add mitre attack based auto-correlations support in correlation engine

[sbcd90]

Description

Findings in security-analytics link sigma rules to logs. Each sigma rule is linked to one or more mitre tactics & techniques. this info along with mitre cti relationships are used to generate auto-correlations among findings.
this pr add mitre attack based auto-correlations support in correlation engine. https://github.com/mitre/cti

Issues Resolved

[List any issues this PR will resolve]

Check List

• New functionality includes testing.
  • All tests pass
• New functionality has been documented.
  • New functionality has javadoc added
• Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[eirsep]

plz add more elaborate description

[eirsep]

how can we verify this

[sbcd90]

we generated this from https://github.com/mitre/cti

[codecov]

Codecov Report

Merging #532 (9cd032b) into main (4d63f38) will decrease coverage by 0.26%.
The diff coverage is 0.00%.

@@             Coverage Diff              @@
##               main     #532      +/-   ##
============================================
- Coverage     25.72%   25.47%   -0.26%     
- Complexity      938      942       +4     
============================================
  Files           252      253       +1     
  Lines         10768    10895     +127     
  Branches       1197     1223      +26     
============================================
+ Hits           2770     2775       +5     
- Misses         7749     7873     +124     
+ Partials        249      247       -2     

Files Changed	Coverage Δ
...arch/securityanalytics/correlation/JoinEngine.java	0.00% <0.00%> (ø)
...ics/transport/TransportCorrelateFindingAction.java	0.00% <0.00%> (ø)
...h/securityanalytics/util/AutoCorrelationsRepo.java	0.00% <0.00%> (ø)

... and 1 file with indirect coverage changes

[eirsep]

can we log error message that auto correlation has failed

[eirsep]

why info log? error or debug would be better. along with description message of what this failure is from?

[eirsep]

I am approving this
but can we take a follow up action item to add code comments.
This will make the repo and this feature more maintainable and understandable to community

[sbcd90]

updated to a more verbose description. added review comments to issue #502