Changing selection criteria for compatability with Defender alerts

Hunting Queries/SecurityAlert/WebShellFileAlertEnrich.yaml

@@ -17,7 +17,7 @@ query: |
   let scriptExtensions = dynamic([".php", ".jsp", ".js", ".aspx", ".asmx", ".asax", ".cfm", ".shtml"]);  
   SecurityAlert  
   | where TimeGenerated > ago(timeWindow)  
-  | where DisplayName =~ "Possible web shell installation"  
+  | where ProviderName =~ "MDATP" 
   | extend alertData = parse_json(Entities)  
   | mvexpand alertData  
   // Get only the file type from the JSON, this gives us the file name