feat: support for CIM 6.1.0 (#907)

Adds update to CIM 6.1.0

Diff:
https://cd.splunkdev.com/EnterpriseSecurity/sa-commoninformationmodel/-/compare/release%2F6.0.2...release%2F6.1.0

Author: mbruzda-splunk

pytest_splunk_addon/CIM_Models/datamodel_definition.py

@@ -2399,4 +2399,5 @@
 # No fields changes between v6.0.0 and v6.0.2
 datamodels["6.0.1"] = datamodels["6.0.0"]
 datamodels["6.0.2"] = datamodels["6.0.0"]
-datamodels["latest"] = datamodels["6.0.2"]
+datamodels["6.1.0"] = datamodels["6.0.2"]
+datamodels["latest"] = datamodels["6.1.0"]

pytest_splunk_addon/data_models/Authentication.json

@@ -107,6 +107,16 @@
           "validity": "if(action in ['success', 'failure'], action, null())",
           "comment": "The human-readable message associated with the authentication action (success or failure)."
         },
+        {
+          "name": "reason_id",
+          "type": "optional",
+          "comment": "The reason why logon failed. For example \\'0xC0000234\\'."
+        },
+        {
+          "name": "process",
+          "type": "optional",
+          "comment": "Full path and the name of the executable for the process that attempted the logon. For example, it is a \\\"Process Name\\\" in Windows such as `C:\\\\Windows\\\\System32\\\\svchost.exe`."
+        },
         {
           "name": "src_user",
           "condition": "src_user=* tag=privileged",
@@ -118,6 +128,7 @@
           "type": "optional",
           "comment": "The account that manages the user that initiated the request. The account represents the organization, a Cloud customer, or a Cloud account."
         }
+
       ],
       "child_dataset": [
         {

pytest_splunk_addon/data_models/Endpoint.json

@@ -351,6 +351,11 @@
           "name": "vendor_product",
           "type": "required",
           "comment": "The vendor and product name of the Endpoint solution that reported the event, such as Carbon Black Cb Response. This field can be automatically populated by vendor and product fields in your data."
+        },
+        {
+          "name": "image",
+          "type": "optional",
+          "comment": "The binary file path or name that is tied to a process ID (PID) in events like process creation or termination."
         }
       ],
       "child_dataset": [],
@@ -469,6 +474,11 @@
           "name": "vendor_product",
           "type": "required",
           "comment": "The vendor and product name of the Endpoint solution that reported the event, such as Carbon Black Cb Response. This field can be automatically populated by vendor and product fields in your data."
+        },
+        {
+          "name": "image",
+          "type": "optional",
+          "comment": "The binary file path or name that is tied to a process ID (PID) in events like process creation or termination."
         }
       ],
       "child_dataset": [],

pytest_splunk_addon/data_models/Network_Traffic.json

@@ -198,7 +198,12 @@
         {
           "name": "rule",
           "type": "optional",
-          "comment": "The rule which defines the action that was taken in the network event. Note: This is a string value. Use rule_id for rule fields that are integer data types. The rule_id field is optional, so it is not included in the data model"
+          "comment": "The rule which defines the action that was taken in the network event. Note: This is a string value. Use rule_id for rule fields that are integer data types."
+        },
+        {
+          "name": "rule_id",
+          "type": "optional",
+          "comment": "The vendor-specific unique identifier of the rule. Examples: 0x00011f0000011f00, 0x00011f00-syn_flood."
         },
         {
           "name": "session_id",

pytest_splunk_addon/data_models/Updates.json

@@ -66,7 +66,8 @@
                     "available",
                     "installed",
                     "invalid",
-                    "restart required"
+                    "restart required",
+                    "failure"
                   ],
                 "comment":"Indicates the status of a given patch requirement." 
             },