diff --git a/rules/windows/powershell/powershell_script/powershell_ps_suspicious_local_group_reco.yml b/rules/windows/powershell/powershell_script/powershell_ps_suspicious_local_group_reco.yml
index 2061fc008..80a725b09 100644
--- a/rules/windows/powershell/powershell_script/powershell_ps_suspicious_local_group_reco.yml
+++ b/rules/windows/powershell/powershell_script/powershell_ps_suspicious_local_group_reco.yml
@@ -21,7 +21,7 @@ detection:
         ScriptBlockText|contains|all:
             - 'Get-WMIObject'
             - 'Win32_Group'
-    condition:  1 of test_*
+    condition: 1 of test_*
 falsepositives:
     - unknown
 level: low