Describe the bug

The correlation search Suspicious Process File Path is currently referring to a field that is not a part of the Endpoint datamodel, both in the SPL and the risk message.

The field Processes.process_path.file_path is not a part of the Endpoint.Processes spec, I assume Processes.process_path is the field the detection should utilize.

Expected behavior

The correct field should be used in order for the detection to function, and the risk message to display properly.

App Version:

• ESCU: [e.g. 3.51.0]

Additional context

Add any other context about the problem here.

thanks @DipsyTipsy here is the PR for that fix. #2551