[System] Add processing for event ID's 4797, 5379, 5380, 5381, and 5382

[MakoWish]

Type of change

• Enhancement

What does this PR do?

This PR adds event parsing to the System Integration's Security Ingest Pipeline for Event ID's 4797, 5379, 5380, 5381, and 5382. This PR is mirroring recent changes to Winlogbeat parsing in PR #34294

Why is it important?

These Event ID's are quite common in our environment, so ensuring the correct event.action is populated will help identify the nature of the event at a quick glance.

Related issues

• Relates #34293

[elasticmachine]

❕ Build Aborted

The PR is not allowed to run in the CI yet

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Start Time: 2023-01-23T19:44:48.819+0000

• Duration: 3 min 51 sec

Steps errors

Expand to view the steps failures

Load a resource file from a library

• Took 0 min 0 sec . View more details here
• Description: approval-list/elastic/integrations.yml

Error signal

• Took 0 min 0 sec . View more details here
• Description: githubApiCall: The REST API call https://api.github.com/orgs/elastic/members/MakoWish return the message : java.lang.Exception: httpRequest: Failure connecting to the service https://api.github.com/orgs/elastic/members/MakoWish : httpRequest: Failure connecting to the service https://api.github.com/orgs/elastic/members/MakoWish : Code: 404Error: {"message":"User does not exist or is not a member of the organization","documentation_url":"https://docs.github.com/rest/reference/orgs#check-organization-membership-for-a-user"}

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

[efd6]

@MakoWish If you don't mind, I'll send an alternative proposal since there is more here to do than just updating the pipeline.