Fix process.name

Trend Micro/trend-micro-vision-one-oat/ingest/parser.yml

@@ -34,7 +34,7 @@ stages:
           host.os.version: "{{parsed_event.message.detail.osVer}}"
           host.os.full: "{{parsed_event.message.detail.osDescription}}"
 
-          process.name: "{{parsed_event.message.detail.processName or parsed_event.message.detail.ObjectName}}"
+          process.name: "{{parsed_event.message.detail.processName | basename or parsed_event.message.detail.ObjectName | basename}}"
           process.parent.pid: "{{parsed_event.message.detail.processPid}}"
           process.parent.user.name: "{{parsed_event.message.detail.processUser}}"
           process.parent.user.domain: "{{parsed_event.message.detail.processUserDomain}}"
@@ -44,7 +44,7 @@ stages:
           process.parent.hash.sha1: "{{parsed_event.message.detail.processFileHashSha1}}"
           process.parent.hash.sha256: "{{parsed_event.message.detail.processFileHashSha256}}"
           process.parent.hash.md5: "{{parsed_event.message.detail.processFileHashMd5}}"
-          process.parent.parent.name: "{{parsed_event.message.detail.parentName}}"
+          process.parent.parent.name: "{{parsed_event.message.detail.parentName | basename}}"
           process.parent.parent.executable: "{{parsed_event.message.detail.parentFilePath}}"
           process.parent.parent.command_line: "{{parsed_event.message.detail.parentCmd}}"
           process.parent.parent.pid: "{{parsed_event.message.detail.parentPid}}"

Trend Micro/trend-micro-vision-one-oat/tests/test_observed_attack_technique_1.json

@@ -37,7 +37,7 @@
     },
     "process": {
       "command_line": "C:\\Windows\\system32\\sppsvc.exe",
-      "name": "C:\\Windows\\System32\\services.exe",
+      "name": "services.exe",
       "parent": {
         "command_line": "C:\\Windows\\system32\\services.exe",
         "executable": "C:\\Windows\\System32\\services.exe",

Trend Micro/trend-micro-vision-one-oat/tests/test_observed_attack_technique_2.json

@@ -40,7 +40,7 @@
     },
     "process": {
       "command_line": "\"C:\\Windows\\system32\\klist.exe\"",
-      "name": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell_ise.exe",
+      "name": "powershell_ise.exe",
       "parent": {
         "command_line": "\"C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\PowerShell_ISE.exe\" ",
         "executable": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell_ise.exe",
@@ -57,7 +57,7 @@
             "sha1": "b1db7fd8ea0d2fb6ca854609c9ff7de5a822b316",
             "sha256": "4e5fe7cf2873f4e4157d6592154179f6efe0b200dbb72fbdca039e4e4c72d4ac"
           },
-          "name": "C:\\Windows\\explorer.exe",
+          "name": "explorer.exe",
           "pid": "9920",
           "start": "2024-11-26T16:35:53.785000Z",
           "user": {

Trend Micro/trend-micro-vision-one-oat/tests/test_observed_attack_technique_3.json

@@ -59,7 +59,7 @@
       "vendor": "TrendMicro"
     },
     "process": {
-      "name": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell_ise.exe",
+      "name": "powershell_ise.exe",
       "parent": {
         "command_line": "\"C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\PowerShell_ISE.exe\" ",
         "executable": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell_ise.exe",
@@ -76,7 +76,7 @@
             "sha1": "f021ca2dca81ee77aa80467096a804a26cd11364",
             "sha256": "f2e4604dfae18859b13a4efee601df6937e99dd96251c11205c30022b308868f"
           },
-          "name": "C:\\Windows\\explorer.exe",
+          "name": "explorer.exe",
           "pid": "9920",
           "start": "2024-11-26T16:35:53.785000Z",
           "user": {