Update and rename windows_process_file_path_in_programdata.yml to windows_process_execution_from_programdata.yml

Author: nasbench

detections/endpoint/windows_process_file_path_in_programdata.yml renamed to detections/endpoint/windows_process_execution_from_programdata.yml

@@ -1,4 +1,4 @@
-name: Windows Process File Path in ProgramData
+name: Windows Process Execution From ProgramData
 id: 237016fa-d8e6-47b4-80f9-70c4d42c72c0
 version: 1
 date: '2025-03-13'
@@ -13,12 +13,12 @@ data_source:
 search: '| tstats `security_content_summariesonly` count values(Processes.process_name)
   as process_name values(Processes.process) as process min(_time) as firstTime max(_time)
   as lastTime from datamodel=Endpoint.Processes 
-  where Processes.process_path = "*:\\programdata\\*"
+  where Processes.process_path = "*:\\ProgramData\\*"
   by Processes.parent_process_name Processes.parent_process Processes.process_path Processes.dest Processes.user 
   | `drop_dm_object_name(Processes)` 
   | `security_content_ctime(firstTime)` 
   | `security_content_ctime(lastTime)` 
-  | `windows_process_file_path_in_programdata_filter`'
+  | `windows_process_execution_from_programdata_filter`'
 how_to_implement: The detection is based on data that originates from Endpoint Detection
   and Response (EDR) agents. These agents are designed to provide security-related
   telemetry from the endpoints where the agent is installed. To implement this search,