New Log Type JSON format

[petardz]

Description

1. Removed converting "." to "_" when parsing Sigma rules
2. Introduced new Log Type JSON format to replace existing fieldmappings.yml/mappings.json files
3. Added loading of log types from new Log Type JSON files
4. Replaced usage of fieldmappings.yml with LogType loaded from new JSON format

Issues Resolved

#459

Check List

• New functionality includes testing.
  • All tests pass
• New functionality has been documented.
  • New functionality has javadoc added
• Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[codecov]

Codecov Report

Merging #465 (2cfcb39) into main (d14e764) will increase coverage by 0.02%.
The diff coverage is 30.13%.

@@             Coverage Diff              @@
##               main     #465      +/-   ##
============================================
+ Coverage     28.21%   28.23%   +0.02%     
- Complexity      897      906       +9     
============================================
  Files           231      235       +4     
  Lines          9326     9443     +117     
  Branches       1074     1081       +7     
============================================
+ Hits           2631     2666      +35     
- Misses         6459     6545      +86     
+ Partials        236      232       -4     

Impacted Files	Coverage Δ
...rch/securityanalytics/SecurityAnalyticsPlugin.java	0.00% <0.00%> (ø)
...ecurityanalytics/logtype/BuiltinLogTypeLoader.java	0.00% <0.00%> (ø)
...arch/securityanalytics/logtype/LogTypeService.java	0.00% <0.00%> (ø)
...lytics/transport/TransportIndexDetectorAction.java	0.00% <0.00%> (ø)
...yanalytics/transport/TransportIndexRuleAction.java	0.00% <0.00%> (ø)
...g/opensearch/securityanalytics/util/FileUtils.java	0.00% <0.00%> (ø)
...opensearch/securityanalytics/util/RuleIndices.java	0.00% <0.00%> (ø)
...rg/opensearch/securityanalytics/model/LogType.java	71.42% <71.42%> (ø)
...ecurityanalytics/rules/backend/OSQueryBackend.java	67.24% <100.00%> (+0.86%)	⬆️
.../securityanalytics/rules/backend/QueryBackend.java	64.22% <100.00%> (+0.11%)	⬆️

[sbcd90]

can we use out.writeCollection method here?

[petardz]

done

[sbcd90]

can we add unit tests for this class similar to https://github.com/opensearch-project/common-utils/blob/main/src/test/kotlin/org/opensearch/commons/alerting/model/FindingTests.kt & https://github.com/opensearch-project/common-utils/blob/main/src/test/kotlin/org/opensearch/commons/alerting/model/WriteableTests.kt

[petardz]

done

[sbcd90]

getRuleFieldMappings internally calls getAllLogTypes from BuiltinLogTypeLoader which internally calls loadBuiltinLogTypes.
Why do we need to load all log types & then filter for particular category in memory?

[petardz]

Actual loading of logTypes from disk will be done only 1 time. I replaced getAllLogTypes with BuiltinLogTypeLoader.getLogTypeByName(logType) existing method.