Severity field in IDF

Severity is expected in IntelMQ for a long time and partially, it's
already used by e.g. ShadowServer reports. This implementation is
based on their understanding of the field, but with explicit
mentioning that operators could adjust it based on their knowledge.

This is not intended to be an ultimate severity classification,
but a help for first triage of recived events.

Close #2365

Author: kamil-certat

CHANGELOG.md

@@ -19,6 +19,9 @@
 
 ### Data Format
 
+- added `severity` field to help with triaging received events (PR# by Kamil Mańkowski).
+  To allow saving the field in PostgreSQL database in existing installations, the following schema update is necessary: `ALTER TABLE events ADD severity varchar(10);`.
+
 ### Bots
 #### Collectors
 - `intelmq.bots.collectors.shadowserver.collector_reports_api.py`:

intelmq/etc/harmonization.conf

@@ -362,6 +362,12 @@
         "tlp": {
             "description": "Traffic Light Protocol level of the event.",
             "type": "TLP"
+        },
+        "severity": {
+            "description": "Severity of the event, based on the information from the source, and eventually modified by IntelMQ during processing. Meaning of the levels may differ based on the event source.",
+            "type": "LowercaseString",
+            "regex": "^(critical|high|medium|low|info|undefined)$",
+            "length": 10
         }
     },
     "report": {