diff --git a/rules/windows/builtin/win_root_certificate_installed.yml b/rules/windows/builtin/win_root_certificate_installed.yml
index 94a711265..3d44236f2 100644
--- a/rules/windows/builtin/win_root_certificate_installed.yml
+++ b/rules/windows/builtin/win_root_certificate_installed.yml
@@ -42,6 +42,7 @@ detection:
 ---
 action: repeat
 logsource:
+    category: process_creation
     product: windows
     service: security
 detection: