[Lateral Movement Detection] Update files to add Serverless support to the package

[sodhikirti07]

What does this PR do?

This PR adds serverless support to the Lateral Movement Detection advanced analytics package.

Checklist

• I have reviewed tips for building integrations and this pull request is aligned with them.
• I have verified that all data streams collect metrics or logs.
• I have added an entry to my package's changelog.yml file.
• I have verified that Kibana version constraints are current according to guidelines.

Author's Checklist

• [ ]

How to test this PR locally

• Follow the steps to spin a Serverless project using elastic-package
• Make sure the format spec for manifest.yml is 3.0.0
• Test if all the assets i.e. pivot transform, anomaly detection jobs, detection rules and dashboard are getting installed successfully.

Screenshots

• Package Installation:
  

• Pivot transform is getting started:
  

• Destination index fields are mapped correctly:

• Anomaly detection jobs installed and started:
  

• Security rules are enabled:
  

• Dashboard is installed properly:
  

[elasticmachine]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Start Time: 2023-10-16T16:59:19.324+0000

• Duration: 15 min 47 sec

Test stats 🧪

Test	Results
Failed	0
Passed	1
Skipped	0
Total	1

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

[qn895]

Transform change LGTM 🎉

[ajosh0504]

Is this minimum Stack version compatible with Package Spec v3?

[sodhikirti07]

I checked with the serverless team and they confirm that we don't require a minimum Kibana version for serverless packages and they'll be based on spec versions. This condition is specifically kept for on-premise or stateful clusters.

[sodhikirti07]

/test

[ajosh0504]

For my own edification, what's this about?

[sodhikirti07]

The nested fields are separated during elastic-package format which results in the below error. So, as per v3 spec, we'll need to surround the nested fields in quotes.

Error: error running package asset tests: could not complete test run: can't install the package: can't install the package: could not zip-install package; API status code = 500; response body = {"statusCode":500,"error":"Internal Server Error","message":"x_content_parse_exception\n\tCaused by:\n\t\tx_content_parse_exception: [1:404] [data_frame_config_source] failed to parse field [query]\n\tRoot causes:\n\t\tparsing_exception: [term] query does not support [name]"}

[elasticmachine]

Package lmd - 2.1.0 containing this change is available at https://epr.elastic.co/search?package=lmd