diff --git a/atomics/T1654/T1654.yaml b/atomics/T1654/T1654.yaml
index 6d4165f7..df2e6d77 100644
--- a/atomics/T1654/T1654.yaml
+++ b/atomics/T1654/T1654.yaml
@@ -6,7 +6,7 @@ atomic_tests:
   description: |-
     Uses the built-in PowerShell commandlet Get-EventLog to search for 'SYSTEM' keyword and saves results to a text file.
 
-    This technique was observed in a (TheDFIRReport case)[https://thedfirreport.com/2023/04/03/malicious-iso-file-leads-to-domain-wide-ransomware/] 
+    This technique was observed in a [TheDFIRReport case](https://thedfirreport.com/2023/04/03/malicious-iso-file-leads-to-domain-wide-ransomware/) 
     where the threat actor enumerated the Windows Security audit log to determine user accounts and associated IPv4 addresses.
 
     Successful execution will save matching log events to the users temp folder.