In September 2025, Mirskip87 enhanced the elastic/endpoint-package repository by introducing a new field to malware event alerts, enabling the capture of CPU architecture information for PE files. This feature was implemented through careful data modeling and schema definition, with updates to YAML configuration files to ensure the new field was properly surfaced for downstream parsers. Mirskip87 also provided comprehensive documentation in Markdown to describe the field’s purpose and usage. This work improved the granularity of malware analysis and reporting, supporting more precise triage and incident response, and demonstrated a focused, well-documented approach to feature development within a security analytics context.