[Carbon Black Cloud] - Added support for more @timestamp formats

[ShourieG]

Type of change

• Bug

Proposed commit message

Added support for more timestamp formats. These patterns were decided after discussing with a customer on different date patterns they were encountering in realtime.

Checklist

• I have reviewed tips for building integrations and this pull request is aligned with them.
• I have verified that all data streams collect metrics or logs.
• I have added an entry to my package's changelog.yml file.
• I have verified that Kibana version constraints are current according to guidelines.

NOTE

Please ignore the older commit history, there's a local git history cleanup/rebase required (holding off atm). Only the last few commits matter.

Author's Checklist

• [ ]

How to test this PR locally

Related issues

• Relates Carbon Black Cloud - Fix timestamp value #9381,[Carbon Black Cloud] - Fix @timestamp value by changing source to device_timestamp #9380

Screenshots

Test Results

--- Test results for package: carbon_black_cloud - START ---
╭────────────────────┬─────────────────────────────┬───────────┬──────────────────────────────────────┬────────┬──────────────╮
│ PACKAGE            │ DATA STREAM                 │ TEST TYPE │ TEST NAME                            │ RESULT │ TIME ELAPSED │
├────────────────────┼─────────────────────────────┼───────────┼──────────────────────────────────────┼────────┼──────────────┤
│ carbon_black_cloud │ alert                       │ pipeline  │ test-alert.log                       │ PASS   │    5.53725ms │
│ carbon_black_cloud │ asset_vulnerability_summary │ pipeline  │ test-asset-vulnerability-summary.log │ PASS   │   3.936875ms │
│ carbon_black_cloud │ audit                       │ pipeline  │ test-audit.log                       │ PASS   │   2.873917ms │
│ carbon_black_cloud │ endpoint_event              │ pipeline  │ test-endpoint-event.log              │ PASS   │   9.628666ms │
│ carbon_black_cloud │ watchlist_hit               │ pipeline  │ test-watchlist-hit.log               │ PASS   │   7.502125ms │
╰────────────────────┴─────────────────────────────┴───────────┴──────────────────────────────────────┴────────┴──────────────╯
--- Test results for package: carbon_black_cloud - END   ---

[elasticmachine]

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

[elasticmachine]

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

[elasticmachine]

💚 Build Succeeded

• Buildkite Build
• Commit: 2a4e5db

cc @ShourieG

[elastic-sonarqube]

Quality Gate passed

Kudos, no new issues were introduced!

0 New issues
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

[efd6]

Please add an explanation to the commit message of why the relaxation is needed. The linked issues don't show that it's required.

[efd6]

Too late

[elasticmachine]

Package carbon_black_cloud - 1.21.3 containing this change is available at https://epr.elastic.co/search?package=carbon_black_cloud

[ShourieG]

@efd6 thanks for the input, I had automerge enabled so it was too late by the time I saw the comment. I've expanded the PR description stating why it was done.