Add support for TLP 2.0

[mdavis332]

Summary

FIRST, the org that defines the TLP standard, has adopted TLP 2.0. ECS should support the new marking under fields like threat.indicator.marking.tlp.

Motivation:

TLP 2.0 has already seen adoption by FIRST, MISP, and others. It will be important to support the new version.

Detailed Design:

There are some minor tweaks that would be good to support, namely:

• TLP:WHITE is now called TLP:CLEAR
• A new marking, TLP:AMBER+STRICT, has been added

[kgeller]

Hi @mdavis332 , thanks for raising this, it definitely seems a good add. We strongly encourage contributions via PR if you're open to it.

[mdavis332]

Hi @mdavis332 , thanks for raising this, it definitely seems a good add. We strongly encourage contributions via PR if you're open to it.

Thanks @kgeller. I have attempted to address this via #2034. That is a simple-to-implement adjustment, though specifying some values, e.g., AMBER, may be ambiguous as to which TLP version the user meant. However, in practice, I can't think of a reason it would matter since the definitions of markings shared between TLP versions 1 and 2 (like AMBER) didn't substantively change.

[kgeller]

Closing since the PR was merged.