Firewall Profile Implementation

[adplotzk]

Firewall Profile Description of Changed:

1. Adding firewall.json in profiles
2. Adding firewall_rule.json in objects which extends the rule object for the firewall profile usecase.
3. Updating http.json in events/network to include the application of the firewall profile in to accommodate WAF events.
4. Updating disctionary.json to include new attributes from firewall.json profile and firewall_rule.json object, as well as adding additional disposition_id options to reflect possible firewall actions.

The following is an example AWS WAF log conforming to the firewall profile as applies to 4002.

{
    "activity_id": 1,
    "activity_name": "Get",
    "category_name": "Network Activity",
    "category_uid": 4,
    "class_name": "HTTP Activity",
    "class_uid": 4002,
    "type_name": "HTTP Activity: Get",
    "type_uid": 400503,
    "time": 1576280412771,
    "disposition": "Block",
    "disposition_id": "2",
    "time": 1576280412771,
    "metadata": {
        "product": {
            "name": "AWS WAF",
            "vendor_name": "AWS"
        },
        "feature": {
            "uid": "arn:aws:wafv2:ap-southeast-2:111122223333:regional/webacl/STMTest/1EXAMPLE-2ARN-3ARN-4ARN-123456EXAMPLE"
        },
        "log_version": "1",
        "profiles": [firewall],
        "version": "1.0.0-rc.3",
        "labels": [
            {
	            "name": "value"
            }
        ]
    },
    "src_endpoint": {
        "ip": "1.1.1.1",
        "location": {
            "country": "AU"
        }
    },
    "http_request": {
        "args": "",
        "version": "HTTP/1.1",
        "method": "GET",
        "uid": "rid",
        "user_agent": "curl/7.61.1",
        "url": {
            "hostname": "localhost:1989",
            "path": "/myUri",
            "url_string": "localhost:1989/myUri"
        },
        "headers": [
            {
	            "name": "Accept",
	            "value": "*/*"
            },
            {
	            "name": "x-stm-test",
	            "value": "10 AND 1=1"
            }
        ]
    },
    "rule": {
        "uid": "STMTest_SQLi_XSS",
        "type": "REGULAR",
        "condition": "SQL_INJECTION",
        "sensitivity": "HIGH",
        "location": "HEADER",
        "matched_data": [
            "10",
            "AND",
            "1"
        ]
    },
    "unmapped": {
        "httpSourceName": "APIGW",
        "httpSourcId": "-"
    }
}

[floydtree]

Specific comments inline.

General - as I mentioned in the closed PR -

I would also recommend to edit the PR description and highlight what exactly has been changed, added, removed etc. This would help in generating clearer & cleaner release notes.