Hello! I have a PowerShell script that executes an encoded command that spawns some lolbin, let's say ipconfig. This is realized in Elastic as PowerShell spawning PowerShell, spawning ipconfig. I have an ES|QL detection that finds suspicious parent child processes, and am trying to tune the behavior. Is there a way to gather grandparent process information, if it is not in the original document?