Fix 750

[aviv1ron1]

adds Machine ID to mappings in aql fields and
to stix: mapped to x-oca-asset hostname
from stix: mapped to x-oca-asset hostname
Closes #750

[delliott90]

@aviv1ron1 can you confirm that these changes will still work with just the Windows and Sysmon QRadar extensions, or will this introduce new QRadar requirements?

[aviv1ron1]

@delliott90 yes - this is aligned to the latest version of the IBM QRadar Custom Properties for Microsoft Windows version 1.1.7 which introduces the Machine ID property which maps the hostname.
As long as the QRadar has this content pack updated it will work.

[aviv1ron1]

@delliott90 but I see there are errors in some tests, let me fix those first.

[codecov]

Codecov Report

Merging #751 (36f1458) into develop (36af28a) will increase coverage by 0.03%.
The diff coverage is 88.88%.

@@             Coverage Diff             @@
##           develop     #751      +/-   ##
===========================================
+ Coverage    63.34%   63.38%   +0.03%     
===========================================
  Files          425      425              
  Lines        36868    36878      +10     
===========================================
+ Hits         23353    23374      +21     
+ Misses       13515    13504      -11     

Impacted Files	Coverage Δ
...tests/stix_translation/test_qradar_json_to_stix.py	69.62% <88.00%> (+2.22%)	⬆️
...ar_stix_to_aql/test_qradar_events_stix_to_query.py	94.13% <100.00%> (ø)
..._aql/test_qradar_perf_test_events_stix_to_query.py	94.38% <100.00%> (ø)

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 36af28a...36f1458. Read the comment docs.

[aviv1ron1]

@delliott90 This is ready for merging

[delliott90]

Looks good, I think I'll open a PR to update the QRadar readme to be explicit on what versions of the extensions are required.