diff --git a/custom_documentation/doc/endpoint/process/linux/linux_process_module_load.md b/custom_documentation/doc/endpoint/process/linux/linux_process_module_load.md
new file mode 100644
index 000000000..366d60c55
--- /dev/null
+++ b/custom_documentation/doc/endpoint/process/linux/linux_process_module_load.md
@@ -0,0 +1,203 @@
+# Linux Module Load Events
+
+- OS: Linux
+- Data Stream: `logs-endpoint.events.process-*`
+- KQL: `event.action : "load_module" and event.dataset : "endpoint.events.process" and event.module : "endpoint" and host.os.type : "linux"`
+
+This event is generated when when a kernel module is loaded.
+
+| Field |
+|---|
+| @timestamp |
+| agent.id |
+| agent.type |
+| agent.version |
+| cloud.account.id |
+| cloud.instance.name |
+| cloud.project.id |
+| cloud.provider |
+| cloud.region |
+| container.id |
+| container.image.hash.all |
+| container.image.name |
+| container.image.tag |
+| container.name |
+| data_stream.dataset |
+| data_stream.namespace |
+| data_stream.type |
+| ecs.version |
+| elastic.agent.id |
+| event.action |
+| event.category |
+| event.created |
+| event.dataset |
+| event.id |
+| event.kind |
+| event.module |
+| event.outcome |
+| event.sequence |
+| event.type |
+| group.Ext.real.id |
+| group.Ext.real.name |
+| group.id |
+| group.name |
+| host.architecture |
+| host.hostname |
+| host.id |
+| host.ip |
+| host.mac |
+| host.name |
+| host.os.Ext.variant |
+| host.os.family |
+| host.os.full |
+| host.os.kernel |
+| host.os.name |
+| host.os.platform |
+| host.os.type |
+| host.os.version |
+| message |
+| orchestrator.cluster.id |
+| orchestrator.cluster.name |
+| orchestrator.namespace |
+| orchestrator.resource.ip |
+| orchestrator.resource.name |
+| orchestrator.resource.parent.type |
+| orchestrator.resource.type |
+| process.Ext.ancestry |
+| process.Ext.command_line_truncated |
+| process.Ext.memfd.flag_allow_seal |
+| process.Ext.memfd.flag_cloexec |
+| process.Ext.memfd.flag_exec |
+| process.Ext.memfd.flag_hugetlb |
+| process.Ext.memfd.flag_noexec_seal |
+| process.Ext.memfd.flags |
+| process.Ext.memfd.name |
+| process.Ext.trusted |
+| process.Ext.trusted_descendant |
+| process.args |
+| process.args_count |
+| process.command_line |
+| process.end |
+| process.entity_id |
+| process.entry_leader.args |
+| process.entry_leader.args_count |
+| process.entry_leader.entity_id |
+| process.entry_leader.entry_meta.source.ip |
+| process.entry_leader.entry_meta.type |
+| process.entry_leader.executable |
+| process.entry_leader.group.id |
+| process.entry_leader.group.name |
+| process.entry_leader.interactive |
+| process.entry_leader.name |
+| process.entry_leader.parent.entity_id |
+| process.entry_leader.parent.pid |
+| process.entry_leader.parent.start |
+| process.entry_leader.pid |
+| process.entry_leader.real_group.id |
+| process.entry_leader.real_group.name |
+| process.entry_leader.real_user.id |
+| process.entry_leader.real_user.name |
+| process.entry_leader.same_as_process |
+| process.entry_leader.start |
+| process.entry_leader.supplemental_groups.id |
+| process.entry_leader.supplemental_groups.name |
+| process.entry_leader.tty.char_device.major |
+| process.entry_leader.tty.char_device.minor |
+| process.entry_leader.user.id |
+| process.entry_leader.user.name |
+| process.entry_leader.working_directory |
+| process.executable |
+| process.exit_code |
+| process.group.id |
+| process.group.name |
+| process.group_leader.args |
+| process.group_leader.args_count |
+| process.group_leader.entity_id |
+| process.group_leader.executable |
+| process.group_leader.group.id |
+| process.group_leader.group.name |
+| process.group_leader.interactive |
+| process.group_leader.name |
+| process.group_leader.pid |
+| process.group_leader.real_group.id |
+| process.group_leader.real_group.name |
+| process.group_leader.real_user.id |
+| process.group_leader.real_user.name |
+| process.group_leader.same_as_process |
+| process.group_leader.start |
+| process.group_leader.supplemental_groups.id |
+| process.group_leader.supplemental_groups.name |
+| process.group_leader.tty.char_device.major |
+| process.group_leader.tty.char_device.minor |
+| process.group_leader.user.id |
+| process.group_leader.user.name |
+| process.group_leader.working_directory |
+| process.hash.md5 |
+| process.hash.sha1 |
+| process.hash.sha256 |
+| process.interactive |
