Evidence Artifacts object doesn't have attributes to describe registry keys or values

[davemcatcisco]

A Detection Finding event contains an array of Evidence Artifacts objects whose purpose is:

Describes various evidence artifacts associated to the activity/activities that triggered a security detection.

The Evidence Artifacts object in turn has attributes which enable a security product to describe all the observables and activities associated with the detection. The description for each of these attributes is almost identical, following the pattern:

Describes details about the [whatever] associated to the activity that triggered the detection.

These attributes cover many things (files, processes, network endpoints, DNS queries, etc.) but don't cover registry keys and values. The registry is hugely important in the context of Windows detections because adversaries use the registry to implement many tactics including Defense Evasion, Persistence, Privilege Escalation, etc. Hence a lot of detection content is triggered by registry activity.

I propose to address this gap with a PR that will add the pre-existing reg_key and reg_value attributes to the Evidence Artifacts object.