bitdefender: Support jsonRPC format messages in Bitdefender

[kcreddy]

The http_endpoint input limitation described in #10019 doesn't allow ingesting jsonRPC formatted events from BitDefender.

After 8.14 release, the input will be able to handle limited CEL program: #10019 (review) and thus should be able to ingest jsonRPC events as well.

Add support to ingest jsonRPC messages which is recommended format by BitDefender.

Sample event:

{
    "jsonrpc": "2.0",
    "method": "addEvents",
    "params": {
        "events": [
            {
                "companyId": "59a14b271da197c6108b4567",
                "computer_name": "FC-EXCHANGE-01",
                "computer_fqdn": "fc-exchange-01.fc.dom",
                "computer_ip": "192.168.0.1",
                "computer_id": "59b7d9bfa849af3a1465b7e4",
                "product_installed": "BEST",
                "aph_type": "phishing",
                "url": "http://example.com/account/support/",
                "status": "aph_blocked",
                "last_blocked": "2017-09-14T08:49:43.000Z",
                "count": 1,
                "module": "aph"
            }
        ]
    },
    "id": 1505378984190
}

Reference: https://www.bitdefender.com/business/support/en/77209-135325-push-event-json-rpc-messages.html

[elasticmachine]

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

[efd6]

Relevant filebeat change is here. Docs added here.

[kcreddy]

While working on the PR #10381, certain limitations of CEL program in HTTP Endpoint input is found. Currently, if the numeric values are deeply nested (like in BitDefender's jsonRPC case), they are not converted to native values and resulting in 400 bad request to the client.

There are quite a few fields containing numeric data in BitDefender push notifications in jsonRPC format (~40 fields).
These jsonRPC events can be only be handled after this issue is fixed in elastic/beats#40115.