windows: set host.os.type and host.os.family in forwarded events

[efd6]

What does this PR do?

Set host.os.type and host.os.family to windows in forwarded events.

Checklist

• I have reviewed tips for building integrations and this pull request is aligned with them.
• I have verified that all data streams collect metrics or logs.
• I have added an entry to my package's changelog.yml file.
• I have verified that Kibana version constraints are current according to guidelines.

Author's Checklist

• [ ]

How to test this PR locally

Related issues

• For [Windows] Adding host.os.type to forwarded events #6162

Screenshots

[elasticmachine]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Start Time: 2023-05-18T21:31:39.435+0000

• Duration: 16 min 33 sec

Test stats 🧪

Test	Results
Failed	0
Passed	129
Skipped	0
Total	129

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

[elasticmachine]

🌐 Coverage report

Name	Metrics % (covered/total)	Diff
Packages	100.0% (4/4)	💚
Files	87.5% (7/8)	👎 -12.5
Classes	87.5% (7/8)	👎 -12.5
Methods	83.696% (77/92)	👎 -16.304
Lines	92.813% (5153/5552)	👎 -5.805
Conditionals	100.0% (0/0)	💚

[elasticmachine]

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

[rdner]

1. Since both fields are basically hard-coded, why do we need them both?
2. Does this field exist for Linux and Mac too?

[efd6]

My understanding is that they are used in detection rules. Some rules will be based on family and some on name, it just happens that Windows was so good they named it twice.

Yes, these fields exist for other OSs, but they are not relevant here.

[ebeahan]

LGTM after the changelog entry is updated.