Import hard-coded list of common fields

[mrodm]

Relates #1018

This PR adds in build time a new file fields/imported_elastic_package.yml with a list of common fields (hard-coded in the code).

[elasticmachine]

💔 Build Failed

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Start Time: 2022-11-04T13:38:23.117+0000

• Duration: 31 min 32 sec

Test stats 🧪

Test	Results
Failed	0
Passed	799
Skipped	0
Total	799

Steps errors

Expand to view the steps failures

Check

• Took 1 min 10 sec . View more details here
• Description: make install test-check-packages-other check-git-clean

Check

• Took 1 min 14 sec . View more details here
• Description: make install test-build-zip check-git-clean

Build elastic-package

• Took 0 min 11 sec . View more details here
• Description: make PACKAGE_UNDER_TEST=apache test-check-packages-parallel

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

[elasticmachine]

🌐 Coverage report

Name	Metrics % (covered/total)	Diff
Packages	100.0% (30/30)	💚
Files	66.393% (81/122)	👎 -0.273
Classes	61.017% (108/177)	👎 -0.396
Methods	45.892% (324/706)	👎 -1.77
Lines	29.384% (3048/10373)	👎 -1.339
Conditionals	100.0% (0/0)	💚

[P1llus]

Is there any reason why threat would need to be included in this? Especially threat.enrichments which would not exist in any datastream outside the ones generated by SIEM rules (alerts indices).

[mrodm]

Looking at the proposed fields to be hardcoded #1018 (comment), there were some ecs external fields like geo.*. However, among the ecs fields there are no fields that start with ^geo.*. Therefore, as a first approach, I just tried to include all the geo fields that I found here: https://github.com/elastic/ecs/blob/main/generated/ecs/ecs_flat.yml

[mrodm]

Closing this PR in favor of #1073