diff --git a/rules/windows/builtin/msexchange/win_exchange_transportagent_failed.yml b/rules/windows/builtin/msexchange/win_exchange_transportagent_failed.yml
index 59d79fbce..5df724d89 100644
--- a/rules/windows/builtin/msexchange/win_exchange_transportagent_failed.yml
+++ b/rules/windows/builtin/msexchange/win_exchange_transportagent_failed.yml
@@ -17,8 +17,7 @@ logsource:
 detection:
     selection:
         EventID: 6 
-        Data|contains:
-            - 'Install-TransportAgent'
+        Data|contains: 'Install-TransportAgent'
     condition: selection
 fields:
     - AssemblyPath