diff --git a/rules/windows/builtin/system/win_system_susp_eventlog_cleared.yml b/rules/windows/builtin/system/win_system_susp_eventlog_cleared.yml
index 480024135..dc23dc745 100644
--- a/rules/windows/builtin/system/win_system_susp_eventlog_cleared.yml
+++ b/rules/windows/builtin/system/win_system_susp_eventlog_cleared.yml
@@ -18,6 +18,7 @@ tags:
 logsource:
     product: windows
     service: system
+detection:
     selection:
         EventID: 104
         Provider_Name: Microsoft-Windows-Eventlog