[M365 Defender] Change `event.type` of `AlertInfo`

[jvalente-salemstate]

A draft PR, #10091, for this is open.

The M365 Defender XDR Streaming API exposes several data tables which are ingested by the event data stream. This includes two tables, AlertInfo and AlertEvidence. The former contains very little information with only the timestamp and alert id being specific and individual alert. The AlertEvidence table includes all the information for the event, such as the source user/device, IP addresses, files, and so forth. When using these tables within M365 XDR, these tables can be joined using Kusto for a more complete view of an alert.

When m365_defender.event.category: "AdvancedHunting-AlertInfo" the integration's ingest pipeline for the event data stream sets event.type: indicator.

This does not introduce any major issues but it has the effect of including these events in the Threat Intelligence view. When this happens, there are no fields present within the view and attempting to view the indicator displays an error as seen in #9902 (note: this is for a different integration but has the same error). Changing the event type will resolve this.

[elasticmachine]

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)