Bluecheck content parsing and alarm

[MarcOverIP]

Bluecheck output should be fully parsed by Logstash, and alarms should be made. Data is sent to dedicated bluecheck-* index

• [x] Create logstash filter rule for Bluecheck Certcheck (check for TLS cert info on specified domain)
• [x] Create logstash filter rule for Bluecheck SecurityTools (check for active AV/EDR/Forensics tools on the host)
• [ ] Create logstash filter rule for Bluecheck PasswordCheck (check for password change date of specified account)
• [x] Update index patterns and saved objects for updated bluecheck index
• [ ] Create alarm for CertCheck: check for change in output for specific domain.
• [ ] Create alarm for SecurityToolCheck: check for change in output for running security tools on this host.
• [ ] Create alarm for PasswordCheck: ??? not sure yet on how to detect rogue action here, maybe check if multiple accounts are changed on the same date?

[MarcOverIP]

Tracked in branch bluecheck-update