Add descriptions and Mitre components to data sources

[delgado-jacob]

Details

We're integrating this data into the SnapAttack platform and I added some additional elements to facilitate that process. Would love to have this saved back to the repo, if possible.

• Expanded the description verbiage to try to capture what events the data source encompasses
• Added a mapping to Mitre Att&ck Data Source component(s) that the log would fall under
• Added a field to capture the separator_value to complement the separator
• Added a few new data source entries for the other types of bro/zeek logs (renamed the existing Bro source to Bro http since it was limited to http sourcetype)
• I did not increment the version or dates since I don't know what criteria is being used for determining a version change, but I can do that if appropriate.

[josehelps]

thank you for the contribution @delgado-jacob overall this looks great, please do update the date and version tick it up to 2 since we are modifying a bit the files. We do not have a hard and fast rule for this but since we are making a notable change to it might was well punch it up. Also since you are renaming the bro data source mind adjusting the detection Detect Outbound LDAP Traffic to point to the newly named data source for bro, otherwise its rendering on the research.splunk.com will break. Otherwise LGTM.

[delgado-jacob]

Thanks @josehelps. I went ahead and updated the dates and versions and the Detect Outbound LDAP Traffic detection.

[josehelps]

Sweet thank you! @delgado-jacob noticed that we also need to allow these new fields in our tooling, @ljstella from the team was kind enough to build a PR for this, we will need this merged in first before we can bring this in otherwise builds will fail due to check.

splunk/contentctl#353