diff --git a/rules/windows/process_creation/win_susp_odbcconf.yml b/rules/windows/process_creation/win_susp_odbcconf.yml
index a1765b851..49a206ca2 100644
--- a/rules/windows/process_creation/win_susp_odbcconf.yml
+++ b/rules/windows/process_creation/win_susp_odbcconf.yml
@@ -13,9 +13,9 @@ logsource:
     category: process_creation
     product: windows
 detection:
-  selection:
-    Image: '*\odbcconf.exe'
-    CommandLine: '* -f *.rsp'
+    selection:
+        Image: '*\odbcconf.exe'
+        CommandLine: '* -f *.rsp'
     condition: selection
 level: medium
 falsepositives: