Add Splunk detections to LOLBAS

[josehelps]

Hello LOLBAS Team this PR does 2 major things:

1. adds a new script called enrich_with_splunk.py under scripts/enrich_with_splunk.py
2. updates all the LOLBAS to include known Splunk Security Content detections for these LOLBAS under the detection reference.

The script logic for matching which LOLBAS has a detection is somewhat simple, it uses the following heuristic:

1. looks if Splunk has detection matching the MITRE Technique ID of the Command
2. If the Technique ID matches it checks if the LOLBAS is in the name of the Splunk search
3. A URL is added to the Detection array to include the matching Splunk detection

This can use a bit of testing and maybe a README but please give me any feedback you might have.

[josehelps]

There are the updated LOLBAS that now have references:

(enrich-with-splunk-IWdu2Nuj-py3.10) jhernandez in ~/splunk/LOLBAS on master ● ● λ grep -ri 'splunk' yml/* | awk '{print $1}' | sort  | uniq -c
3 yml/OSBinaries/At.yml:-
1 yml/OSBinaries/Certutil.yml:-
4 yml/OSBinaries/Cmd.yml:-
1 yml/OSBinaries/Cmstp.yml:-
1 yml/OSBinaries/Control.yml:-
1 yml/OSBinaries/Eventvwr.yml:-
1 yml/OSBinaries/Forfiles.yml:-
6 yml/OSBinaries/Installutil.yml:-
1 yml/OSBinaries/Mavinject.yml:-
2 yml/OSBinaries/Microsoft.Workflow.Compiler.yml:-
2 yml/OSBinaries/Mmc.yml:-
4 yml/OSBinaries/Msbuild.yml:-
1 yml/OSBinaries/Msdt.yml:-
6 yml/OSBinaries/Mshta.yml:-
6 yml/OSBinaries/Msiexec.yml:-
3 yml/OSBinaries/Netsh.yml:-
3 yml/OSBinaries/Odbcconf.yml:-
1 yml/OSBinaries/Pcalua.yml:-
1 yml/OSBinaries/Rasautou.yml:-
3 yml/OSBinaries/Regasm.yml:-
1 yml/OSBinaries/Regedit.yml:-
3 yml/OSBinaries/Regsvcs.yml:-
4 yml/OSBinaries/Regsvr32.yml:-
2 yml/OSBinaries/Reg.yml:-
15 yml/OSBinaries/Rundll32.yml:-
3 yml/OSBinaries/Schtasks.yml:-
1 yml/OSBinaries/Verclsid.yml:-
1 yml/OSBinaries/Wsreset.yml:-
1 yml/OSLibraries/Advpack.yml:-
1 yml/OSLibraries/comsvcs.yml:-
1 yml/OSLibraries/Setupapi.yml:-
1 yml/OSLibraries/Syssetup.yml:-
1 yml/OSScripts/Cl_invocation.yml:-
1 yml/OSScripts/CL_LoadAssembly.yml:-
1 yml/OSScripts/CL_mutexverifiers.yml:-
1 yml/OSScripts/Manage-bde.yml:-
1 yml/OSScripts/pester.yml:-
1 yml/OSScripts/Pubprn.yml:-
1 yml/OSScripts/Syncappvpublishingserver.yml:-
1 yml/OSScripts/UtilityFunctions.yml:-
1 yml/OSScripts/Winrm.yml:-
1 yml/OtherMSBinaries/Dotnet.yml:-
1 yml/OtherMSBinaries/Ntdsutil.yml:-

[bohops]

@josehelps This is a great PR. Let me know what I can do to help get this verified and added

[josehelps]

Hey @bohops I will work on the merge conflicts tonight to get it all working!

[josehelps]

brought the branch up to date @bohops but looks like there are some linting issues with the yaml will look into that next.