Host information is incorrect

[oren-zohar]

Motivation
Alerts generated from rules that were created from findings display wrong host information on the alert host flyout - the information displayed belongs to the host where the agent is running which is unrelated to the actual alert or misconfiguration (related only in KSPM). The second problem is that for alerts and misconfigurations that actually have a host or user relevant to them (which are not many) we didn't map the host or user Information to the relevant ECS fields.

Definition of done

What needs to be completed at the end of this task

• Populate host.name and user.name with the correct values
  • AWS
  • GCP
  • Azure
• Popoluate the relevant ECS fields

Releated

• https://github.com/elastic/security-team/issues/8517#issuecomment-1987906712

cc @JordanSh @eyalkraft

[kubasobon]

Linking a reference document: https://docs.google.com/spreadsheets/d/1p7m6c-sPn_Orgfc-jwJod9wupvF-2Qp7SDrDLle15_8/edit#gid=124010285

[kubasobon]

Pushed a draft PR with changes. Tested on Azure, IT tests passing. PTAL.

[kubasobon]

I have prepared separate PRs for host and user details. I have also added an integration test check to ensure I did not break CNVM, which already provides correct host section.

Please look at PR descriptions and code to find out which rules got the new Elastic Common Schema fields, since it affects only some of them.

The host section will become empty for most findings and I have confirmed with @maxcold and @Omolola-Akinleye that it should not affect our telemetry.

• host.* PR: Add correct host info for cloud provider virtual machines #2126
• user.* PR: Add correct user info for select IAM resources #2139
• Sanity check for CNVM PR: Sanity check: CNVM resources must have a host section #2138