Enriched rule names

[Doserdog]

This pull request addresses issue https://github.com/olafhartong/sysmon-modular/issues/81.

Namely, enriches the rule name to include tactic_(id,name) technique_(id,name) subtechnique_(id,name).

Additionally updated older techniques to their most recent TTP.

[nicpenning]

Excellent work @Doserdog !

@olafhartong This is a rather large pull but I think it will extend all of the great work you have done to get even more benefits out of the modular approach.

The script I created on my PR to match valid Mitre ATT&CK will work very well with the new rules created here.

Let me know how I can assist!

[olafhartong]

Thanks a LOT for all this work, I'm still contemplating whether I want this much information in there. It's quite a long line like this, taking away from the readability of the config files.

[nicpenning]

That is true on the readability, but think about the advantages to your SIEM as you will have the Tactic info available and you won't have to cross reference. Definitely think about it.

The idea is that you can use the script from PR https://github.com/olafhartong/sysmon-modular/pull/80 to help manage and maintain proper Tactics/Techniques in the rule names as it will check for those things.

Here is a sample dashboard with the data from the extended rule names from our SIEM:

[austinsonger]

I like it.