Add MITRE Related Fields

[gormanbj]

Describe the bug

Now that a MITRE UID > name lookup exists in core, consider adding attacks_technique_uid and attacks_technique_name to schema.

Example:

attacks_technique_uid = T1059.001
attacks_technique_name = Command and Scripting Interpreter: PowerShell

[miwent]

Need to identify the attacks_technique_uid as a multi-valued field. There is an enrichment in core that uses lookup_all() to enrich events based on this field, populating the attacks_technique_name with detailed information.

Document that the attacks_technique_uid value can be set as a string, containing multiple technique IDs and sub-IDs, separated by a pipe character (|).

Document in attacks_technique_name that the field will be enriched by core if it is not already set.

[gormanbj]

For now, do we want to get these fields added to the schema and also for now, note that we currently only support multi-value fields?

[StefanAustin]

MITRE, CVE, CVSS, EPSS
ideas: https://schema.ocsf.io/1.1.0/objects/cve?extensions=

[StefanAustin]

Maybe add similar fields for risk, impact and confidence because SecDev may implement stuff around this and AWS Security lake has these features.
confidence_id
impact_ip
risk_level_id