Add better comments

eric-forte-elastic · eric-forte-elastic · commit f6fc1c96b77f · 2025-11-11T12:28:17.000-05:00
diff --git a/detection_rules/index_mappings.py b/detection_rules/index_mappings.py
@@ -285,6 +285,8 @@ def get_filtered_index_schema(
     filtered_index_lookup = {
         key.replace("logs-endpoint.", "logs-endpoint.events."): value for key, value in filtered_index_lookup.items()
     }
+    # This overwrites any conflicts with non-ecs preferring what is defined in custom mappings
+    # This can be done safely as we have a specific non-ecs-index that will also be included with only non-ecs mappings
     filtered_index_lookup.update(non_ecs_mapping)
     filtered_index_lookup.update(custom_mapping)
 

Original file line number	Diff line number	Diff line change
`@@ -285,6 +285,8 @@ def get_filtered_index_schema(`
`285`	`285`	`filtered_index_lookup = {`
`286`	`286`	`key.replace("logs-endpoint.", "logs-endpoint.events."): value for key, value in filtered_index_lookup.items()`
`287`	`287`	`}`
	`288`	`+ # This overwrites any conflicts with non-ecs preferring what is defined in custom mappings`
	`289`	`+ # This can be done safely as we have a specific non-ecs-index that will also be included with only non-ecs mappings`
`288`	`290`	`filtered_index_lookup.update(non_ecs_mapping)`
`289`	`291`	`filtered_index_lookup.update(custom_mapping)`
`290`	`292`