[bug] `converter.py` does not convert `aggregation condition` correctly which has replaced fields

Describe the bug converter.py does not convert aggregation condition correctly which has replaced fields🤔

https://github.com/Yamato-Security/hayabusa-rules/blob/805af2523d308cc18c4640536b538741b6e8498c/sigma/builtin/unsupported/windows/proc_creation_win_correlation_dnscat2_powershell_implementation.yml#L13-L22

In the above example, the field name conversion is done as follows in the selection ,

ParentImage -> ParentProcessName
Image -> NewProcessName

but condition's aggregation fields name does not converted.

Step to Reproduce

execute convert.py
check builtin/unsupported/windows/proc_creation_win_correlation_dnscat2_powershell_implementation.yml

Expected behavior condition's aggregation fields name converted as follows.

 SELECTION_3: 
     ParentProcessName: 
     - '*\powershell.exe' 
     - '*\pwsh.exe' 
 SELECTION_4: 
     NewProcessName: '*\nslookup.exe' 
 SELECTION_5: 
     CommandLine: '*\nslookup.exe' 
 condition: (SELECTION_1 and SELECTION_2 and SELECTION_3 and SELECTION_4 and SELECTION_5) 
     | count(NewProcessName) by ParentProcessName > 100

Environment

OS: macOS montery version 13.1
hayabusa version ~v.2.4.0
- I think converter.py has not changed so much, it seems to be an issue since the initial release.

Additional context Sigma original rule is https://github.com/SigmaHQ/sigma/blob/master/unsupported/windows/proc_creation_win_correlation_dnscat2_powershell_implementation.yml

Yamato-Security / hayabusa-rules

[bug] `converter.py` does not convert `aggregation condition` correctly which has replaced fields #397

396