diff --git a/rules/windows/process_creation/win_susp_runscripthelper.yml b/rules/windows/process_creation/win_susp_runscripthelper.yml
index 68342e319..385091150 100644
--- a/rules/windows/process_creation/win_susp_runscripthelper.yml
+++ b/rules/windows/process_creation/win_susp_runscripthelper.yml
@@ -1,5 +1,5 @@
 title: Suspicious use of Runscripthelper.exe
-id: 06b401f4-107c-4ff9-947f-9ec1e7649f1e
+id: eca49c87-8a75-4f13-9c73-a5a29e845f03
 status: experimental
 description: Detects execution of powershell scripts via Runscripthelper.exe
 references: