diff --git a/rules/windows/pipe_created/sysmon_alternate_powershell_hosts_pipe.yml b/rules/windows/pipe_created/sysmon_alternate_powershell_hosts_pipe.yml
index d36011ef3..e74a679e8 100644
--- a/rules/windows/pipe_created/sysmon_alternate_powershell_hosts_pipe.yml
+++ b/rules/windows/pipe_created/sysmon_alternate_powershell_hosts_pipe.yml
@@ -2,11 +2,11 @@ title: Alternate PowerShell Hosts Pipe
 id: 58cb02d5-78ce-4692-b3e1-dce850aae41a
 status: test
 description: Detects alternate PowerShell hosts potentially bypassing detections looking for powershell.exe
-author: Roberto Rodriguez @Cyb3rWard0g
+author: Roberto Rodriguez @Cyb3rWard0g, Tim Shelton
 references:
   - https://threathunterplaybook.com/notebooks/windows/02_execution/WIN-190815181010.html
 date: 2019/09/12
-modified: 2021/12/17
+modified: 2022/01/18
 logsource:
   product: windows
   category: pipe_created
@@ -19,6 +19,7 @@ detection:
       - '\powershell_ise.exe'
       - '\WINDOWS\System32\sdiagnhost.exe'
       - '\WINDOWS\System32\wsmprovhost.exe'
+      - '\Windows\system32\dsac.exe'
   filter2:
     Image: null
   condition: selection and not 1 of filter*