diff --git a/rules/linux/builtin/lnx_nimbuspwn_privilege_escalation_exploit.yml b/rules/linux/builtin/lnx_nimbuspwn_privilege_escalation_exploit.yml
index 0a901c795..afd77a0cf 100644
--- a/rules/linux/builtin/lnx_nimbuspwn_privilege_escalation_exploit.yml
+++ b/rules/linux/builtin/lnx_nimbuspwn_privilege_escalation_exploit.yml
@@ -10,11 +10,13 @@ date: 2022/05/04
 logsource:
   product: linux
 detection:
-  keywords|contains|all:
-    - networkd-dispatcher
+  selection_1:
+    - 'networkd-dispatcher'
+  selection_2:
     - 'Error handling notification for interface'
+  selection_3:
     - '../../'
-  condition: keywords
+  condition: all of selection_*
 falsepositives:
   - Unknown
 level: high