diff --git a/rules/cloud/azure_kubernetes_events_deleted.yml b/rules/cloud/azure_kubernetes_events_deleted.yml
index 586761a02..68a160c40 100644
--- a/rules/cloud/azure_kubernetes_events_deleted.yml
+++ b/rules/cloud/azure_kubernetes_events_deleted.yml
@@ -18,7 +18,7 @@ level: medium
 tags:
     - attack.defense_evasion
     - attack.t1562
-	- attack.t1562.001
+    - attack.t1562.001
 falsepositives:
 - Events deletions may be done by a system or network administrator. Verify whether the username, hostname, and/or resource name should be making changes in your environment. Events deletions from unfamiliar users or hosts should be investigated. If known behavior is causing false positives, it can be exempted from the rule.