[Windows] Add support for event IDs 5137 and 5141 in forwarded data streams

[moxarth-rathod]

Proposed commit message

windows: add support for event IDs 5137 and 5141 in forwarded data streams

Added ECS categorization for directory service object creation (5137) and deletion (5141) events. 
Includes new field mappings for AppCorrelationID, DSName, DSType, ObjectClass, ObjectDN, ObjectGUID, 
OpCorrelationID, and TreeDelete.

Test logs were generated from documentation.

Checklist

• I have reviewed tips for building integrations and this pull request is aligned with them.
• I have verified that all data streams collect metrics or logs.
• I have added an entry to my package's changelog.yml file.
• I have verified that Kibana version constraints are current according to guidelines.
• I have verified that any added dashboard complies with Kibana's Dashboard good practices

How to test this PR locally

• Clone integrations repo.
• Install elastic package locally.
• Start elastic stack using elastic-package.
• Move to integrations/packages/windows directory.
• Run the following command to run tests.

elastic-package test

[elasticmachine]

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

[elastic-vault-github-plugin-prod]

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

[elasticmachine]

Pinging @elastic/elastic-agent-data-plane (Team:Elastic-Agent-Data-Plane)

[elasticmachine]

Pinging @elastic/sec-windows-platform (Team:Security-Windows Platform)

[narph]

cc @marc-gr , can you have a quick look?

[elasticmachine]

💚 Build Succeeded

• Buildkite Build
• Commit: c1786ed

History

• 💚 Build #37178 succeeded 9ba4489
• 💚 Build #37011 succeeded 35e1657

cc @moxarth-rathod

[elastic-vault-github-plugin-prod]

Package windows - 3.5.0 containing this change is available at https://epr.elastic.co/package/windows/3.5.0/