Schema: Update the email fields list

[miwent]

There are additional schema-defined email fields to be documented:

"Field Name","Example Values","Field Type","Notes"
"email_attachment_file_name","attachment.exe","array","The file name(s) of an attachment."
"email_attachment_file_size","1024","long","The size in bytes of the attachments."
"email_bcc","[email protected]","keyword","The email address of BCC recipient/destination."
"email_cc","[email protected]","keyword","The email address of CC recipient/destination."
"email_delivered_to","[email protected]","keyword","The Delivered-To email header field."
"email_direction","inbound, outbound, lateral","keyword","Indicates the direction of the observed email flow. Must be either inbound, outbound or lateral, this should be mapped to these values if vendors provide network direction differently."
"email_from","[email protected]","keyword","Per RFC 5322, specifies the address responsible for the actual transmission/sender of the message."
"email_message_id",<[email protected]>,"keyword","The globally-unique message identifier."
"email_raw_header"," ","keyword","The email authentication header."
"email_reply_to","[email protected]","keyword","The address that replies should be delivered to based on the value in the RFC 5322 Reply-To: header."
"email_size","234","long","The size of an email in bytes."
"email_subject","RE: FWD: Testing","keyword","The email subject."
"email_to","[email protected]","keyword","The email address of recipient/destination."
"email_uid","123456789A","keyword","The email unique identifier internally used by an email software to track a message."
"email_x_originating_ip","192.168.2.3","array","The X-Originating-IP header identifying the email's originating IP address(es)."
"email_xmailer","spambot","keyword","Tool that created and sent the email."