diff --git a/rules/windows/builtin/security/win_susp_time_modification.yml b/rules/windows/builtin/security/win_susp_time_modification.yml
index ca2ce0525..cfb8b9f32 100644
--- a/rules/windows/builtin/security/win_susp_time_modification.yml
+++ b/rules/windows/builtin/security/win_susp_time_modification.yml
@@ -8,7 +8,7 @@ references:
   - Live environment caused by malware
   - https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4616
 date: 2019/02/05
-modified: 2022/04/06
+modified: 2022/08/03
 logsource:
   product: windows
   service: security
@@ -27,7 +27,7 @@ detection:
   condition: selection and not 1 of filter*
 falsepositives:
   - HyperV or other virtualization technologies with binary not listed in filter portion of detection
-level: medium
+level: low
 tags:
   - attack.defense_evasion
   - attack.t1070.006