[Winlogbeat] Handle additional grok patterns in microsoft defender pipelines for file paths

[nfritts]

https://github.com/elastic/integrations/blob/a74f0bf780d1d4a39986bca9bf2f1de1ba04e4ec/packages/windows/data_stream/windows_defender/elasticsearch/ingest_pipeline/default.yml#L160-L164

The above needs to be updated. There are events (specifically event ID 1121 related to Exploit Guard) that instead of having an _ prefixing the path, have just the path with no prefix. IE: Path: C:\\Windows\\System32\\svchost.exe

[elasticmachine]

Pinging @elastic/sec-windows-platform (Team:Security-Windows Platform)