diff --git a/ecs/vulnerability-detector/event-generator/event_generator.py b/ecs/vulnerability-detector/event-generator/event_generator.py
index bb2621a9f4830..1e1f735ba01db 100755
--- a/ecs/vulnerability-detector/event-generator/event_generator.py
+++ b/ecs/vulnerability-detector/event-generator/event_generator.py
@@ -151,7 +151,8 @@ def generate_random_vulnerability():
         'scanner': {
             'vendor': f'vendor-{random.randint(0, 9)}',
             'source': random.choice(['NVD', 'OpenCVE', 'OpenVAS', 'Tenable']),
-            'condition': random.choice(['is', 'is not'])
+            'condition': random.choice(['is', 'is not']),
+            'reference': f'https://cti.wazuh.com/vulnerabilities/cves/CVE-{id}'
         },
         'score': {
             'base': round(random.uniform(0, 10), 1),
diff --git a/ecs/vulnerability-detector/fields/custom/vulnerability.yml b/ecs/vulnerability-detector/fields/custom/vulnerability.yml
index d6ba31145b2a6..0fd32fed49551 100644
--- a/ecs/vulnerability-detector/fields/custom/vulnerability.yml
+++ b/ecs/vulnerability-detector/fields/custom/vulnerability.yml
@@ -32,3 +32,8 @@
       level: custom
       description: >
         The condition matched by the package that led the scanner to consider it vulnerable.
+    - name: scanner.reference
+      type: keyword
+      level: custom
+      description: >
+        Scanner's resource that provides additional information, context, and mitigations for the identified vulnerability.