Fix: SentinelOne smart descriptions (317)

[vg-svitla]

Closes 317

[github-actions]

Smart descriptions generated from the latest tests at 2024-12-10 15:37:33:

Test File	Smart Description
SentinelOne/cloud_funnel2.0/tests/commandscript.json	Script C:\Windows\System32\sdiagnhost.exe -Embedding executed by user john.doe from parent process C:\Windows\system32\svchost.exe -k DcomLaunch -p
SentinelOne/cloud_funnel2.0/tests/commandscript_2.json	Script powershell -executionpolicy bypass -file "c:\zabbix\scripts\sb.mssql.ps1" poller RUIWS01 executed by user Système from parent process cmd /C "powershell -executionpolicy bypass -file "c:\zabbix\scripts\sb.mssql.ps1" poller RUIWS01 "
SentinelOne/cloud_funnel2.0/tests/dns_dnsresolved.json	C:\Windows\System32\svchost.exe performed a DNS request for arc.msn.com
SentinelOne/cloud_funnel2.0/tests/dns_macos.json	/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/123.0.6312.123/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper performed a DNS request for gew4-spclient.spotify.com
SentinelOne/cloud_funnel2.0/tests/driver_driverload.json	C:\Windows\System32\ntoskrnl.exe loaded driver C:\Windows\System32\drivers\IndirectKmd.sys
SentinelOne/cloud_funnel2.0/tests/file_filecreation_noext.json	C:\Windows\System32\cmd.exe created file C:\Users\john.doe\Desktop\TEST FILE ARY_2
SentinelOne/cloud_funnel2.0/tests/file_filedeletion.json	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe deleted file C:\Users\john.doe\AppData\Local\Temp\4a453731-9113-4bb7-ac7f-e092dbe67a41.tmp
SentinelOne/cloud_funnel2.0/tests/file_filerename.json	C:\WindowsAzure\GuestAgent_2.7.41491.1075_2023-03-16_134252\WindowsAzureGuestAgent.exe renamed file C:\WindowsAzure\Logs\AggregateStatus\aggregatestatus_20230323132115270.json
SentinelOne/cloud_funnel2.0/tests/fileoldpath.json	File /new/new/file/path/path renamed on server aaaaaaaaa
SentinelOne/cloud_funnel2.0/tests/group_groupcreation.json	A new storyline group was created with PID 7400
SentinelOne/cloud_funnel2.0/tests/indicators_behavioralindicators.json	Code injection to other process memory space during the target process' initialization MITRE: Defense Evasion {<a href="https://attack.mitre.org/techniques/T1055/012/" target="_blank">T1055.012</a>}, Privilege Escalation {<a href="https://attack.mitre.org/techniques/T1055/012/" target="_blank">T1055.012</a>} was detected for C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
SentinelOne/cloud_funnel2.0/tests/ip_ipconnect.json	outbound connection from desktop-jdoe to 168.63.129.16
SentinelOne/cloud_funnel2.0/tests/ip_ipconnect_incoming.json	inbound connection from desktop-jdoe to 10.0.0.11
SentinelOne/cloud_funnel2.0/tests/ip_ipconnect_unsigned_process.json	outbound connection from desktop-jdoe to 127.0.0.1
SentinelOne/cloud_funnel2.0/tests/linux_logins_login.json	²jdoe logged on to linux-desktop-S1 from IP 83.167.43.106 (LogonType 10)
SentinelOne/cloud_funnel2.0/tests/linux_logins_logout.json	A user logged off from linux-desktop-S1
SentinelOne/cloud_funnel2.0/tests/linux_process_processcreation.json	Process ip -6 -a -o address was created by root
SentinelOne/cloud_funnel2.0/tests/logins_login_failure.json	-`USERfailed to log on todesktop-jdoefrom IP180.163.86.35(LogonType3`)
SentinelOne/cloud_funnel2.0/tests/logins_login_success.json	WORKGROUP`john.doelogged on todesktop-jdoe(LogonType7`)
SentinelOne/cloud_funnel2.0/tests/process_processcreation.json	Process C:\Windows\System32\RuntimeBroker.exe -Embedding was created by desktop-jdoe\john.doe
SentinelOne/cloud_funnel2.0/tests/process_processcreation_2.json	Process curl -H User-Agent: test.nvim v1.10.0 (+https://test.test/tttttttt/test.nvim) -fsSL -X GET -o /Users/test.user/.local/share/nvim/test/registries/github/test-org/test-registry/registry.json.zip --connect-timeout 30 https://test.test/test-org/test-registry/releases/download/2024-12-05-doting-coil/registry.json.zip was created by test.user
SentinelOne/cloud_funnel2.0/tests/registry_binary.json	Registry key MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-1124497873-2276302922-1472590183-500\\Device\HarddiskVolume4\Program Files (x86)\Microsoft\Edge\Application\msedge.exe modified by C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
SentinelOne/cloud_funnel2.0/tests/registry_keycreated.json	Registry key MACHINE\SYSTEM\ControlSet001\Control\WMI\Autologger\EventLog-Application\{9e3b8bee-15eb-444b-a692-bab4546644f2} created by C:\Windows\System32\wevtutil.exe
SentinelOne/cloud_funnel2.0/tests/registry_security.json	Registry key MACHINE\BCD00000000\Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\Elements\11000001 security changed by C:\Windows\System32\wbem\WmiPrvSE.exe with user NETWORK SERVICE
SentinelOne/cloud_funnel2.0/tests/registry_valuemodified.json	Registry key MACHINE\SYSTEM\ControlSet001\Services\W32Time\Config\LastKnownGoodTime modified by C:\Windows\System32\svchost.exe
SentinelOne/cloud_funnel2.0/tests/scheduledtask_taskregister.json	C:\Windows\System32\svchost.exe created a new scheduled task \Task John with user SYSTEM
SentinelOne/cloud_funnel2.0/tests/scheduledtask_taskstart.json	Scheduled task \Microsoft\Windows\Application Experience\PcaPatchDbTask started process C:\Windows\System32\svchost.exe with user SYSTEM
SentinelOne/cloud_funnel2.0/tests/url.json	C:\Windows\explorer.exe performed an HTTP request to https://assets.msn.com/weathermapdata/1/static/weather/Icons/taskbar_v3/Condition_Badge/D200PartlySunny.svg

[squioc]

LGTM