refactor: generic lsass access filter

rules/windows/process_access/win_susp_proc_access_lsass.yml

@@ -81,7 +81,13 @@ detection:
             - 'C:\Progra Files (x86)\'
         SourceImage|contains: 
             - 'Antivirus'
-    condition: selection and not filter1 and not filter2 and not filter3 and not filter4 and not filter5 and not filter6
+    # Generic Filter for 0x1410 filter (caused by so many programs like DropBox updates etc.)
+    filter_generic:
+        SourceImage|startswith: 
+            - 'C:\Program Files\'
+            - 'C:\Program Files (x86)\'
+        GrantedAccess: '0x1410'
+    condition: selection and not filter1 and not filter2 and not filter3 and not filter4 and not filter5 and not filter6 and filter_generic
 fields:
     - User
     - SourceImage