Add verbose comments as to

WHY certain macros are excluded
when we look for them.

Author: pyth0n1c

contentctl/objects/abstract_security_content_objects/detection_abstract.py

@@ -438,7 +438,7 @@ def getDetectionMacros(cls, v:list[str], info:ValidationInfo)->list[Macro]:
 
         macros_from_search = Macro.get_macros(search, director)
 
-        return  macros_from_search + [filter_macro]
+        return  macros_from_search
 
     def get_content_dependencies(self)->list[SecurityContentObject]:
         #Do this separately to satisfy type checker

contentctl/objects/macro.py

@@ -9,14 +9,14 @@
 from contentctl.objects.security_content_object import SecurityContentObject
 
 
-
-#MACROS_TO_IGNORE = set(["_filter", "drop_dm_object_name"])
-MACROS_TO_IGNORE = set(["drop_dm_object_name"])
-#Should all of the following be included as well?
-MACROS_TO_IGNORE.add("get_asset" )
-MACROS_TO_IGNORE.add("get_risk_severity")
-MACROS_TO_IGNORE.add("cim_corporate_web_domain_search")
-MACROS_TO_IGNORE.add("prohibited_processes")
+#The following macros are included in commonly-installed apps.
+#As such, we will ignore if they are missing from our app.
+#Included in 
+MACROS_TO_IGNORE = set(["drop_dm_object_name"]) # Part of CIM/Splunk_SA_CIM
+MACROS_TO_IGNORE.add("get_asset") #SA-IdentityManagement, part of Enterprise Security
+MACROS_TO_IGNORE.add("get_risk_severity") #SA-ThreatIntelligence, part of Enterprise Security
+MACROS_TO_IGNORE.add("cim_corporate_web_domain_search") #Part of CIM/Splunk_SA_CIM
+#MACROS_TO_IGNORE.add("prohibited_processes")
 
 
 class Macro(SecurityContentObject):