Upgrading ECS Go definitions to 1.8 caused Packetbeat's HTTP event_test
to fail due to a couple of new ECS fields introduced in v1.7 not being
expected. Those are:

- request.mime_type
- response.mime_type

Packetbeat doesn't actually fill those fields. That task is acomplished
by the detect_mime_type processor.

Adds the host.os.type field introduced by ECS 1.8.0.

Possible values for this field are:
- linux
- macos
- unix
- windows

The field will be missing for OSes not in the list.

Related #23118

* User enhancements for powershell module

* User enhancements for security and sysmon module

* Add registry category to events

* Add session category to events

* Set target group when possible

* Improve ECS mappings and upgrade to ecs 1.8

* Run mage update

* Add new ECS user and categories features to google_workspace/gsuite

* Update CHANGELOG.next.asciidoc

Co-authored-by: Adrian Serrano <adrisr83@gmail.com>

Co-authored-by: Adrian Serrano <adrisr83@gmail.com>

* Packetbeat changes for ECS 1.8

* Remove unused parameter

Updates Auditbeat to new ECS 1.8.
- Support new user/group fields provided by go-libaudit.
- Support AUDIT_LOGIN.
- Adds golden file tests to auditd.
- Updates elastic/go-libaudit dependency to v2.2.0.

Update the auditd module in Filebeat to apply the same ECS enrichments as Auditbeat / go-libaudit.
This is achieved by an autogenerated processor that performs the enrichments defined in go-libaudit's
normalizations.yaml.

- Update microsoft/defender_atp to ECS 1.8

This copies host.user.* fields into user.* as host.user is deprecated
starting ECS 1.8.

- Update microsoft/m365_defender to ECS 1.8

Deprecate host.user fields.

- Updates the o365 pipeline to populate user and group added messages.
- file input: Properly report JSON decoding errors

Co-authored-by: Adrian Serrano <adrisr83@gmail.com>

* Change ecs version to 1.8.0

* Add ecs mappings to http and mysql filesets

Updates azure module to add some extra ECS fields:
- event.original
- user.email
- related.ip
- related.user

Update the s3access dataset. There's nothing ECS 1.8 in particular.

This adds:

- event.category: "web"
- event.type: "access"
- event.original
- http.request.method
- http.response.body.bytes
- http.version
- url.original (http request URI)

Fixes:

- event.duration needed to be converted to nanoseconds (was milliseconds)

Updates aws/cloudtrail to map multiuser events to ECS 1.8.

Updates mysqlenterprise:

- Improve related.* field mapping.
- Populate event.original.
- Generate iam user creation and deletion from CREATE USER and DROP USER.

Updates sophos/xg ECS mappings:

- populate related.hosts.
- avoid duplicates in related fields.
- set user.name for authentications.

* Set ecs.version to 1.8.0 on all x-pack/filebeat modules

* set ecs.version to 1.8.0 on all filebeat modules

* Set ECS version to 1.8.0 in Winlogbeat

* Set ECS version to 1.8.0 in heartbeat

* Set ECS version 1.8.0 in metricbeat

…ine (#23929)

* Upgrade okta to ecs 1.8.0 and move js processor to ingest pipeline

* Add description field and set _id properly

Updates zoom pipeline with new ECS 1.8 mappings (multiuser).
Fixes a couple of issues with the existing module:
- user events: missing mapping for event.category (wrongly mapped to event.type).
- chat_channel events: fixed an error in the pipeline that caused some events to be dropped on ingestion.