diff --git a/rules/windows/driver_load/driver_load_susp_temp_use.yml b/rules/windows/driver_load/driver_load_susp_temp_use.yml
index 3bd13f623..0c5f94caf 100755
--- a/rules/windows/driver_load/driver_load_susp_temp_use.yml
+++ b/rules/windows/driver_load/driver_load_susp_temp_use.yml
@@ -6,16 +6,16 @@ author: Florian Roth
 date: 2017/02/12
 modified: 2021/11/27
 logsource:
-  category: driver_load
-  product: windows
+    category: driver_load
+    product: windows
 detection:
-  selection:
-    ImageLoaded|contains: '\Temp\'
-  condition: selection
+    selection:
+        ImageLoaded|contains: '\Temp\'
+    condition: selection
 falsepositives:
-  - There is a relevant set of false positives depending on applications in the environment
+    - There is a relevant set of false positives depending on applications in the environment
 level: high
 tags:
-  - attack.persistence
-  - attack.privilege_escalation
-  - attack.t1543.003
+    - attack.persistence
+    - attack.privilege_escalation
+    - attack.t1543.003