Worked on the elastic/endpoint-package repository to deliver a new feature that adds CPU architecture detection for PE files within malware event alerts. This involved defining the file.pe.architecture field through careful data modeling and schema definition, ensuring the field was integrated into the YAML configuration for downstream parsing. Documentation was updated in Markdown to clearly describe the new field and its use in malware analysis. By capturing CPU architecture, the feature enables more granular reporting and supports improved triage in security analytics. The work focused on enhancing data quality and traceability, with clear commit references and thorough documentation throughout the process.