securityonion-elastic: adjust bro_notice parsing

[dougburks]

Looks like at some point desc was changed to file_desc and mime was changed to file_mime_type, so we need to update our parsers to reflect that.

Current ingest:

    { "rename":         { "field": "message2.mime",             "target_field": "file_mime_type",       "ignore_missing": true  } },
    { "rename":         { "field": "message2.desc",             "target_field": "file_description",     "ignore_missing": true  } },

Current logstash:

1109_preprocess_bro_notice.conf:
rename => { "mime" => "file_mime_type" }
rename => { "desc" => "file_description" }

[dougburks]

To test, please verify that file_mime_type and file_description are being parsed properly in both traditional Logstash parsing and Elasticsearch ingest node parsing.

[dougburks]

Published: https://blog.securityonion.net/2020/03/elastic-687-now-available-for-security.html