diff --git a/rules/windows/builtin/win_alert_ad_user_backdoors.yml b/rules/windows/builtin/win_alert_ad_user_backdoors.yml
index d29647c13..9ce1e7e78 100644
--- a/rules/windows/builtin/win_alert_ad_user_backdoors.yml
+++ b/rules/windows/builtin/win_alert_ad_user_backdoors.yml
@@ -22,9 +22,7 @@ detection:
     filter_null:
         AllowedToDelegateTo: null
     filter1:
-        AllowedToDelegateTo: 
-            - null
-            - '-'
+        AllowedToDelegateTo: '-'
     selection2:
         EventID: 5136
         AttributeLDAPDisplayName: 'msDS-AllowedToDelegateTo'