diff --git a/rules/windows/process_creation/proc_creation_win_sharp_chisel_usage.yml b/rules/windows/process_creation/proc_creation_win_sharp_chisel_usage.yml
index 7d472e237..adce54a59 100644
--- a/rules/windows/process_creation/proc_creation_win_sharp_chisel_usage.yml
+++ b/rules/windows/process_creation/proc_creation_win_sharp_chisel_usage.yml
@@ -33,7 +33,7 @@ detection:
     #         - ' --reverse'
     #         - ' r:'
     #         - ':127.0.0.1:'
-    condition: 1 of selection
+    condition: 1 of selection*
 falsepositives:
     - Some false positives may occure with other tools with similar commandlines
 level: high