingest pipeline processors for parsing, which may introduce performance overhead in certain cases.
         type: bool
         multi: false
         default: true
@@ -290,7 +290,7 @@ streams:
         show_user: true
         title: Actor and Target Entity Mapping
         description: >
-          Maps actor and target entity identifiers relative to an event into designated fields (`actor.entity.id` for the acting entity and `target.entity.id` for the affected entity/entities). All identifiers, regardless of role, are captured in the `related.entity` field.
+          Maps actor and target entity identifiers relative to an event into designated fields (`actor.entity.id` for the acting entity and `target.entity.id` for the affected entity/entities). All identifiers, regardless of role, are captured in the `related.entity` field. This introduces additional ingest pipeline processors for parsing, which may introduce performance overhead in certain cases.
         type: bool
         multi: false
         default: true
@@ -427,7 +427,7 @@ streams:
         show_user: true
         title: Actor and Target Entity Mapping
         description: >
-          Maps actor and target entity identifiers relative to an event into designated fields (`actor.entity.id` for the acting entity and `target.entity.id` for the affected entity/entities). All identifiers, regardless of role, are captured in the `related.entity` field.
+          Maps actor and target entity identifiers relative to an event into designated fields (`actor.entity.id` for the acting entity and `target.entity.id` for the affected entity/entities). All identifiers, regardless of role, are captured in the `related.entity` field. This introduces additional ingest pipeline processors for parsing, which may introduce performance overhead in certain cases.
         type: bool
         multi: false
         default: true

packages/aws/docs/cloudtrail.md

@@ -79,6 +79,7 @@ Please refer to the following [document](https://www.elastic.co/guide/en/ecs/cur
 | Field | Description | Type |
 |---|---|---|
 | @timestamp | Event timestamp. | date |
+| actor.entity.id |  | keyword |
 | aws.cloudtrail.additional_eventdata | Additional data about the event that was not part of the request or response. | keyword |
 | aws.cloudtrail.additional_eventdata.text | Multi-field of `aws.cloudtrail.additional_eventdata`. | text |
 | aws.cloudtrail.api_version | Identifies the API version associated with the AwsApiCall eventType value. | keyword |
@@ -136,6 +137,7 @@ Please refer to the following [document](https://www.elastic.co/guide/en/ecs/cur
 | input.type | Input type | keyword |
 | log.offset | Log offset | long |
 | related.entity | A collection of all entity identifiers associated with the document.  If the document  contains multiple entities, identifiers for each will be included. Example identifiers include(but not limited to) cloud resource IDs, ARNs,  email addresses, and hostnames. | keyword |
+| target.entity.id |  | keyword |
 
 
 An example event for `cloudtrail` looks as following: