Fixing join order for efficiency

Hunting Queries/SecurityEvent/ProcessEntropy.txt

@@ -30,8 +30,8 @@ let AllSecEvents = SecurityEvent
 | where Process !in~ ("conhost.exe")
 | project Computer, Process;
 // Removing noisy process from full list
-let Include = AllSecEvents | join kind= anti (
-Exclude
+let Include = Exclude | join kind= rightanti (
+AllSecEvents
 ) on Process;
 // Identifying prevalence for a given process in the environment
 let DCwPC = Include