Update impact_stop_process_service_threshold.toml

Author: Samirbous

rules/windows/impact_stop_process_service_threshold.toml

@@ -2,7 +2,7 @@
 creation_date = "2020/12/03"
 integration = ["endpoint", "windows", "system"]
 maturity = "production"
-updated_date = "2025/03/20"
+updated_date = "2025/06/17"
 
 [rule]
 author = ["Elastic"]
@@ -74,7 +74,7 @@ type = "threshold"
 query = '''
 event.category:process and host.os.type:windows and event.type:start and process.name:(net.exe or sc.exe or taskkill.exe) and
  process.args:(stop or pause or delete or "/PID" or "/IM" or "/T" or "/F" or "/t" or "/f" or "/im" or "/pid") and
- not process.parent.name:osquerybeat.exe
+ not process.parent.name:(osquerybeat.exe or agentbeat.exe)
 '''