diff --git a/rules/windows/builtin/win_rdp_reverse_tunnel.yml b/rules/windows/builtin/win_rdp_reverse_tunnel.yml
index ce26c94b1..97e89f9dd 100644
--- a/rules/windows/builtin/win_rdp_reverse_tunnel.yml
+++ b/rules/windows/builtin/win_rdp_reverse_tunnel.yml
@@ -18,13 +18,13 @@ detection:
     selection:
         EventID: 5156
     sourceRDP:
+        SourcePort: 3389
         DestinationAddress:
-            SourcePort: 3389
             - '127.*'
             - '::1'
     destinationRDP:
+        DesinationPort: 3389
         SourceAddress:
-            DesinationPort: 3389
             - '127.*'
             - '::1'
     condition: selection and ( sourceRDP or destinationRDP )