Add origin_url and origin_referrer_url field to Process/DLL events

[AsuNa-jp]

Change Summary

This PR adds the following fields to the Process/DLL event mapping.

• origin_referrer_url
• origin_url

These fields have already been added to ECS at the following PR, but since it will take some time to upgrade the ECS version used by the endpoint package, we’ve decided to temporarily mirror the fields in the endpoint package.

• [RFC] Stage 2: Introducing new fields in file/dll/process fields

Also created the following PR.

• Created the PR to Kibana: [Security Solution] Filterlist Update for Endpoint Events

Note

For file.origin_referrer_url and file.origin_url were already added in the following PR for the endpoint-package before being added to ECS. We took this approach because we wanted to start using these fields for file events early on.

• Add file.origin_referrer_url and file.origin_url to FileEvent
• [Security Solution] Filterlist Update for Endpoint Events
  

Sample values

• process.origin_referrer_url: "http://example.com/article1.html"
• process.origin_url: "http://example.com/files/example.exe"
• dll.origin_referrer_url: "http://example.com/article1.html"
• dll.origin_url: "http://example.com/files/example.dll"

Sample document

sample document is added to sample_event.json

• package/endpoint/data_stream/process/sample_event.json
• package/endpoint/data_stream/library/sample_event.json

Release Target

9.1/8.19

Q/A

For mapping changes:

• I ran make after making the schema changes, and committed all changes
• If these field(s) are "exception"-able, I made a companion PR to Kibana adding it (see Readme)
  • Created the PR to Kibana: [Security Solution] Filterlist Update for Endpoint Events
• If this is a metadata change, I also updated both transform destination schemas to match

For Transform changes:

• The new transform successfully starts in Kibana
• The corresponding transform destination schema was updated if necessary