Revert "[Security Solution] Update ecs package to latest ecs definiti… (

elastic#168864)

Reverts elastic#168553

Seeing these errors when updating existing alerts as data mappings

```
[2023-10-13T11:06:44.254-04:00][ERROR][plugins.alerting] ResponseError: illegal_argument_exception
	Root causes:
		illegal_argument_exception: can't merge a non-nested mapping [faas.trigger] with a nested mapping
    at KibanaTransport.request (/Users/ying/Code/kibana_prs/node_modules/@elastic/transport/src/Transport.ts:535:17)
    at processTicksAndRejections (node:internal/process/task_queues:95:5)
```

Needs further investigation as ECS mappings should be backwards
compatible

packages/kbn-ecs/generated/base.ts

@@ -32,5 +32,5 @@ export interface EcsBase {
   /**
    * List of keywords used to tag each event.
    */
-  tags?: string | string[];
+  tags?: string[];
 }

packages/kbn-ecs/generated/client.ts

@@ -181,6 +181,6 @@ export interface EcsClient {
     /**
      * Array of user roles at the time of the event.
      */
-    roles?: string | string[];
+    roles?: string[];
   };
 }

packages/kbn-ecs/generated/container.ts

@@ -43,7 +43,7 @@ export interface EcsContainer {
       /**
        * An array of digests of the image the container was built on. Each digest consists of the hash algorithm and value in this format: `algorithm:value`. Algorithm names should align with the field names in the ECS hash field set.
        */
-      all?: string | string[];
+      all?: string[];
     };
 
     /**
@@ -53,7 +53,7 @@ export interface EcsContainer {
     /**
      * Container image tags.
      */
-    tag?: string | string[];
+    tag?: string[];
   };
 
   /**
@@ -91,10 +91,4 @@ export interface EcsContainer {
    * Runtime managing this container.
    */
   runtime?: string;
-  security_context?: {
-    /**
-     * Indicates whether the container is running in privileged mode.
-     */
-    privileged?: boolean;
-  };
 }

packages/kbn-ecs/generated/destination.ts

@@ -180,6 +180,6 @@ export interface EcsDestination {
     /**
      * Array of user roles at the time of the event.
      */
-    roles?: string | string[];
+    roles?: string[];
   };
 }

packages/kbn-ecs/generated/device.ts

@@ -12,7 +12,7 @@
  */
 export interface EcsDevice {
   /**
-   * The unique identifier of a device. The identifier must not change across application sessions but stay fixed for an instance of a (mobile) device.
+   * The unique identifier of a device. The identifier must not change across application sessions but stay fixex for an instance of a (mobile) device.
    * On iOS, this value must be equal to the vendor identifier (https://developer.apple.com/documentation/uikit/uidevice/1620059-identifierforvendor). On Android, this value must be equal to the Firebase Installation ID or a globally unique UUID which is persisted across sessions in your application.
    * For GDPR and data protection law reasons this identifier should not carry information that would allow to identify a user.
    */

packages/kbn-ecs/generated/dll.ts

@@ -117,49 +117,11 @@ export interface EcsDll {
      * Internal version of the file, provided at compile-time.
      */
     file_version?: string;
-    /**
-     * A hash of the Go language imports in a PE file excluding standard library imports. An import hash can be used to fingerprint binaries even after recompilation or other code-level transformations have occurred, which would change more traditional hash values.
-     * The algorithm used to calculate the Go symbol hash and a reference implementation are available [here](https://github.com/elastic/toutoumomoma).
-     */
-    go_import_hash?: string;
-    /**
-     * List of imported Go language element names and types.
-     */
-    go_imports?: Record<string, unknown>;
-    /**
-     * Shannon entropy calculation from the list of Go imports.
-     */
-    go_imports_names_entropy?: number;
-    /**
-     * Variance for Shannon entropy calculation from the list of Go imports.
-     */
-    go_imports_names_var_entropy?: number;
-    /**
-     * Set to true if the file is a Go executable that has had its symbols stripped or obfuscated and false if an unobfuscated Go executable.
-     */
-    go_stripped?: boolean;
     /**
      * A hash of the imports in a PE file. An imphash -- or import hash -- can be used to fingerprint binaries even after recompilation or other code-level transformations have occurred, which would change more traditional hash values.
      * Learn more at https://www.fireeye.com/blog/threat-research/2014/01/tracking-malware-import-hashing.html.
      */
     imphash?: string;
-    /**
-     * A hash of the imports in a PE file. An import hash can be used to fingerprint binaries even after recompilation or other code-level transformations have occurred, which would change more traditional hash values.
-     * This is a synonym for imphash.
-     */
-    import_hash?: string;
-    /**
-     * List of imported element names and types.
-     */
-    imports?: Record<string, unknown> | Array<Record<string, unknown>>;
-    /**
-     * Shannon entropy calculation from the list of imported element names and types.
-     */
-    imports_names_entropy?: number;
-    /**
-     * Variance for Shannon entropy calculation from the list of imported element names and types.
-     */
-    imports_names_var_entropy?: number;
     /**
      * Internal name of the file, provided at compile-time.
      */
@@ -173,10 +135,5 @@ export interface EcsDll {
      * Internal product name of the file, provided at compile-time.
      */
     product?: string;
-    /**
-     * An array containing an object for each section of the PE file.
-     * The keys that should be present in these objects are defined by sub-fields underneath `pe.sections.*`.
-     */
-    sections?: Record<string, unknown> | Array<Record<string, unknown>>;
   };
 }

packages/kbn-ecs/generated/dns.ts

@@ -16,11 +16,11 @@ export interface EcsDns {
    * The main keys that should be present in these objects are defined by ECS. Records that have more information may contain more keys than what ECS defines.
    * Not all DNS data sources give all details about DNS answers. At minimum, answer objects must contain the `data` key. If more information is available, map as much of it to ECS as possible, and add any additional fields to the answer objects as custom fields.
    */
-  answers?: Record<string, unknown> | Array<Record<string, unknown>>;
+  answers?: Array<Record<string, unknown>>;
   /**
    * Array of 2 letter DNS header flags.
    */
-  header_flags?: string | string[];
+  header_flags?: string[];
   /**
    * The DNS packet identifier assigned by the program that generated the query. The identifier is copied to the response.
    */
@@ -65,7 +65,7 @@ export interface EcsDns {
    * Array containing all IPs seen in `answers.data`.
    * The `answers` array can be difficult to use, because of the variety of data formats it can contain. Extracting all IP addresses seen in there to `dns.resolved_ip` makes it possible to index them as IP addresses, and makes them easier to visualize and query for.
    */
-  resolved_ip?: string | string[];
+  resolved_ip?: string[];
   /**
    * The DNS response code.
    */

packages/kbn-ecs/generated/ecs.ts

@@ -14,5 +14,5 @@ export interface EcsEcs {
    * ECS version this event conforms to. `ecs.version` is a required field and must exist in all events.
    * When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events.
    */
-  version: '8.10.0';
+  version: '8.6.1';
 }