ensure all conn.log entries are tagged "ics" for OT protocols

[mmguero]

We need to make sure that all conn.log entries get tagged with ics when an ICS protocol is detected.

This is maybe already supposed to be handled but I don't see it is being done in every case. I wonder if it's actually an issue in the parsers. Some of them seem to be setting the service correctly (bacnet, s7comm) but I don't think that all of them.

So here's what needs to happen:

• Go through all the ICSNPP parsers and make sure that when the protocol is detected, it sets the conn.log's service to the protocol name; if not, this will have to be submitted as a PR to that repository
• Check the logstash code (linked above in 11_lookups.conf) to set the ics value into the tags field
• Verify for all of the ICS protocols we support that the tag gets set for conn.log of that protocol

[mmguero]

I've made some tweaks made so far to make sure the service gets normalized correctly for conn.log and known_services.log. Also, still need to check:

• ethercat does't seem to get a conn.log service set correctly this apparently isn't an issue, as ethercat does not even have a UID or conn.log component
• need to standardize s7comm-plus vs. s7comm_plus in the network.protocol field across some of the logs standardized to s7comm-plus which is what comes out of the parser
• synchrophasor_tcp is showing up somewhere, we need to trim off the _tcp (I think we need to do the same thing for dpd.log that we're doing for conn.log and known_services.log for service cleanup) fixed

[mmguero]

From what I can see now, all appropriate conn.log entries are being tagged with ics as they should be.