diff --git a/rules/windows/registry/registry_set/registry_set_mpnotify_persistence.yml b/rules/windows/registry/registry_set/registry_set_mpnotify_persistence.yml
index 2c7c41795..fc561f8d1 100644
--- a/rules/windows/registry/registry_set/registry_set_mpnotify_persistence.yml
+++ b/rules/windows/registry/registry_set/registry_set_mpnotify_persistence.yml
@@ -11,7 +11,7 @@ logsource:
     category: registry_set
     product: windows
 detection:
-    selection_root:
+    selection:
         EventType: SetValue
         TargetObject|contains: '\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\mpnotify'
     condition: selection