Add new tokenizer for path & commandline related fields

[itsnotapt]

I think it'd be worth adding a new tokenizer for paths that emulate the carbonblack queries. I feel like they have put a lot of thought in this schema and over time using CB I have come to appreciate it's strengths.

Snippet from their documentation here

"C:\Windows\system32\rundll32.exe" /d srrstr.dll,ExecuteScheduledSPPCreation

This is broken into the following tokens:

c:  
windows 
system32    
rundll32.exe    
.exe    
/d  
srrstr.dll  
.dll    
executescheduledsppcreation

Using this tokenizer makes searching paths and command line incredibly more efficient than all the prefix wildcards that are being used in sigma e.g. commandline:* -enc * would be just commandline:-enc.

[itsnotapt]

Oh, I just realise that Elasticsearch already has a path tokenizer we can use.

https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis-pathhierarchy-tokenizer.html

Supports efficient search of subpaths e.g. /temp/*.exe instead of */temp/*.exe