Update rules/windows/credential_access_kerberos_coerce.toml

Co-authored-by: Samirbous <[email protected]>

Author: w0rk3r

rules/windows/credential_access_kerberos_coerce.toml

@@ -16,7 +16,7 @@ privileged access such as NT AUTHORITY\\SYSTEM, without relying on NTLM fallback
 """
 from = "now-9m"
 index = ["logs-system.security*", "logs-windows.forwarded*", "winlogbeat-*"]
-language = "eql"
+language = "kuery"
 license = "Elastic License v2"
 name = "Potential Kerberos Coercion via DNS-Based SPN Spoofing"
 note = """## Triage and analysis