[windows] Defender - Process 1160 and 1015 events [Potentially Unwanted Application (PUA) Detected / Suspicious Behavior Detected]

[nicpenning]

This issue will track the progress of implementing further processing to ECS for the PUA/Sus detection in Windows Defender. This should be parsed similarly to malware detection/quarantine.

1160

Microsoft Defender Antivirus has detected potentially unwanted application(PUA).
 For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=PUABundler:Win32/FileZilla_BundleInstaller&threatid=311942&enterprise=1
    Name: PUABundler:Win32/FileZilla_BundleInstaller
    ID: 311942
    Severity: Severe
    Category: Potentially Unwanted Software
    Path: file:_C:\Users\WIN13373\Downloads\FileZilla_3.67.0_win64_sponsored2-setup (1).exe
    Detection Origin: Local machine
    Detection Type: Concrete
    Detection Source: Real-Time Protection
    User: YAMS\WIN13373
    Process Name: C:\Windows\explorer.exe
    Security intelligence Version: AV: 1.419.746.0, AS: 1.419.746.0, NIS: 1.419.746.0
    Engine Version: AM: 1.1.24080.9, NIS: 1.1.24080.9

1015

Microsoft Defender Antivirus has detected a suspicious behavior.
    Name: Behavior:Win32/ModifiedBootRecord
    ID: 3707404956
    Severity: Low
    Category: Suspicious Behavior
    Path Found: file:_C:\Program Files\Apps\rufus-4.6p.exe; process:_1500
    Detection Origin: Local machine
    Detection Type: Suspicious
    Detection Source: Real-Time Protection
    Status: Executing
    User: YAMS\WIN13373
    Process Name: C:\Program Files\Apps\rufus-4.6p.exe
    Security intelligence ID: 23858570787236
    Security intelligence Version: AV: 1.419.674.0, AS: 1.419.674.0
    Engine Version: 1.1.24080.9
    Fidelity Label:  Medium
    Target File Name:  

[elasticmachine]

Pinging @elastic/sec-windows-platform (Team:Security-Windows Platform)