Adding json files to be included in stix shifter package. (#104)

Default field selection option is select_fields

MANIFEST.in

@@ -5,4 +5,10 @@ include *.md
 include LICENSE.txt
 
 # Include JSON files
+include stix_shifter/stix_translation/src/modules/aws_security_hub/json/*.json
+include stix_shifter/stix_translation/src/modules/bigfix/json/*.json
+include stix_shifter/stix_translation/src/modules/car/json/*.json
+include stix_shifter/stix_translation/src/modules/csa/json/*.json
+include stix_shifter/stix_translation/src/modules/dummy/json/*.json
 include stix_shifter/stix_translation/src/modules/qradar/json/*.json
+include stix_shifter/stix_translation/src/modules/splunk/json/*.json

stix_shifter/stix_translation/src/modules/splunk/stix_to_splunk.py

@@ -31,7 +31,7 @@ def transform_query(self, data, options, mapping=None):
         query_object = generate_query(data)
         data_mapper = options.get('data_mapper')
         mapping = options.get('mapping')
-        fields = options.get('fields')
+        fields = options.get('select_fields')
 
         if not data_mapper:
             data_mapper_module = cim_data_mapping

tests/stix_translation/test_splunk_stix_to_spl.py

@@ -159,7 +159,7 @@ def test_custom_mapping(self):
         options = {
             "timerange": timerange, 
             "result_limit": result_limit,
-            "mapping": { 
+            "mapping": {
                 "mac-addr": { 
                     "cim_type": "flow",
                     "fields": {
@@ -173,7 +173,7 @@ def test_custom_mapping(self):
                     }
                 }
             },
-            "fields": {
+            "select_fields": {
                 "default":
                     [
                         "src_ip",