diff --git a/rules/apt/apt_dragonfly.yml b/rules/apt/apt_dragonfly.yml
index e65945a23..c2d87afca 100644
--- a/rules/apt/apt_dragonfly.yml
+++ b/rules/apt/apt_dragonfly.yml
@@ -1,4 +1,4 @@
-
+---
 action: global
 title: CrackMapExecWin 
 description: Detects CrackMapExecWin Activity as Described by NCSC
@@ -7,9 +7,6 @@ references:
     - https://www.ncsc.gov.uk/alerts/hostile-state-actors-compromising-uk-organisations-focus-engineering-and-industrial-control 
 author: Markus Neis
 detection:
-    selection1:
-        CommandLine:
-            - '*\crackmapexec.exe'
     condition: 1 of them
 falsepositives: 
     - None 
@@ -22,9 +19,6 @@ logsource:
     description: 'Requirements: Audit Policy : Detailed Tracking > Audit Process creation, Group Policy : Administrative Templates\System\Audit Process Creation'
 detection:
     selection1:
-        # Requires group policy 'Audit Process Creation' > Include command line in process creation events
-        EventID: 4688
-    selection2:
         # Does not require group policy 'Audit Process Creation' > Include command line in process creation events
         EventID: 4688
         NewProcessName:
@@ -36,9 +30,6 @@ logsource:
     service: sysmon
 detection:
     selection1:
-        # Requires group policy 'Audit Process Creation' > Include command line in process creation events
-        EventID: 1
-    selection2:
         # Does not require group policy 'Audit Process Creation' > Include command line in process creation events
         EventID: 1
         Image: