diff --git a/rules/windows/sysmon/sysmon_apt_muddywater_dnstunnel.yml b/rules/windows/sysmon/sysmon_apt_muddywater_dnstunnel.yml
index 3cf7b3099..3bb4c1aae 100644
--- a/rules/windows/sysmon/sysmon_apt_muddywater_dnstunnel.yml
+++ b/rules/windows/sysmon/sysmon_apt_muddywater_dnstunnel.yml
@@ -21,7 +21,7 @@ detection:
             - '\excel.exe'
         CommandLine|contains:
             - 'DataExchange.dll'
-  condition: selection
+    condition: selection
 falsepositives:
     - Unkown
 level: critical