+| process.name |
+| process.parent.Ext.command_line_truncated |
+| process.parent.args |
+| process.parent.args_count |
+| process.parent.command_line |
+| process.parent.entity_id |
+| process.parent.executable |
+| process.parent.group.id |
+| process.parent.group.name |
+| process.parent.interactive |
+| process.parent.name |
+| process.parent.pid |
+| process.parent.real_group.id |
+| process.parent.real_group.name |
+| process.parent.real_user.id |
+| process.parent.real_user.name |
+| process.parent.start |
+| process.parent.supplemental_groups.id |
+| process.parent.supplemental_groups.name |
+| process.parent.tty.char_device.major |
+| process.parent.tty.char_device.minor |
+| process.parent.user.id |
+| process.parent.user.name |
+| process.parent.working_directory |
+| process.pid |
+| process.previous.args |
+| process.previous.args_count |
+| process.previous.executable |
+| process.real_group.id |
+| process.real_group.name |
+| process.real_user.id |
+| process.real_user.name |
+| process.session_leader.args |
+| process.session_leader.args_count |
+| process.session_leader.entity_id |
+| process.session_leader.executable |
+| process.session_leader.group.id |
+| process.session_leader.group.name |
+| process.session_leader.interactive |
+| process.session_leader.name |
+| process.session_leader.pid |
+| process.session_leader.real_group.id |
+| process.session_leader.real_group.name |
+| process.session_leader.real_user.id |
+| process.session_leader.real_user.name |
+| process.session_leader.same_as_process |
+| process.session_leader.start |
+| process.session_leader.supplemental_groups.id |
+| process.session_leader.supplemental_groups.name |
+| process.session_leader.tty.char_device.major |
+| process.session_leader.tty.char_device.minor |
+| process.session_leader.user.id |
+| process.session_leader.user.name |
+| process.session_leader.working_directory |
+| process.start |
+| process.supplemental_groups.id |
+| process.supplemental_groups.name |
+| process.user.id |
+| process.user.name |
+| process.working_directory |
+| user.Ext.real.id |
+| user.Ext.real.name |
+| user.id |
+| user.name |
+
diff --git a/custom_documentation/src/endpoint/data_stream/process/linux/linux_process_module_load.yaml b/custom_documentation/src/endpoint/data_stream/process/linux/linux_process_module_load.yaml
new file mode 100644
index 000000000..774ca6860
--- /dev/null
+++ b/custom_documentation/src/endpoint/data_stream/process/linux/linux_process_module_load.yaml
@@ -0,0 +1,206 @@
+overview:
+  name: Linux Module Load Events
+  description: This event is generated when when a kernel module is loaded.
+identification:
+  filter:
+    event.action: load_module
+    event.dataset: endpoint.events.process
+    event.module: endpoint
+    host.os.type: linux
+  os:
+  - linux
+  data_stream: logs-endpoint.events.process-*
+fields:
+  endpoint:
+  - '@timestamp'
+  - agent.id
+  - agent.type
+  - agent.version
+  - cloud.account.id
+  - cloud.instance.name
+  - cloud.project.id
+  - cloud.provider
+  - cloud.region
+  - container.id
+  - container.image.hash.all
+  - container.image.name
+  - container.image.tag
+  - container.name
+  - data_stream.dataset
+  - data_stream.namespace
+  - data_stream.type
+  - ecs.version
+  - elastic.agent.id
+  - event.action
+  - event.category
+  - event.created
+  - event.dataset
+  - event.id
+  - event.kind
+  - event.module
+  - event.outcome
+  - event.sequence
+  - event.type
+  - group.Ext.real.id
+  - group.Ext.real.name
+  - group.id
+  - group.name
+  - host.architecture
+  - host.hostname
+  - host.id
+  - host.ip
+  - host.mac
+  - host.name
+  - host.os.Ext.variant
+  - host.os.family
+  - host.os.full
+  - host.os.kernel
+  - host.os.name
+  - host.os.platform
+  - host.os.type
+  - host.os.version
+  - message
+  - orchestrator.cluster.id
+  - orchestrator.cluster.name
+  - orchestrator.namespace
+  - orchestrator.resource.ip
+  - orchestrator.resource.name
+  - orchestrator.resource.parent.type
+  - orchestrator.resource.type
+  - process.Ext.ancestry
+  - process.Ext.command_line_truncated
+  - process.Ext.memfd.flag_allow_seal
+  - process.Ext.memfd.flag_cloexec
+  - process.Ext.memfd.flag_exec
+  - process.Ext.memfd.flag_hugetlb
+  - process.Ext.memfd.flag_noexec_seal
+  - process.Ext.memfd.flags
+  - process.Ext.memfd.name
+  - process.Ext.trusted
