refactor: first bigger log source refactoring

see discussion here: https://github.com/SigmaHQ/sigma/discussions/2835

tools/config/hawk.yml

@@ -8,7 +8,7 @@ logsources:
    conditions:
      vendor_type: 'Antivirus'
  apache:
-   product: apache
+   service: apache
    conditions:
      product_name: 
        - 'apache*'
@@ -41,13 +41,13 @@ logsources:
     vendor_name: "Microsoft"
     product_name: "Onelogin" 
  microsoft365:
-   category: ThreatManagement
+   service: threat_management
    service: Microsoft365
    conditions:
     vendor_name: "Microsoft"
     product_name: "365"
  m365:
-   category: ThreatManagement
+   service: threat_management
    service: m365
    conditions:
     vendor_name: "Microsoft"
@@ -218,22 +218,22 @@ logsources:
   conditions:
     vendor_name: "Zeek IDS"
  azure-signin:
-  service: azure.signinlogs
+  service: signinlogs
   conditions:
     vendor_name: "Microsoft"
     product_name: "Azure"
  azure-auditlogs:
-   service: azure.auditlogs
+   service: auditlogs
    conditions:
     vendor_name: "Microsoft"
     product_name: "Azure"
  azure-activitylogs:
-   service: azure.activitylogs
+   service: activitylogs
    conditions:
     vendor_name: "Microsoft"
     product_name: "Azure"
  azure-activity:
-   service: AzureActivity
+   service: azureactivity
    conditions:
     vendor_name: "Microsoft"
     product_name: "Azure"
@@ -382,7 +382,7 @@ logsources:
  qflow:
    product: qflow
  netflow:
-   product: netflow
+   service: netflow
  ipfix:
    product: ipfix
  flow: