diff --git a/rules/windows/sysmon/sysmon_office_persistence.yml b/rules/windows/sysmon/sysmon_office_persistence.yml
index 71db0b36c..813929a0f 100644
--- a/rules/windows/sysmon/sysmon_office_persistence.yml
+++ b/rules/windows/sysmon/sysmon_office_persistence.yml
@@ -26,7 +26,7 @@ detection:
     TargetFilename|endswith:
       - .xlam
       - .xla
-condition: selection and (wlldropped or xlldropped or generic)
+  condition: selection and (wlldropped or xlldropped or generic)
 falsepositives:
   - Legitimate add-ins
 level: high