Adding logic for MITRE enrichment

[ryandamour]

This adds logic to scrape both attack and sub-technique id's from MITRE when any MITRE id is referenced within the "tags" values. Community rules will sometimes have the ID referenced, but it would be helpful to also enrich on that. An entirely new field is created called mitre, and will append to the yaml file with the new content. A sigmac config can then be used to map these new fields and values for enriching sigma generated alerts.

An example rule before:

author: Ryan
description: Finds bad stuff
detection:
  condition: selection and not filter
  filter:
    AccountName: ANONYMOUS LOGON
  selection:
  - EventID: 1111
    LogonProcessName: test
    LogonType: 1
falsepositives:
- Administrator activity
- Penetration tests
level: medium
logsource:
  definition: Finds bad stuff
  product: templeOS
  service: security
references:
- https://github.com/
status: stable
tags:
- attack.lateral_movement
- attack.t1075
- attack.T1065
- attack.T1045
title: Finds Bad Stuff

The rule after being linted (+'s have been added on new lines for demonstration purposes):

author: Ryan
description: Finds bad stuff
detection:
  condition: selection and not filter
  filter:
    AccountName: ANONYMOUS LOGON
  selection:
  - EventID: 1111
    LogonProcessName: test
    LogonType: 1
falsepositives:
- Administrator activity
- Penetration tests
level: medium
logsource:
  definition: Finds bad stuff
  product: templeOS
  service: security
+ mitre:
+  subTechniques:
+  - T1550
+  - T1027
+  tactics:
+  - DefenseEvasion
+  - LateralMovement
references:
- https://github.com/
status: stable
tags:
- attack.lateral_movement
- attack.t1075
- attack.T1065
- attack.T1045
title: Finds Bad Stuff