Parser/Sysmon missing MITRE attribution details for EventID 22

[CyberSecOps]

There's no technique_id, technique_name or phase_name attributed in Sysmon EventID 22.

[netevert]

In the current sysmonconfig.xml we only have exclusion rules for Sysmon EventID 22 defined at the moment; there is definitely scope to insert inclusion rules mapped to MITRE ATT&CK. Looping in @olafhartong for visibility.