diff --git a/rules/windows/process_creation/win_pc_cmd_delete.yml b/rules/windows/process_creation/win_pc_cmd_delete.yml
index b72c3a0f5..6b9cba57b 100644
--- a/rules/windows/process_creation/win_pc_cmd_delete.yml
+++ b/rules/windows/process_creation/win_pc_cmd_delete.yml
@@ -14,10 +14,10 @@ logsource:
     product: windows
 detection:
     selection:
-        - Image|contains|all:
+        - CommandLine|contains|all:
             - 'del '
             - /f
-        - Image|contains|all:    
+        - CommandLine|contains|all:    
             - rmdir
             - /s
             - /q 
@@ -27,4 +27,4 @@ falsepositives:
 level: low
 tags:
     - attack.defense_evasion
-    - attack.t1070.004
\ No newline at end of file
+    - attack.t1070.004