diff --git a/rules/windows/registry_event/sysmon_taskcache_entry.yml b/rules/windows/registry_event/sysmon_taskcache_entry.yml
index 03465933f..a4b72df0d 100644
--- a/rules/windows/registry_event/sysmon_taskcache_entry.yml
+++ b/rules/windows/registry_event/sysmon_taskcache_entry.yml
@@ -6,6 +6,7 @@ tags:
   - attack.t1053
   - attack.t1053.005
 date: 2021/06/18
+modified: 2021/07/27
 references:
   - https://thedfirreport.com/2021/03/29/sodinokibi-aka-revil-ransomware/
 author: Syed Hasan (@syedhasan009)
@@ -17,5 +18,6 @@ logsource:
   product: windows
 detection:
   selection:
+    EventType: SetValue
     TargetObject|contains: 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\'
   condition: selection