rule-tuning: Elastic Agent service termination improve for detection

Author: alstolten

rules/cross-platform/defense_evasion_elastic_agent_service_terminated.toml

@@ -51,7 +51,7 @@ or
 /* service or systemctl used to stop Elastic Agent on Linux */
 (event.type == "end" and
   (process.name : ("systemctl", "service") and
-    process.args : "elastic-agent" and
+    process.args : ("elastic-agent", "elastic-agent.service") and
     process.args : ("stop", "disable"))
   or
   /* pkill , killall used to stop Elastic Agent on Linux */