[Rule Tuning] Remove New Wiz Defend Rule (Add Wiz Defend to External Alerts) (#5422)

Author: terrancedejesus

rules/promotions/external_alerts.toml

@@ -2,7 +2,7 @@
 creation_date = "2020/07/08"
 maturity = "production"
 promotion = true
-updated_date = "2025/03/21"
+updated_date = "2025/12/08"
 
 [rule]
 author = ["Elastic"]
@@ -40,7 +40,7 @@ timestamp_override = "event.ingested"
 type = "query"
 
 query = '''
-event.kind:alert and not event.module:(endgame or endpoint or cloud_defend)
+(event.kind:alert or data_stream.dataset:wiz.defend) and not event.module:(endgame or endpoint or cloud_defend)
 '''
 note = """## Triage and analysis