Added Regex and full query for definition files with additional parameter mappings and output fields for SentinelOne

[xC0uNt3r7hr34t]

changes are only applied to the SentinelOne product in this PR.

• Regex filtering is added to properly identify regex strings in a definition file and apply the appropriate operators.
• a parameter 'query' was added to filter full queries defined in definition files and properly add them to the list of queries with the proper formatting.
• Additional parameter mappings were added to support additional query fields in definition files.
• Additional output fields have been added to support multiple event types that are returned in order to better see when and where matches occur with queries and definition files. StorylineID was added to be able to pivot to SentinelOne console for further investigation when necessary.

Validation:
definition file containing full query options and regular definitions

successful output of definition file using regex and showing added fields in CSV

Resolves #85
Resolves #86

[rc-csmith]

Still working on a review of this but in the meantime, this is the test file I'm using for future reference

{
  "query_i_know_works":{
    "process_name":["services.exe"]
  },
  "two_1-field_queries":{
    "query":[
      "TgtProcName = \"services.exe\"",
      "DnsRequest = \"google.com\""
    ]
  },
  "1-field_query":{
    "query":["TgtProcName = \"powershell.exe\""]
  },
  "2-field_query":{
    "query":["TgtProcName = \"svchost.exe\" AND DnsRequest = \"github.com\""]
  },
  "two_2-field_queries":{
    "query":[
      "TgtProcName = \"chrome.exe\" AND DnsRequest = \"gmail.com\"",
      "FilePath = \"malware.zip\" AND TgtProcName = \"firefox.exe\""
    ]
  },
  "regex_test":{
    "ipaddr":["(^127\\.)|(^10\\.)|(^172\\.1[6-9]\\.)|(^172\\.2[0-9]\\.)|(^172\\.3[0-1]\\.)|(^192\\.168\\.)"],
    "process_name":["[A-Z]{9}.exe"]
  }
}

[rc-csmith]

Simplified the code a little bit to avoid using regex checks unless absolutely necessary.

I really like the expanded list of supported event fields - I haven't fully tested that portion but the column orders look good and the names make sense.

[rc-csmith]

Looks great to me!

edit: going to go ahead and merge so we can update future branches with these changes and adjust code accordingly