Update initial_access_react_server_rce_network_alerts.toml

Author: Samirbous

rules/network/initial_access_react_server_rce_network_alerts.toml

@@ -14,7 +14,7 @@ that exploit prototype chain traversal to access the Function constructor.
 """
 from = "now-9m"
 index = ["logs-panw.panos*", "logs-cisco_ftd.*", "logs-fortinet_fortigate.*", "logs-suricata.*"]
-language = "eql"
+language = "kuery"
 license = "Elastic License v2"
 name = "React2Shell Network Security Alert"
 note = """## Triage and analysis
@@ -70,7 +70,7 @@ tags = [
     "Resources: Investigation Guide",
 ]
 timestamp_override = "event.ingested"
-type = "eql"
+type = "query"
 
 query = '''
 (event.dataset:"cisco_ftd.log" and message:"SERVER-WEBAPP React Server Components remote code execution attempt") or