[Rule Tuning] Change event.dataset to data_stream.dataset (#5943)

* [Rule Tuning] Change event.dataset to data_stream.dataset

* updating ESQL field names

rules/integrations/github/execution_github_app_deleted.toml

@@ -2,7 +2,7 @@
 creation_date = "2023/10/11"
 integration = ["github"]
 maturity = "production"
-updated_date = "2026/03/24"
+updated_date = "2026/04/10"
 
 [rule]
 author = ["Elastic"]
@@ -61,7 +61,7 @@ timestamp_override = "event.ingested"
 type = "eql"
 
 query = '''
-configuration where event.dataset == "github.audit" and github.category == "integration_installation" and event.type == "deletion"
+configuration where data_stream.dataset == "github.audit" and github.category == "integration_installation" and event.type == "deletion"
 '''