Update default.yml

w0rk3r · w0rk3r · commit 2052ec76ecb8 · 2025-10-29T08:10:26.000-03:00
diff --git a/packages/windows/data_stream/powershell_operational/elasticsearch/ingest_pipeline/default.yml b/packages/windows/data_stream/powershell_operational/elasticsearch/ingest_pipeline/default.yml
@@ -338,6 +338,7 @@ processors:
         Entropy (0-20 bits) measures randomness; surprisal_sd measures distribution uniformity.
       if: ctx._temp?.script_block_no_signature != null
       source: |-
+        // Entropy Variance from: https://github.com/elastic/toutoumomoma/blob/be287c9c0d0e435572e3889a6584199983c688f0/toutoumomoma.go#L326-L363.
         String script = ctx._temp.script_block_no_signature;
         
         script = java.text.Normalizer.normalize(script, java.text.Normalizer.Form.NFC);
@@ -364,8 +365,6 @@ processors:
             pSum += p;
             double tmp = entropy;
             entropy = tmp + (p / pSum) * (l2p - tmp);
-            
-            // Reference: https://github.com/elastic/toutoumomoma/blob/be287c9c0d0e435572e3889a6584199983c688f0/toutoumomoma.go#L326-L363
             surprisalVar += p * (l2p - tmp) * (l2p - entropy);
         }
         
