crowdstrike: Modify threat.framework based on prefix and custom tactic names

[kcreddy]

Proposed commit message

Derive threat.framework from prefix and custom tactics.

Crowdstrike adds custom tactics based on Falcon Detection framework.
The ID of tactics starts with prefix `CS`. In cases where this is 
missing, all the custom Crowdstrike tactics names are used to set 
`threat.framework` as `CrowdStrike Falcon Detections Framework`.

Checklist

• [ ] I have reviewed tips for building integrations and this pull request is aligned with them.
• [ ] I have verified that all data streams collect metrics or logs.
• [x] I have added an entry to my package's changelog.yml file.
• [ ] I have verified that Kibana version constraints are current according to guidelines.

How to test this PR locally

elastic-package test pipeline --generate -v --data-streams=alert

--- Test results for package: crowdstrike - START ---
╭─────────────┬─────────────┬───────────┬────────────────┬────────┬──────────────╮
│ PACKAGE     │ DATA STREAM │ TEST TYPE │ TEST NAME      │ RESULT │ TIME ELAPSED │
├─────────────┼─────────────┼───────────┼────────────────┼────────┼──────────────┤
│ crowdstrike │ alert       │ pipeline  │ test-alert.log │ PASS   │   3.428458ms │
╰─────────────┴─────────────┴───────────┴────────────────┴────────┴──────────────╯
--- Test results for package: crowdstrike - END   ---
Done

Related issues

• Closes https://github.com/elastic/integrations/issues/10196

[elasticmachine]

:rocket: Benchmarks report

To see the full report comment with /test benchmark fullreport

[elasticmachine]

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

[elasticmachine]

:green_heart: Build Succeeded

• Buildkite Build
• Commit: 7e565e45c4a02bfb95a7e8a39ddd354fbff6b117

History

• :green_heart: Build #12889 succeeded c46711821bd6032c8a7bbe46485e71f3c6cc74c4

cc @kcreddy

[elastic-sonarqube[bot]]

Quality Gate failed

Failed conditions
59.6% Coverage on New Code (required ≥ 80%)

See analysis details on SonarQube