diff --git a/rules/apt/apt_gallium.yml b/rules/apt/apt_gallium.yml
index cecab4cff..36cfffd1b 100644
--- a/rules/apt/apt_gallium.yml
+++ b/rules/apt/apt_gallium.yml
@@ -1,6 +1,6 @@
 action: global
 title: GALLIUM artefacts
-id: 166e9c50-8cd9-44af-815d-d1f0c0e90dde
+id: 440a56bf-7873-4439-940a-1c8a671073c2
 status: experimental
 description: Detects artefacts associated with activity group GALLIUM - Microsoft Threat Intelligence Center indicators released in December 2019.
 author: Tim Burrell
@@ -15,11 +15,10 @@ falsepositives:
 level: high
 ---
 logsource:
+    category: process_creation
     product: windows
-    service: sysmon
 detection:
     exec_selection:
-        EventID: 1
         Hashes:
             - '*53a44c2396d15c3a03723fa5e5db54cafd527635*'
             - '*9c5e496921e3bc882dc40694f1dcc3746a75db19*'