Evidence Artifacts object doesn't have attribute to describe target job of a Scheduled Job Activity

[davemcatcisco]

Scheduled Task/Job T1053 is a widely-used technique to implement the tactics of Execution, Persistence, and Privilege Escalation. The OCSF schema's Scheduled Job Activity event class covers this, with the Job object providing detail.

Unfortunately, the Evidence Artifacts object doesn't have a job attribute and this means that a Detection Finding event triggered in part or in full by a Scheduled Job Activity event cannot include details of the implicated job. I see this as a significant gap.

I will create a very short PR to add the job attribute to the Evidence Artifacts object. Note that this issue is very similar to one that I raised and fixed previously, albeit this new issue is simpler to address because it is not platform specific.