diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml
index 5fe97f01..67024abe 100644
--- a/atomics/Indexes/index.yaml
+++ b/atomics/Indexes/index.yaml
@@ -97261,8 +97261,8 @@ discovery:
       supported_platforms:
       - windows
       executor:
-        command: powershell -c "get-eventlog 'Security' | where {$_.Message -like
-          '*SYSTEM*'} | export-csv $env:temp\T1654_events.txt"
+        command: powershell -c {get-eventlog 'Security' | where {$_.Message -like
+          '*SYSTEM*'} | export-csv $env:temp\T1654_events.txt}
         cleanup_command: powershell -c "remove-item $env:temp\T1654_events.txt -ErrorAction
           Ignore"
         name: powershell
diff --git a/atomics/Indexes/windows-index.yaml b/atomics/Indexes/windows-index.yaml
index 78c50c6a..9ab6c8a2 100644
--- a/atomics/Indexes/windows-index.yaml
+++ b/atomics/Indexes/windows-index.yaml
@@ -79162,8 +79162,8 @@ discovery:
       supported_platforms:
       - windows
       executor:
-        command: powershell -c "get-eventlog 'Security' | where {$_.Message -like
-          '*SYSTEM*'} | export-csv $env:temp\T1654_events.txt"
+        command: powershell -c {get-eventlog 'Security' | where {$_.Message -like
+          '*SYSTEM*'} | export-csv $env:temp\T1654_events.txt}
         cleanup_command: powershell -c "remove-item $env:temp\T1654_events.txt -ErrorAction
           Ignore"
         name: powershell
diff --git a/atomics/T1654/T1654.md b/atomics/T1654/T1654.md
index e96f0e62..44a7cfab 100644
--- a/atomics/T1654/T1654.md
+++ b/atomics/T1654/T1654.md
@@ -35,7 +35,7 @@ Successful execution will save matching log events to the users temp folder.
 
 
 ```powershell
-powershell -c "get-eventlog 'Security' | where {$_.Message -like '*SYSTEM*'} | export-csv $env:temp\T1654_events.txt"
+powershell -c {get-eventlog 'Security' | where {$_.Message -like '*SYSTEM*'} | export-csv $env:temp\T1654_events.txt}
 ```
 
 #### Cleanup Commands: