High Number of Process and/or Service Terminations

event.category:process and host.os.type:windows and event.type:start and process.name:(net.exe or sc.exe or taskkill.exe) and
 process.args:(stop or pause or delete or "/PID" or "/IM" or "/T" or "/F" or "/t" or "/f" or "/im" or "/pid") and
 not process.parent.name:(osquerybeat.exe or agentbeat.exe)