Update HostExportingMailboxAndRemovingExport.yaml

Adding Event filter in that was missing

Hunting Queries/SecurityEvent/HostExportingMailboxAndRemovingExport.yaml

@@ -21,10 +21,12 @@ query: |
   // Adjust the timeframe to change the window events need to occur within to alert
   let timeframe = 1h;
   SecurityEvent
+  | where EventID == 4688
   | where Process in~ ("powershell.exe", "cmd.exe")
   | where CommandLine contains 'New-MailboxExportRequest'
   | summarize by Computer, timekey = bin(TimeGenerated, timeframe), CommandLine, SubjectUserName
   | join kind=inner (SecurityEvent
+  | where EventID == 4688
   | where Process in~ ("powershell.exe", "cmd.exe")
   | where CommandLine contains 'Remove-MailboxExportRequest'
   | summarize by Computer, timekey = bin(TimeGenerated, timeframe), CommandLine, SubjectUserName) on Computer, timekey, SubjectUserName