diff --git a/etc/beats_schemas/v7.15.1.json.gz b/etc/beats_schemas/v7.15.1.json.gz
new file mode 100644
index 000000000..d2b023d69
Binary files /dev/null and b/etc/beats_schemas/v7.15.1.json.gz differ
diff --git a/etc/ecs_schemas/1.12.0/ecs_flat.json.gz b/etc/ecs_schemas/1.12.0/ecs_flat.json.gz
new file mode 100644
index 000000000..5579a1846
Binary files /dev/null and b/etc/ecs_schemas/1.12.0/ecs_flat.json.gz differ
diff --git a/etc/ecs_schemas/1.12.0/ecs_nested.json.gz b/etc/ecs_schemas/1.12.0/ecs_nested.json.gz
new file mode 100644
index 000000000..03f4ddb67
Binary files /dev/null and b/etc/ecs_schemas/1.12.0/ecs_nested.json.gz differ
diff --git a/etc/ecs_schemas/1.12.1/ecs_flat.json.gz b/etc/ecs_schemas/1.12.1/ecs_flat.json.gz
new file mode 100644
index 000000000..325720b2f
Binary files /dev/null and b/etc/ecs_schemas/1.12.1/ecs_flat.json.gz differ
diff --git a/etc/ecs_schemas/1.12.1/ecs_nested.json.gz b/etc/ecs_schemas/1.12.1/ecs_nested.json.gz
new file mode 100644
index 000000000..bef09ce4a
Binary files /dev/null and b/etc/ecs_schemas/1.12.1/ecs_nested.json.gz differ
diff --git a/etc/ecs_schemas/master_8.0.0.dev/ecs_flat.json.gz b/etc/ecs_schemas/master_8.0.0.dev/ecs_flat.json.gz
index d0d9cc8de..7a7d4a856 100644
Binary files a/etc/ecs_schemas/master_8.0.0.dev/ecs_flat.json.gz and b/etc/ecs_schemas/master_8.0.0.dev/ecs_flat.json.gz differ
diff --git a/etc/stack-schema-map.yaml b/etc/stack-schema-map.yaml
index d8f19789f..b8b32b18e 100644
--- a/etc/stack-schema-map.yaml
+++ b/etc/stack-schema-map.yaml
@@ -1,6 +1,8 @@
 # alignment of stack with beats and ecs versions
 #    ECS versions do not align perfectly with stack releases (as of 7.13), so this will reflect MAX ecs version for a
 #    given release
+#
+# refer to release branch in https://github.com/elastic/beats/blob/master/libbeat/_meta/fields.ecs.yml
 
 "7.13.0":
   # beats release about the same time as the stack, so we cannot update this until it is released
@@ -9,12 +11,12 @@
 
 "7.14.0":
   beats: "7.14.0"
-  ecs: "1.11.0"
+  ecs: "1.10.0"
 
 "7.15.0":
-  beats: "master"  # TODO: update this once beats releases
+  beats: "7.15.1"
   ecs: "1.11.0"
 
 "7.16.0":
-  beats: "master"  # TODO: update this once beats releases
-  ecs: "1.11.0"
+  beats: "7.15.1"  # TODO: update this once beats releases
+  ecs: "1.12.1"
diff --git a/rules/cross-platform/defense_evasion_agent_spoofing_mismatched_id.toml b/rules/cross-platform/defense_evasion_agent_spoofing_mismatched_id.toml
index 78411e447..f6b7e2785 100644
--- a/rules/cross-platform/defense_evasion_agent_spoofing_mismatched_id.toml
+++ b/rules/cross-platform/defense_evasion_agent_spoofing_mismatched_id.toml
@@ -3,7 +3,7 @@ creation_date = "2021/07/14"
 maturity = "production"
 updated_date = "2021/07/14"
 min_stack_comments = "The field `event.agent_id_status` was not introduced until 7.14"
-min_stack_version = "7.14.0"
+min_stack_version = "7.15.0"
 
 [rule]
 author = ["Elastic"]
diff --git a/rules/cross-platform/defense_evasion_agent_spoofing_multiple_hosts.toml b/rules/cross-platform/defense_evasion_agent_spoofing_multiple_hosts.toml
index a66ceee82..55a25f391 100644
--- a/rules/cross-platform/defense_evasion_agent_spoofing_multiple_hosts.toml
+++ b/rules/cross-platform/defense_evasion_agent_spoofing_multiple_hosts.toml
@@ -3,7 +3,7 @@ creation_date = "2021/07/14"
 maturity = "production"
 updated_date = "2021/07/14"
 min_stack_comments = "The field `event.agent_id_status` was not introduced until 7.14"
-min_stack_version = "7.14.0"
+min_stack_version = "7.15.0"
 
 [rule]
 author = ["Elastic"]