[Rule Tuning] Abnormal Process ID or Lock File Created (#2113)

* [Rule Tuning] Abnormal Process ID or Lock File Created

* Update rules/linux/execution_abnormal_process_id_file_created.toml

* Update execution_abnormal_process_id_file_created.toml

Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>

rules/linux/execution_abnormal_process_id_file_created.toml

@@ -61,7 +61,17 @@ file where event.type == "creation" and user.id == "0" and
     "unattended-upgrades.lock",
     "unattended-upgrades.pid",
     "cmd.pid",
-    "cron*.pid"
+    "cron*.pid",
+    "yum.pid",
+    "netconfig.pid",
+    "docker.pid",
+    "atd.pid",
+    "lfd.pid",
+    "atop.pid",
+    "nginx.pid",
+    "dhclient.pid",
+    "smtpd.pid",
+    "stunnel.pid"
     )
 '''