Update cobalt-strike.md

"Can you please change to AlertInfo table in MTP, the DeviceAlertEvents table is MDATP one and going to be deprecated."

Credential Access/cobalt-strike.md

@@ -17,7 +17,7 @@ The following query identifies accounts that have logged on to compromised endpo
 
 ```Kusto
 // Check for specific alerts
-DeviceAlertEvents 
+AlertInfo
 // Attempts to clear security event logs.
 | where Title in("Event log was cleared", 
 // List alerts flagging attempts to delete backup files.