diff --git a/rules/linux/lnx_sudo_cve_2019_14287.yml b/rules/linux/lnx_sudo_cve_2019_14287.yml
index ff20897bb..d75d4d0f9 100644
--- a/rules/linux/lnx_sudo_cve_2019_14287.yml
+++ b/rules/linux/lnx_sudo_cve_2019_14287.yml
@@ -19,15 +19,11 @@ tags:
     - attack.privilege_escalation
     - attack.t1068
     - attack.t1169
----
-detection:
-    selection_keywords:
-        - '* -u#*'
-    condition: selection_keywords
---- 
 detection:
+    selection_keyword|contains:
+        - ' -u#'
     selection_user:
         USER:
             - '#-*'
             - '#*4294967295'
-    condition: selection_user
\ No newline at end of file
+    condition: selection_keywords or selection_user