Security-analytics-plugin general field mapping ECS - SIGMA question

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
2.5, 2.5, Ubuntu, Safari

Describe the issue:

Following question:

Is it correct that the mapping of the ECS fields takes place in the following yml file, such as for linux

github:
security-analytics/src/main/resources/OSMapping/linux/mappings.json

Is it correct that the mapping of the SIGMA rules to the ECS fields takes place in the following yml file, such as for linux

github:
security-analytics/src/main/resources/OSMapping/linux/fieldmappings.yml

If that’s the case, then I don’t think the ECS field mapping in the process exe is correct, for example.

“process-exe”: {
“path”: “process.exe”,
“type”: “alias”
},

Shouldn’t the path be “process.executable” here?

best regards