diff --git a/README.md b/README.md
index 2e0365642e..bedc2f44de 100644
--- a/README.md
+++ b/README.md
@@ -58,6 +58,7 @@ ECS defines these fields.
  * [Event fields](#event)
  * [File fields](#file)
  * [Geo fields](#geo)
+ * [Group fields](#group)
  * [Host fields](#host)
  * [Log fields](#log)
  * [Network fields](#network)
@@ -249,6 +250,17 @@ Note also that the `geo` fields are not expected to be used directly at the top
 | <a name="geo.city_name"></a>geo.city_name | City name. | core | keyword | `Montreal` |
 
 
+## <a name="group"></a> Group fields
+
+The group fields are meant to represent groups that are relevant to the event.
+
+
+| Field  | Description  | Level  | Type  | Example  |
+|---|---|---|---|---|
+| <a name="group.id"></a>group.id | Unique identifier for the group on the system/platform. | core | keyword |  |
+| <a name="group.name"></a>group.name | Name of the group. | core | keyword |  |
+
+
 ## <a name="host"></a> Host fields
 
 Host fields provide information related to a host. A host can be a physical machine, a virtual machine, or a Docker container.
diff --git a/fields.yml b/fields.yml
index 4dd11d3f32..6ab3c8490e 100644
--- a/fields.yml
+++ b/fields.yml
@@ -660,6 +660,27 @@
             City name.
           example: Montreal
     
+    - name: group
+      title: Group
+      group: 2
+      description: >
+        The group fields are meant to represent groups that are relevant to the
+        event.
+      type: group
+      fields:
+    
+        - name: id
+          level: core
+          type: keyword
+          description: >
+            Unique identifier for the group on the system/platform.
+    
+        - name: name
+          level: core
+          type: keyword
+          description: >
+            Name of the group.
+    
     - name: host
       title: Host
       group: 2
diff --git a/schema.csv b/schema.csv
index 9a1a4e891f..dea596630a 100644
--- a/schema.csv
+++ b/schema.csv
@@ -70,6 +70,8 @@ geo.continent_name,keyword,core,North America
 geo.country_iso_code,keyword,core,CA
 geo.location,geo_point,core,"{ ""lon"": -73.614830, ""lat"": 45.505918 }"
 geo.region_name,keyword,core,Quebec
+group.id,keyword,core,
+group.name,keyword,core,
 host.architecture,keyword,core,x86_64
 host.hostname,keyword,core,
 host.id,keyword,core,
diff --git a/schemas/group.yml b/schemas/group.yml
new file mode 100644
index 0000000000..d43bde14ba
--- /dev/null
+++ b/schemas/group.yml
@@ -0,0 +1,21 @@
+---
+- name: group
+  title: Group
+  group: 2
+  description: >
+    The group fields are meant to represent groups that are relevant to the
+    event.
+  type: group
+  fields:
+
+    - name: id
+      level: core
+      type: keyword
+      description: >
+        Unique identifier for the group on the system/platform.
+
+    - name: name
+      level: core
+      type: keyword
+      description: >
+        Name of the group.
diff --git a/template.json b/template.json
index d550b633b8..840e8a4af5 100644
--- a/template.json
+++ b/template.json
@@ -334,6 +334,18 @@
             }
           }
         },
+        "group": {
+          "properties": {
+            "id": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "name": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            }
+          }
+        },
         "host": {
           "properties": {
             "architecture": {