Change EventCategory::Unknown to Unspecified

[syncpark]

EventCategory is partially extracted and used from MITRE, and EventCategory::Unknown is a classification given to unconfirmed detection events.

Unspecified is a clearer expression than Unknown.

[msk]

I understand your point about Unspecified being a clearer expression, but I'm not sure if introducing a new enum variant that's not part of the MITRE ATT&CK Framework is the best approach. If we're aiming to conform to the framework, adding a non-standard variant could lead to confusion.

Have you considered making the EventCategory field an Option instead? This would allow us to represent unassigned or unknown categories in a more idiomatic Rust way (i.e., None). This approach would also avoid deviating from the MITRE framework. What are your thoughts on this?

[syncpark]

I agree with you.

After changing the category field to Option of all detected events, and in the Web UI, detection events with None category would be expressed as Unspecified.

However, this modification will takes some time. Maybe this can be included in the next product release.

@sehkone @sophie-cluml

What do you think about this?