[Rule Tuning] Access to Keychain Credentials Directories (#2101)

* rule tune to remove noisy FPs

rules/macos/credential_access_credentials_keychains.toml

@@ -1,7 +1,7 @@
 [metadata]
 creation_date = "2020/08/14"
 maturity = "production"
-updated_date = "2022/03/31"
+updated_date = "2022/07/13"
 
 [rule]
 author = ["Elastic"]
@@ -51,7 +51,13 @@ process where event.type in ("start", "process_started") and
                       "set-key-partition-list",
                       "import",
                       "find-identity") and
-    not process.parent.executable : "/Applications/OpenVPN Connect/OpenVPN Connect.app/Contents/MacOS/OpenVPN Connect"
+    not process.parent.executable :
+      (
+        "/Applications/OpenVPN Connect/OpenVPN Connect.app/Contents/MacOS/OpenVPN Connect",
+        "/Applications/Microsoft Defender.app/Contents/MacOS/wdavdaemon_enterprise.app/Contents/MacOS/wdavdaemon_enterprise",
+        "/opt/jc/bin/jumpcloud-agent"
+      ) and
+    not process.executable : "/opt/jc/bin/jumpcloud-agent"
 '''