+  - process.Ext.trusted_descendant
+  - process.args
+  - process.args_count
+  - process.command_line
+  - process.end
+  - process.entity_id
+  - process.entry_leader.args
+  - process.entry_leader.args_count
+  - process.entry_leader.entity_id
+  - process.entry_leader.entry_meta.source.ip
+  - process.entry_leader.entry_meta.type
+  - process.entry_leader.executable
+  - process.entry_leader.group.id
+  - process.entry_leader.group.name
+  - process.entry_leader.interactive
+  - process.entry_leader.name
+  - process.entry_leader.parent.entity_id
+  - process.entry_leader.parent.pid
+  - process.entry_leader.parent.start
+  - process.entry_leader.pid
+  - process.entry_leader.real_group.id
+  - process.entry_leader.real_group.name
+  - process.entry_leader.real_user.id
+  - process.entry_leader.real_user.name
+  - process.entry_leader.same_as_process
+  - process.entry_leader.start
+  - process.entry_leader.supplemental_groups.id
+  - process.entry_leader.supplemental_groups.name
+  - process.entry_leader.tty.char_device.major
+  - process.entry_leader.tty.char_device.minor
+  - process.entry_leader.user.id
+  - process.entry_leader.user.name
+  - process.entry_leader.working_directory
+  - process.executable
+  - process.exit_code
+  - process.group.id
+  - process.group.name
+  - process.group_leader.args
+  - process.group_leader.args_count
+  - process.group_leader.entity_id
+  - process.group_leader.executable
+  - process.group_leader.group.id
+  - process.group_leader.group.name
+  - process.group_leader.interactive
+  - process.group_leader.name
+  - process.group_leader.pid
+  - process.group_leader.real_group.id
+  - process.group_leader.real_group.name
+  - process.group_leader.real_user.id
+  - process.group_leader.real_user.name
+  - process.group_leader.same_as_process
+  - process.group_leader.start
+  - process.group_leader.supplemental_groups.id
+  - process.group_leader.supplemental_groups.name
+  - process.group_leader.tty.char_device.major
+  - process.group_leader.tty.char_device.minor
+  - process.group_leader.user.id
+  - process.group_leader.user.name
+  - process.group_leader.working_directory
+  - process.hash.md5
+  - process.hash.sha1
+  - process.hash.sha256
+  - process.interactive
+  - process.name
+  - process.parent.Ext.command_line_truncated
+  - process.parent.args
+  - process.parent.args_count
+  - process.parent.command_line
+  - process.parent.entity_id
+  - process.parent.executable
+  - process.parent.group.id
+  - process.parent.group.name
+  - process.parent.interactive
+  - process.parent.name
+  - process.parent.pid
+  - process.parent.real_group.id
+  - process.parent.real_group.name
+  - process.parent.real_user.id
+  - process.parent.real_user.name
+  - process.parent.start
+  - process.parent.supplemental_groups.id
+  - process.parent.supplemental_groups.name
+  - process.parent.tty.char_device.major
+  - process.parent.tty.char_device.minor
+  - process.parent.user.id
+  - process.parent.user.name
+  - process.parent.working_directory
+  - process.pid
+  - process.previous.args
+  - process.previous.args_count
+  - process.previous.executable
+  - process.real_group.id
+  - process.real_group.name
+  - process.real_user.id
+  - process.real_user.name
+  - process.session_leader.args
+  - process.session_leader.args_count
+  - process.session_leader.entity_id
+  - process.session_leader.executable
+  - process.session_leader.group.id
+  - process.session_leader.group.name
+  - process.session_leader.interactive
+  - process.session_leader.name
+  - process.session_leader.pid
+  - process.session_leader.real_group.id
+  - process.session_leader.real_group.name
+  - process.session_leader.real_user.id
+  - process.session_leader.real_user.name
+  - process.session_leader.same_as_process
+  - process.session_leader.start
+  - process.session_leader.supplemental_groups.id
+  - process.session_leader.supplemental_groups.name
+  - process.session_leader.tty.char_device.major
+  - process.session_leader.tty.char_device.minor
+  - process.session_leader.user.id
+  - process.session_leader.user.name
+  - process.session_leader.working_directory
+  - process.start
+  - process.supplemental_groups.id
+  - process.supplemental_groups.name
+  - process.user.id
+  - process.user.name
+  - process.working_directory
+  - user.Ext.real.id
+  - user.Ext.real.name
+  - user.id
+  - user.name