Update defense_evasion_ml_suspicious_windows_event_high_probability.toml

Author: Samirbous

rules/integrations/problemchild/defense_evasion_ml_suspicious_windows_event_high_probability.toml

@@ -1,6 +1,6 @@
 [metadata]
 creation_date = "2023/10/16"
-integration = ["problemchild", "endpoint", "windows"]
+integration = ["problemchild", "endpoint"]
 maturity = "production"
 updated_date = "2025/12/17"
 
@@ -12,7 +12,7 @@ probability of it being malicious activity. Alternatively, the model's blocklist
 malicious.
 """
 from = "now-10m"
-index = ["logs-endpoint.events.process-*", "winlogbeat-*"]
+index = ["logs-endpoint.events.process-*"]
 language = "eql"
 license = "Elastic License v2"
 name = "Machine Learning Detected a Suspicious Windows Event with a High Malicious Probability Score"