trendmicro: enhance ecs mappings for `event.category` and `event.type`

[kgeller]

For the trendmicro integration, the default pipeline sets event.category: network and event.type: [connection,access,allowed,denied,info]. Having these categorization fields mass applied to all events makes it more difficult for users to gain insight into the events.

ECS event.category allowed values: https://www.elastic.co/guide/en/ecs/current/ecs-allowed-values-event-category.html ECS event.type allowed values: https://www.elastic.co/guide/en/ecs/current/ecs-allowed-values-event-type.html

[kgeller]

Hi @emnp ! Pinging you here in case you have any thoughts on this issue as the original author of the integration

[elasticmachine]

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)