diff --git a/rules/windows/file_change/file_change_win_2022_timestomping.yml b/rules/windows/file_change/file_change_win_2022_timestomping.yml
index c58e8af44..a8c501b61 100644
--- a/rules/windows/file_change/file_change_win_2022_timestomping.yml
+++ b/rules/windows/file_change/file_change_win_2022_timestomping.yml
@@ -13,9 +13,9 @@ logsource:
     product: windows
 detection:
     selection:
-        PreviousCreationUtcTime|startwith: 2022
+        PreviousCreationUtcTime|startswith: 2022
     filter:
-        CreationUtcTime|startwith: 2022
+        CreationUtcTime|startswith: 2022
     condition: selection and not filter
 falsepositives:
     - NTP change