diff --git a/detection_rules/beats.py b/detection_rules/beats.py
index 09a68e64a..fe3308e3f 100644
--- a/detection_rules/beats.py
+++ b/detection_rules/beats.py
@@ -95,9 +95,9 @@ def download_latest_beats_schema():
     download_beats_schema(latest_release["tag_name"])
 
 
-def refresh_master_schema():
-    """Download and refresh beats schema from master."""
-    _decompress_and_save_schema('https://github.com/elastic/beats/archive/master.zip', 'master')
+def refresh_main_schema():
+    """Download and refresh beats schema from main."""
+    _decompress_and_save_schema('https://github.com/elastic/beats/archive/main.zip', 'main')
 
 
 def _flatten_schema(schema: list, prefix="") -> list:
@@ -123,7 +123,7 @@ def _flatten_schema(schema: list, prefix="") -> list:
         elif "name" in s:
             s = s.copy()
             # type is implicitly keyword if not defined
-            # example: https://github.com/elastic/beats/blob/master/packetbeat/_meta/fields.common.yml#L7-L12
+            # example: https://github.com/elastic/beats/blob/main/packetbeat/_meta/fields.common.yml#L7-L12
             s.setdefault("type", "keyword")
             s["name"] = prefix + s["name"]
             flattened.append(s)
@@ -198,8 +198,8 @@ def get_max_version() -> str:
 
 @cached
 def read_beats_schema(version: str = None):
-    if version and version.lower() == 'master':
-        return json.loads(read_gzip(get_etc_path('beats_schemas', 'master.json.gz')))
+    if version and version.lower() == 'main':
+        return json.loads(read_gzip(get_etc_path('beats_schemas', 'main.json.gz')))
 
     version = Version(version) if version else None
     beats_schemas = get_versions()
diff --git a/detection_rules/schemas/__init__.py b/detection_rules/schemas/__init__.py
index dd7a1a1f4..a3cf07d5f 100644
--- a/detection_rules/schemas/__init__.py
+++ b/detection_rules/schemas/__init__.py
@@ -230,6 +230,6 @@ def get_stack_schemas(stack_version: str) -> Dict[str, dict]:
                 if (mapped_version := Version(k)) >= stack_version and mapped_version <= current_package and v}
 
     if stack_version > current_package:
-        versions[stack_version] = {'beats': 'master', 'ecs': 'master'}
+        versions[stack_version] = {'beats': 'main', 'ecs': 'master'}
 
     return versions
diff --git a/etc/beats_schemas/main.json.gz b/etc/beats_schemas/main.json.gz
new file mode 100644
index 000000000..b4b96db29
Binary files /dev/null and b/etc/beats_schemas/main.json.gz differ
diff --git a/etc/beats_schemas/master.json.gz b/etc/beats_schemas/master.json.gz
deleted file mode 100644
index 4cd86e06f..000000000
Binary files a/etc/beats_schemas/master.json.gz and /dev/null differ
diff --git a/etc/stack-schema-map.yaml b/etc/stack-schema-map.yaml
index 9a48995e5..e3d0761b6 100644
--- a/etc/stack-schema-map.yaml
+++ b/etc/stack-schema-map.yaml
@@ -2,7 +2,7 @@
 #    ECS versions do not align perfectly with stack releases (as of 7.13), so this will reflect MAX ecs version for a
 #    given release
 #
-# refer to release branch in https://github.com/elastic/beats/blob/master/libbeat/_meta/fields.ecs.yml
+# refer to release branch in https://github.com/elastic/beats/blob/main/libbeat/_meta/fields.ecs.yml
 
 "7.13.0":
   # beats release about the same time as the stack, so we cannot update this until it is released
@@ -28,9 +28,9 @@
   ecs: "1.12.1"
 
 "8.1.0":
-  beats: "master"  # TODO: update this once beats releases
+  beats: "main"  # TODO: update this once beats releases
   ecs: "1.12.1"
 
 "8.2.0":
-  beats: "master"  # TODO: update this once beats releases
+  beats: "main"  # TODO: update this once beats releases
   ecs: "1.12.1"