diff --git a/rules/windows/process_creation/proc_creation_win_change_evtx_location.yml b/rules/windows/process_creation/proc_creation_win_change_evtx_location.yml
index d65944fb4..b21ea449c 100644
--- a/rules/windows/process_creation/proc_creation_win_change_evtx_location.yml
+++ b/rules/windows/process_creation/proc_creation_win_change_evtx_location.yml
@@ -1,7 +1,7 @@
-title: Process Creation Win Change Evtx Location
+title: Change Evtx Location Used Wevtutil
 id: e6b11ea9-919a-413a-92bd-0976b42bd3b8
 status: experimental
-description: Detects change location evtx used wecutil
+description: Detects change location evtx used wevtutil
 author: D3F7A5105
 date: 2023/01/03
 references:
@@ -21,8 +21,7 @@ detection:
             - /lfn
             - \.evtx
     filter_cmd:
-        CommandLine|contains:
-            - \Windows\System32\winevt\Logs
+        CommandLine|contains: \Windows\System32\winevt\Logs
     condition: selection_cmd and not filter_cmd
 falsepositives:
      - Admin activity