Update multiple_alerts_email_elastic_defend_correlation.toml

Author: Samirbous

rules/cross-platform/multiple_alerts_email_elastic_defend_correlation.toml

@@ -31,7 +31,7 @@ timestamp_override = "event.ingested"
 type = "esql"
 
 query = '''
-from logs-endpoint.alerts-*, logs-checkpoint_email.event-default-* metadata _id
+from logs-endpoint.alerts-*, logs-checkpoint_email.event-* metadata _id
 // Email or Elastic Defend alerts where user name is populated
 | where
   (event.category == "email" and event.kind == "alert" and destination.user.name is not null) or