Increased test coverage for mapping corner cases

Makefile

@@ -52,6 +52,7 @@ test-sigmac:
 	coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t fieldlist rules/ > /dev/null
 	coverage run -a --include=$(COVSCOPE) tools/sigmac -t xpack-watcher -O output=plain -O es=es -O foobar rules/windows/builtin/win_susp_failed_logons_single_source.yml > /dev/null
 	coverage run -a --include=$(COVSCOPE) tools/sigmac -t es-qs -o $(TMPOUT) tests/collection_repeat.yml > /dev/null
+	coverage run -a --include=$(COVSCOPE) tools/sigmac -t kibana -c tests/config-multiple_mapping.yml -c tests/config-multiple_mapping-2.yml tests/mapping-conditional-multi.yml > /dev/null
 	! coverage run -a --include=$(COVSCOPE)  tools/sigmac -t xpack-watcher -O output=foobar -O es=es -O foobar rules/windows/builtin/win_susp_failed_logons_single_source.yml > /dev/null
 	! coverage run -a --include=$(COVSCOPE) tools/sigmac -t es-qs tests/not_existing.yml > /dev/null
 	! coverage run -a --include=$(COVSCOPE) tools/sigmac -t es-qs tests/invalid_yaml.yml > /dev/null

tests/config-multiple_mapping-2.yml

@@ -0,0 +1,4 @@
+fieldmappings:
+    event_id:
+        - event_id
+        - eventid

tests/config-multiple_mapping.yml

@@ -0,0 +1,4 @@
+fieldmappings:
+    EventID:
+        - event_id
+        - EventID

tests/mapping-conditional-multi.yml

@@ -0,0 +1,14 @@
+title: Contional mapping with multiple targets
+status: test
+description: Logpoint configuration causes conditional mapping with multiple results
+author: Thomas Patzke
+logsource:
+    product: windows
+    service: security
+detection:
+    selection:
+        EventID: 4624
+        SubjectAccountName: Test
+    condition: selection
+fields:
+    - EventID